Sign upLogin

MasonM/avsh

View on GitHub
Star

Showing 22 of 22 total issues

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Method parser has 34 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def parser # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
      OptionParser.new do |opts|
        opts.banner = banner_usages + "\nOptions:"

        opts.on('-m', '--machine MACHINE', 'Target Vagrant machine(s).',
Severity: Minor
Found in lib/avsh/argument_parser.rb - About 1 hr to fix

    Method collect_folders_by_machine has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
    Open

        def collect_folders_by_machine
      if @machine_synced_folders.empty?
        { 'default' => default_synced_folders }
      else
        folders = @machine_synced_folders.map do |name, synced_folders|
    Severity: Minor
    Found in lib/avsh/parsed_config.rb - About 55 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Block has too many lines. [32/25]
    Open

          OptionParser.new do |opts|
        opts.banner = banner_usages + "\nOptions:"

        opts.on('-m', '--machine MACHINE', 'Target Vagrant machine(s).',
                'Can be specified as a plain string for a single machine, a',
    Severity: Minor
    Found in lib/avsh/argument_parser.rb by rubocop

    This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

    Method match_machines! has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
    Open

        def match_machines!(search_string)
      machines =
        if (pattern = search_string[%r{^/(.+?)/$}, 1])
          match_machines_by_regexp(pattern)
        elsif search_string.include? ','
    Severity: Minor
    Found in lib/avsh/parsed_config.rb - About 35 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method find has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
    Open

        def find(host_directory)
      start_directory = File.expand_path(@vagrant_cwd || host_directory)
      cur_directory = start_directory
      filenames = filenames_to_check
    Severity: Minor
    Found in lib/avsh/vagrantfile_finder.rb - About 35 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method merge_with_defaults has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
    Open

        def merge_with_defaults(synced_folders)
      default_synced_folders.tap do |merged|
        synced_folders.each do |guest_path, opts|
          if opts[:disabled]
            merged.delete(guest_path)
    Severity: Minor
    Found in lib/avsh/parsed_config.rb - About 35 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method match has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
    Open

        def match(host_directory, machine_search_string = nil)
      real_host_directory = File.expand_path(host_directory)
      synced_folders_by_machine = @vagrant_config.collect_folders_by_machine

      if machine_search_string
    Severity: Minor
    Found in lib/avsh/machine_guest_dir_matcher.rb - About 25 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method execute has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
    Open

        def execute(command, guest_directory = nil, interactive = true,
                user_ssh_options = '')
      if command.empty?
        # No command, so run a login shell
        command = 'exec $SHELL -l'
    Severity: Minor
    Found in lib/avsh/ssh_command_executor.rb - About 25 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Do not place comments on the same line as the def keyword.
    Open

          def self.method_missing(*) end # ignore everything else
    Severity: Minor
    Found in lib/avsh/vagrantfile_environment.rb by rubocop

    This cop checks for comments put on the same line as some keywords. These keywords are: begin, class, def, end, module.

    Note that some comments (such as :nodoc: and rubocop:disable) are allowed.

    Example:

    # bad
if condition
  statement
end # end if

# bad
class X # comment
  statement
end

# bad
def x; end # comment

# good
if condition
  statement
end

# good
class X # :nodoc:
  y
end

    When using method_missing, define respond_to_missing? and fall back on super. (https://github.com/bbatsov/ruby-style-guide#no-method-missing)
    Open

          def method_missing(*)
        DummyConfig
      end
    Severity: Minor
    Found in lib/avsh/vagrantfile_environment.rb by rubocop

    This cop checks for the presence of method_missing without also defining respond_to_missing? and falling back on super.

    Example:

    #bad
def method_missing(name, *args)
  # ...
end

#good
def respond_to_missing?(name, include_private)
  # ...
end

def method_missing(name, *args)
  # ...
  super
end

    Use %i or %I for an array of symbols. (https://github.com/bbatsov/ruby-style-guide#percent-i)
    Open

    task default: [:spec, :rubocop, :script]
    Severity: Minor
    Found in Rakefile by rubocop

    This cop can check for array literals made up of symbols that are not using the %i() syntax.

    Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

    Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

    Example: EnforcedStyle: percent (default)

    # good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

    Example: EnforcedStyle: brackets

    # good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

    When using method_missing, define respond_to_missing? and fall back on super. (https://github.com/bbatsov/ruby-style-guide#no-method-missing)
    Open

          def self.method_missing(*) end # ignore everything else
    Severity: Minor
    Found in lib/avsh/vagrantfile_environment.rb by rubocop

    This cop checks for the presence of method_missing without also defining respond_to_missing? and falling back on super.

    Example:

    #bad
def method_missing(name, *args)
  # ...
end

#good
def respond_to_missing?(name, include_private)
  # ...
end

def method_missing(name, *args)
  # ...
  super
end

    Favor format over String#%. (https://github.com/bbatsov/ruby-style-guide#sprintf)
    Open

      script = template % { avsh_version: Avsh::VERSION, avsh_libs: avsh_libs }
    Severity: Minor
    Found in Rakefile by rubocop

    This cop enforces the use of a single string formatting utility. Valid options include Kernel#format, Kernel#sprintf and String#%.

    The detection of String#% cannot be implemented in a reliable manner for all cases, so only two scenarios are considered - if the first argument is a string literal and if the second argument is an array literal.

    Example: EnforcedStyle: format(default)

    # bad
puts sprintf('%10s', 'hoge')
puts '%10s' % 'hoge'

# good
puts format('%10s', 'hoge')

    Example: EnforcedStyle: sprintf

    # bad
puts format('%10s', 'hoge')
puts '%10s' % 'hoge'

# good
puts sprintf('%10s', 'hoge')

    Example: EnforcedStyle: percent

    # bad
puts format('%10s', 'hoge')
puts sprintf('%10s', 'hoge')

# good
puts '%10s' % 'hoge'

    Use 0o for octal literals. (https://github.com/bbatsov/ruby-style-guide#numeric-literal-prefixes)
    Open

        file.chmod(0755)
    Severity: Minor
    Found in Rakefile by rubocop

    This cop checks for octal, hex, binary and decimal literals using uppercase prefixes and corrects them to lowercase prefix or no prefix (in case of decimals). eg. for octal use 0o instead of 0 or 0O.

    Can be configured to use 0 only for octal literals using EnforcedOctalStyle => zero_only

    %w-literals should be delimited by [ and ]. (https://github.com/bbatsov/ruby-style-guide#percent-literal-braces)
    Open

            %w(Vagrantfile vagrantfile)
    Severity: Minor
    Found in lib/avsh/vagrantfile_finder.rb by rubocop

    This cop enforces the consistent usage of %-literal delimiters.

    Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.

    Example:

    # Style/PercentLiteralDelimiters:
#   PreferredDelimiters:
#     default: '[]'
#     '%i':    '()'

# good
%w[alpha beta] + %i(gamma delta)

# bad
%W(alpha #{beta})

# bad
%I(alpha beta)

    When using method_missing, define respond_to_missing? and fall back on super. (https://github.com/bbatsov/ruby-style-guide#no-method-missing)
    Open

          def self.method_missing(*)
        DummyConfig
      end
    Severity: Minor
    Found in lib/avsh/vagrantfile_environment.rb by rubocop

    This cop checks for the presence of method_missing without also defining respond_to_missing? and falling back on super.

    Example:

    #bad
def method_missing(name, *args)
  # ...
end

#good
def respond_to_missing?(name, include_private)
  # ...
end

def method_missing(name, *args)
  # ...
  super
end

    Use a guard clause instead of wrapping the code inside a conditional expression. (https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals)
    Open

          unless @multiplex_manager.active?(@machine_name)
    Severity: Minor
    Found in lib/avsh/ssh_command_executor.rb by rubocop

    Use a guard clause instead of wrapping the code inside a conditional expression

    Example:

    # bad
def test
  if something
    work
  end
end

# good
def test
  return unless something
  work
end

# also good
def test
  work if something
end

# bad
if something
  raise 'exception'
else
  ok
end

# good
raise 'exception' if something
ok

    Use a guard clause instead of wrapping the code inside a conditional expression. (https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals)
    Open

          unless status.success?
    Severity: Minor
    Found in lib/avsh/ssh_multiplex_manager.rb by rubocop

    Use a guard clause instead of wrapping the code inside a conditional expression

    Example:

    # bad
def test
  if something
    work
  end
end

# good
def test
  return unless something
  work
end

# also good
def test
  work if something
end

# bad
if something
  raise 'exception'
else
  ok
end

# good
raise 'exception' if something
ok
    Severity
    Category
    Status
    Source
    Language