Showing 114 of 114 total issues
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Prototype pollution attack through jQuery $.extend Open
jquery-rails (4.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
HTTP Response Splitting vulnerability in puma Open
puma (3.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Improper Restriction of Excessive Authentication Attempts in Sorcery Open
sorcery (0.9.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11052
Criticality: High
URL: https://github.com/Sorcery/sorcery/security/advisories/GHSA-jc8m-cxhj-668x
Solution: upgrade to >= 0.15.0
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Class CaseFilePresenter
has 33 methods (exceeds 20 allowed). Consider refactoring. Open
class CaseFilePresenter
include ActionView::Helpers::NumberHelper
include ActionView::Helpers::TextHelper
Function sort
has 53 lines of code (exceeds 25 allowed). Consider refactoring. Open
sort: function(th, direction) {
var start = new Date(),
self = this,
table = this.$table,
//body = table.find('tbody').length > 0 ? table.find('tbody') : table,
Method 'sort' has a complexity of 8. Open
sort: function(th, direction) {
- Read upRead up
- Exclude checks
Limit Cyclomatic Complexity (complexity)
Cyclomatic complexity measures the number of linearly independent paths through a program's source code. This rule allows setting a cyclomatic complexity threshold.
function a(x) {
if (true) {
return x; // 1st path
} else if (false) {
return x+1; // 2nd path
} else {
return 4; // 3rd path
}
}
Rule Details
This rule is aimed at reducing code complexity by capping the amount of cyclomatic complexity allowed in a program. As such, it will warn when the cyclomatic complexity crosses the configured threshold (default is 20
).
Examples of incorrect code for a maximum of 2:
/*eslint complexity: ["error", 2]*/
function a(x) {
if (true) {
return x;
} else if (false) {
return x+1;
} else {
return 4; // 3rd path
}
}
Examples of correct code for a maximum of 2:
/*eslint complexity: ["error", 2]*/
function a(x) {
if (true) {
return x;
} else {
return 4;
}
}
Options
Optionally, you may specify a max
object property:
"complexity": ["error", 2]
is equivalent to
"complexity": ["error", { "max": 2 }]
Deprecated: the object property maximum
is deprecated. Please use the property max
instead.
When Not To Use It
If you can't determine an appropriate complexity limit for your code, then it's best to disable this rule.
Further Reading
Related Rules
- [max-depth](max-depth.md)
- [max-len](max-len.md)
- [max-nested-callbacks](max-nested-callbacks.md)
- [max-params](max-params.md)
- [max-statements](max-statements.md) Source: http://eslint.org/docs/rules/
Unsafe Query Generation Risk in Active Record Open
activerecord (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6317
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
Solution: upgrade to >= 4.2.7.1