Sign upLogin

cortex-cms/cortex

View on GitHub
Star

Showing 132 of 132 total issues

Unused method argument - options. If it's necessary, use _ or _options as an argument name to indicate that it won't be used. You can also write as as_indexed_json(*) if you want the method to accept any arguments but don't care about them.
Open

      def as_indexed_json(options = {})
Severity: Minor
Found in app/models/concerns/cortex/searchable_content_item.rb by rubocop

This cop checks for unused method arguments.

Example:

# bad

def some_method(used, unused, _unused_but_allowed)
  puts used
end

Example:

# good

def some_method(used, _unused, _unused_but_allowed)
  puts used
end

File Content Disclosure in Action View
Open

    actionview (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Unreachable code.
Open

    var dialog = document.getElementById(event.target.closest('dialog').id);
Severity: Minor
Found in app/assets/javascripts/cortex/media_dialogs.js by eslint

disallow unreachable code after return, throw, continue, and break statements (no-unreachable)

Because the return, throw, break, and continue statements unconditionally exit a block of code, any statements after them cannot be executed. Unreachable statements are usually a mistake.

function fn() {
    x = 1;
    return x;
    x = 3; // this will never execute
}

Rule Details

This rule disallows unreachable code after return, throw, continue, and break statements.

Examples of incorrect code for this rule:

/*eslint no-unreachable: "error"*/

function foo() {
    return true;
    console.log("done");
}

function bar() {
    throw new Error("Oops!");
    console.log("done");
}

while(value) {
    break;
    console.log("done");
}

throw new Error("Oops!");
console.log("done");

function baz() {
    if (Math.random() < 0.5) {
        return;
    } else {
        throw new Error();
    }
    console.log("done");
}

for (;;) {}
console.log("done");

Examples of correct code for this rule, because of JavaScript function and variable hoisting:

/*eslint no-unreachable: "error"*/

function foo() {
    return bar();
    function bar() {
        return 1;
    }
}

function bar() {
    return x;
    var x;
}

switch (foo) {
    case 1:
        break;
        var x;
}

Source: http://eslint.org/docs/rules/

Unused block argument - k. If it's necessary, use _ or _k as an argument name to indicate that it won't be used.
Open

      field_type_instance.errors.each do |k, v|
Severity: Minor
Found in app/models/cortex/field_item.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Unused block argument - error. You can omit the argument if you don't care about it.
Open

        m.failure do |error|
Severity: Minor
Found in app/controllers/cortex/content_items_controller.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Unused block argument - options. If it's necessary, use _ or _options as an argument name to indicate that it won't be used.
Open

      validations.all? do |type, options|
Severity: Minor
Found in app/models/cortex/field_type.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Unused block argument - content_item. You can omit the argument if you don't care about it.
Open

        m.success do |content_item|
Severity: Minor
Found in app/controllers/cortex/content_items_controller.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Unused block argument - error. You can omit the argument if you don't care about it.
Open

        m.failure do |error|
Severity: Minor
Found in app/controllers/cortex/content_items_controller.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Broken Access Control vulnerability in Active Job
Open

    activejob (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

unexpected token $end (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops)
Open

Severity: Minor
Found in app/cells/cortex/index_cell.rb by rubocop

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops)
Open

        plugin_new_transaction_klass(field_item)&.new&.call(field_item)&.value!
Severity: Minor
Found in app/transactions/concerns/cortex/field_item_transactor.rb by rubocop

Unused block argument - options. If it's necessary, use _ or _options as an argument name to indicate that it won't be used.
Open

      validations.all? do |type, options|
Severity: Minor
Found in app/models/cortex/field_type.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Unused block argument - content_item. You can omit the argument if you don't care about it.
Open

        m.success do |content_item|
Severity: Minor
Found in app/controllers/cortex/content_items_controller.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Denial of Service Vulnerability in Action View
Open

    actionview (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Move the invocation into the parens that contain the function.
Open

(function () {
Severity: Minor
Found in app/assets/javascripts/cortex/base.js by eslint

Require IIFEs to be Wrapped (wrap-iife)

You can immediately invoke function expressions, but not function declarations. A common technique to create an immediately-invoked function expression (IIFE) is to wrap a function declaration in parentheses. The opening parentheses causes the contained function to be parsed as an expression, rather than a declaration.

// function expression could be unwrapped
var x = function () { return { y: 1 };}();

// function declaration must be wrapped
function () { /* side effects */ }(); // SyntaxError

Rule Details

This rule requires all immediately-invoked function expressions to be wrapped in parentheses.

Options

This rule has two options, a string option and an object option.

String option:

  • "outside" enforces always wrapping the call expression. The default is "outside".
  • "inside" enforces always wrapping the function expression.
  • "any" enforces always wrapping, but allows either style.

Object option:

  • "functionPrototypeMethods": true additionally enforces wrapping function expressions invoked using .call and .apply. The default is false.

outside

Examples of incorrect code for the default "outside" option:

/*eslint wrap-iife: ["error", "outside"]*/

var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };})(); // wrapped function expression

Examples of correct code for the default "outside" option:

/*eslint wrap-iife: ["error", "outside"]*/

var x = (function () { return { y: 1 };}()); // wrapped call expression

inside

Examples of incorrect code for the "inside" option:

/*eslint wrap-iife: ["error", "inside"]*/

var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };}()); // wrapped call expression

Examples of correct code for the "inside" option:

/*eslint wrap-iife: ["error", "inside"]*/

var x = (function () { return { y: 1 };})(); // wrapped function expression

any

Examples of incorrect code for the "any" option:

/*eslint wrap-iife: ["error", "any"]*/

var x = function () { return { y: 1 };}(); // unwrapped

Examples of correct code for the "any" option:

/*eslint wrap-iife: ["error", "any"]*/

var x = (function () { return { y: 1 };}()); // wrapped call expression
var x = (function () { return { y: 1 };})(); // wrapped function expression

functionPrototypeMethods

Examples of incorrect code for this rule with the "inside", { "functionPrototypeMethods": true } options:

/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */

var x = function(){ foo(); }()
var x = (function(){ foo(); }())
var x = function(){ foo(); }.call(bar)
var x = (function(){ foo(); }.call(bar))

Examples of correct code for this rule with the "inside", { "functionPrototypeMethods": true } options:

/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */

var x = (function(){ foo(); })()
var x = (function(){ foo(); }).call(bar)

Source: http://eslint.org/docs/rules/

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops)
Open

        plugin_update_transaction_klass(field_item)&.new&.call(field_item)&.value!
Severity: Minor
Found in app/transactions/concerns/cortex/field_item_transactor.rb by rubocop

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops)
Open

      asset_field_item(content_item).data['asset']&.[]('versions')&.[]('mini')&.[]('url')
Severity: Minor
Found in app/cells/cortex/index_cell.rb by rubocop

TODO found
Open

      # TODO: This needs to be generic functionality
Severity: Minor
Found in app/cells/cortex/index_cell.rb by fixme

TODO found
Open

      # TODO: The thumb version needs to be configurable, and this needs to be in a plugin
Severity: Minor
Found in app/cells/cortex/index_cell.rb by fixme

TODO found
Open

      # TODO: This needs to be in a plugin
Severity: Minor
Found in app/cells/cortex/index_cell.rb by fixme
Severity
Category
Status
Source
Language