Sign upLogin

afimb/cvdtc

View on GitHub
Star

Showing 145 of 145 total issues

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Method validate_params_3 has 158 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.validate_params_3
    {
      stop_areas_area: [[-5.2, 42.25], [-5.2, 51.1], [8.23, 51.1], [8.23, 42.25], [-5.2, 42.25]],
      inter_stop_area_distance_min: 20,
      parent_stop_area_distance_max: 350,
Severity: Major
Found in app/services/parameters_service.rb - About 6 hrs to fix

    Class Job has 31 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class Job < ActiveRecord::Base
  belongs_to :user
  has_many :links, dependent: :destroy
  validates :name, presence: true
  validates :iev_action, presence: true
    Severity: Minor
    Found in app/models/job.rb - About 3 hrs to fix

      Method download_validation_report has a Cognitive Complexity of 21 (exceeds 5 allowed). Consider refactoring.
      Open

        def download_validation_report(default_view)
    result, datas, errors = send("#{default_view}_views")
    csv = []
    datas.each do |el|
      t = [el[:name], I18n.t("compliance_check_results.severities.#{el[:status]}"), el[:count_error], el[:count_warning]]
      Severity: Minor
      Found in app/models/job.rb - About 2 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Similar blocks of code found in 2 locations. Consider refactoring.
      Open

              params do
          requires :format, type: String, desc: 'Format', values: %w(gtfs neptune)
          requires :file, type: File, desc: 'File'
          requires :iev_action, type: String, desc: 'Action', values: %w(validate_job convert_job)
          optional :format_convert, type: String, desc: 'Format to convert', values: %w(convert_gtfs convert_neptune)
      Severity: Major
      Found in app/controllers/api/v1/job.rb and 1 other location - About 2 hrs to fix
      app/controllers/api/v1/job.rb on lines 144..156

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 92.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Similar blocks of code found in 2 locations. Consider refactoring.
      Open

              params do
          requires :format, type: String, desc: 'Format', values: %w(gtfs neptune)
          requires :url, type: String, desc: 'URL'
          requires :iev_action, type: String, desc: 'Action', values: %w(validate_job convert_job)
          optional :format_convert, type: String, desc: 'Format to convert', values: %w(convert_gtfs convert_neptune)
      Severity: Major
      Found in app/controllers/api/v1/job.rb and 1 other location - About 2 hrs to fix
      app/controllers/api/v1/job.rb on lines 181..193

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 92.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      File job.rb has 251 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class JobFormatValidator < ActiveModel::Validator
  def validate(record)
    if record.format_convert
      if record.format_convert.end_with?(record.format)
        record.errors[:format_convert] << I18n.t('activerecord.errors.messages.invalid_format_convert')
      Severity: Minor
      Found in app/models/job.rb - About 2 hrs to fix

        Cyclomatic complexity for perform is too high. [7/6]
        Open

          def perform(*args)
    args = args.reduce
    @job = Job.find_pending(args[:id]).first
    unless @job
      retry_job(wait: 10.seconds) if Job.where(id: args[:id]).any?
        Severity: Minor
        Found in app/jobs/ievkit_job.rb by rubocop

        This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.

        An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.

        Cyclomatic complexity for download_validation_report is too high. [7/6]
        Open

          def download_validation_report(default_view)
    result, datas, errors = send("#{default_view}_views")
    csv = []
    datas.each do |el|
      t = [el[:name], I18n.t("compliance_check_results.severities.#{el[:status]}"), el[:count_error], el[:count_warning]]
        Severity: Minor
        Found in app/models/job.rb by rubocop

        This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.

        An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.

        Method perform has 36 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def perform(*args)
    args = args.reduce
    @job = Job.find_pending(args[:id]).first
    unless @job
      retry_job(wait: 10.seconds) if Job.where(id: args[:id]).any?
        Severity: Minor
        Found in app/jobs/ievkit_job.rb - About 1 hr to fix

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

                line: {
        objectid: {
          unique: 0,
          pattern: 0,
          min_size: '',
          Severity: Major
          Found in app/services/parameters_service.rb and 1 other location - About 1 hr to fix
          app/services/parameters_service.rb on lines 341..372

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 51.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

                access_point: {
        objectid: {
          unique: 0,
          pattern: 0,
          min_size: '',
          Severity: Major
          Found in app/services/parameters_service.rb and 1 other location - About 1 hr to fix
          app/services/parameters_service.rb on lines 445..476

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 51.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Method perform has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
          Open

            def perform(*args)
    args = args.reduce
    @job = Job.find_pending(args[:id]).first
    unless @job
      retry_job(wait: 10.seconds) if Job.where(id: args[:id]).any?
          Severity: Minor
          Found in app/jobs/ievkit_job.rb - About 1 hr to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Severity
          Category
          Status
          Source
          Language