Showing 509 of 509 total issues
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.0.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Assignment Branch Condition size for heat_index is too high. [43.1/15] Open
def heat_index
t = temperature.convert_to(heat_index_scale).scalar
r = relative_humidity_percent
hi = hi_c1 + hi_c2*t + hi_c3*r + hi_c4*t*r + hi_c5*t**2 + hi_c6*r**2 + hi_c7*r*t**2 + hi_c8*t*r**2 + hi_c9*(t*r)**2
return Unit.new(hi, heat_index_scale).convert_to(temperature)- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Class Logger has 22 methods (exceeds 20 allowed). Consider refactoring. Open
class Logger < ::Logger
autoload :Formatter, File.join('thermostat', 'logger', 'formatter')
module SubsystemMethod has too many lines. [14/10] Open
def add(severity, subsystem, message=nil)
severity = lookup_severity(severity)
subsystem = lookup_subsystem(subsystem)
if @logdev.nil? or (severity < @level and subsystem < @subsystem)
return true- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [13/10] Open
def unitify_temp(t)
if t.class == RubyUnits::Unit
# Can't use #is_a? here becuase RubyUnits::Unit are (confusingly) Numeric
# https://github.com/olbrich/ruby-units/issues/144
return t- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for initialize is too high. [17.2/15] Open
def initialize(**args)
init_args(args).each_pair do |name,component|
raise ArgumentError.new("Zone must be initialized with a #{name}") if component.nil?
end
self.config = args[:config] || thermostat.default_config- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Cyclomatic complexity for add is too high. [7/6] Open
def add(severity, subsystem, message=nil)
severity = lookup_severity(severity)
subsystem = lookup_subsystem(subsystem)
if @logdev.nil? or (severity < @level and subsystem < @subsystem)
return true- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Perceived complexity for add is too high. [8/7] Open
def add(severity, subsystem, message=nil)
severity = lookup_severity(severity)
subsystem = lookup_subsystem(subsystem)
if @logdev.nil? or (severity < @level and subsystem < @subsystem)
return true- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when nodes as something that doesn't add as much
complexity as an if or a &&. Except if it's one of those special
case/when constructs where there's no expression after case. Then
the cop treats it as an if/elsif/elsif... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity pointsruby-ffi DDL loading issue on Windows OS Open
ffi (1.9.14)- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
Method set_point= has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def set_point=(s)
unless s.nil?
raise InvalidSetpoint, "Set point (#{s}) should be a Unit or nil" unless s.is_a?(Numeric)
if s < min_set_point || s > max_set_point
raise InvalidSetpoint, "Set point (#{s}) should be between #{min_set_point} and #{max_set_point}"- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method call has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def call(severity, subsystem, time, progname, msg)Method add has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def add(severity, subsystem, message=nil)
severity = lookup_severity(severity)
subsystem = lookup_subsystem(subsystem)
if @logdev.nil? or (severity < @level and subsystem < @subsystem)
return true- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def initialize(*args)
opts = args.last.is_a?(Hash) ? args.pop : Hash.new
super
members.each do |k|
next if self.send(k)- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method unitify_temp has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def unitify_temp(t)
if t.class == RubyUnits::Unit
# Can't use #is_a? here becuase RubyUnits::Unit are (confusingly) Numeric
# https://github.com/olbrich/ruby-units/issues/144
return t- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"