Sign upLogin

ServiceInnovationLab/RapuTure

View on GitHub
Star

Showing 208 of 212 total issues

Color literals like #fff should only be used in variable declarations; they should be referred to via variable everywhere else.
Open

  background-color: #fff;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Rename has_formula? to formula?.
Open

  def has_formula?
Severity: Minor
Found in app/models/variable.rb by rubocop

This cop makes sure that predicates are named properly.

Example:

# bad
def is_even?(value)
end

# good
def even?(value)
end

# bad
def has_value?
end

# good
def value?
end

Use each_value instead of each.
Open

        variable.spec['formulas'].each do |_d, formula|
Severity: Minor
Found in app/services/variables_fetch_service.rb by rubocop

This cop checks for uses of each_key and each_value Hash methods.

Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.

Example:

# bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }

# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }

Properties should be ordered background-color, font-size, padding
Open

  padding: 10px;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Avoid using id selectors
Open

#error_explanation {
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

0.1875 should be written without a leading zero as .1875
Open

$border-radius: 0.1875rem;
Severity: Minor
Found in app/assets/stylesheets/variables.scss by scss-lint

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.2.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Use each_key instead of keys.each.
Open

    json_response.keys.each do |name|
Severity: Minor
Found in app/services/entities_fetch_service.rb by rubocop

This cop checks for uses of each_key and each_value Hash methods.

Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.

Example:

# bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }

# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }

0.5 should be written without a leading zero as .5
Open

  padding: 0.2rem 0.5rem;
Severity: Minor
Found in app/assets/stylesheets/badges.scss by scss-lint

Color literals like #333 should only be used in variable declarations; they should be referred to via variable everywhere else.
Open

  color: #333;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Color literals like #fff should only be used in variable declarations; they should be referred to via variable everywhere else.
Open

    color: #fff;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Color red should be written in hexadecimal form as #ff0000
Open

  background-color: red;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Color literals like red should only be used in variable declarations; they should be referred to via variable everywhere else.
Open

  border: 2px solid red;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

Prefer using YAML.safe_load over YAML.load.
Open

      scenarios_list = YAML.load(File.read(filename))
Severity: Minor
Found in app/services/scenarios_fetch_service.rb by rubocop

This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Example:

# bad
YAML.load("--- foo")

# good
YAML.safe_load("--- foo")
YAML.dump("foo")

0.125 should be written without a leading zero as .125
Open

  box-shadow: 0 0.125rem 0.3125rem rgba(darken($grey, 10%), 0.8);
Severity: Minor
Found in app/assets/stylesheets/cards.scss by scss-lint

0.3125 should be written without a leading zero as .3125
Open

  margin-right: 0.3125rem;
Severity: Minor
Found in app/assets/stylesheets/filters.scss by scss-lint

Color green should be written in hexadecimal form as #008000
Open

  color: green;
Severity: Minor
Found in app/assets/stylesheets/scaffolds.scss by scss-lint

0.9 should be written without a leading zero as .9
Open

  box-shadow: 0 0.125rem 0.3125rem rgba(darken($grey, 10%), 0.9);
Severity: Minor
Found in app/assets/stylesheets/sections.scss by scss-lint

Potential XSS vulnerability in Action View
Open

    actionview (5.2.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Severity
Category
Status
Source
Language