Showing 315 of 317 total issues
Class CrudController
has 21 methods (exceeds 20 allowed). Consider refactoring. Open
class CrudController < Apicasso::ApplicationController
before_action :set_root_resource, except: %i[ql batch_create batch_update]
before_action :set_object, except: %i[index create schema ql batch_create batch_update]
before_action :set_nested_resource, only: %i[nested_index]
before_action :set_records, only: %i[index nested_index]
- Create a ticketCreate a ticket
Complex method Apicasso::ApidocsController::operation#options (38.4) Open
operation :options do
key :description, I18n.t("activerecord.models.#{inner_name.underscore}.schema.description",
default: "#{inner_name} metadata information.")
key :operationId, "schema#{inner_name.pluralize}"
key :produces, ['application/json']
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Assignment Branch Condition size for index_json is too high. [16.03/15] Open
def index_json
if params[:group].present?
@records.group(params[:group][:by].split(','))
.send(:calculate,
params[:group][:calculate],
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method parsed_include
has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring. Open
def parsed_include(opts = nil)
params[:include]&.split(',')&.map do |param|
next unless @object.respond_to?(param)
if opts == :method
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Block has too many lines. [40/25] Open
swagger_root do
MODELS_EXCLUDED = [
'ApplicationRecord',
'ActiveRecord::SchemaMigration',
'Apicasso::ApplicationRecord',
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [39/25] Open
SWAGGERED_CLASSES.each do |klass|
next if MODELS_EXCLUDED.include?(klass.name) || klass.abstract_class
swagger_schema klass.name.to_sym do
key :required, klass.presence_validators if klass.presence_validators?
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Complex method Apicasso::BatchController#batch_update (33.9) Open
def batch_update
params[:batch]&.to_unsafe_h&.each do |batch_resource, objects|
objects = Array.wrap(objects).select { |object| object['id'].present? }
batch_resource = batch_resource.to_s
batch_module = batch_resource.underscore.singularize.to_sym
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method Apicasso::ApidocsController::operation(options)::response#200 (33.0) Open
response 200 do
key :description, I18n.t("activerecord.models.#{inner_name.underscore}.schema.response",
default: "#{inner_name} metadata as a json with field names as keys and field types as values.")
schema do
key :'$ref', "#{inner_name}".to_sym
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method Apicasso::CrudController#set_records (29.5) Open
def set_records
authorize! :read, resource.name.underscore.to_sym
@records = request_collection.ransack(parsed_query).result(distinct: true)
@object = request_collection.new
key_scope_records
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Block has too many lines. [32/25] Open
operation :patch do
key :description, I18n.t("activerecord.models.#{model.name.underscore}.update.response",
default: "Updates a #{model.name}")
key :operationId, "edit#{model.name}"
key :produces, ['application/json']
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Complex method Apicasso::BatchController#ql (26.3) Open
def ql
returns = params[:batch].to_unsafe_h.map do |batch_resource, query|
batch_resource = batch_resource.to_s
batch_module = batch_resource.underscore
resource = batch_resource.classify.constantize
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Apicasso::BatchController#batch_update has approx 12 statements Open
def batch_update
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
Apicasso::CrudController has at least 21 methods Open
class CrudController < Apicasso::ApplicationController
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Too Many Methods
is a special case of LargeClass
.
Example
Given this configuration
TooManyMethods:
max_methods: 3
and this code:
class TooManyMethods
def one; end
def two; end
def three; end
def four; end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:TooManyMethods has at least 4 methods (TooManyMethods)
Apicasso::Ability#build_permissions has approx 9 statements Open
def build_permissions(opts = {})
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Circumvention of file size limits in ActiveStorage Open
activestorage (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8162
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Possible code injection vulnerability in Rails / Active Storage Open
activestorage (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-21831
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3
SqlSecurity#safe_parameter? has approx 6 statements Open
def safe_parameter?(klass, name, value)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1