Sign upLogin

darrenleeweber/app_version_tasks

View on GitHub
Star

Showing 60 of 60 total issues

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.7)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.7)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Uncontrolled Recursion in Loofah
Open

    loofah (2.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.7)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

File Content Disclosure in Action View
Open

    actionview (4.2.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

AppVersionTasks::Configuration#version_file_path= is controlled by argument 'value'
Open

      @version_file_path = value || default_version_path
Severity: Minor
Found in lib/app_version_tasks/configuration.rb by reek

Control Parameter is a special case of Control Couple

Example

A simple example would be the "quoted" parameter in the following method:

def write(quoted)
  if quoted
    write_quoted @value
  else
    write_unquoted @value
  end
end

Fixing those problems is out of the scope of this document but an easy solution could be to remove the "write" method alltogether and to move the calls to "writequoted" / "writeunquoted" in the initial caller of "write".

Denial of Service Vulnerability in Action View
Open

    actionview (4.2.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Potential remote code execution of user-provided local names in ActionView
Open

    actionview (4.2.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8163

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

Solution: upgrade to >= 4.2.11.2

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.7)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

AppVersionTasks::Configuration#application_name= is controlled by argument 'value'
Open

        value || Rails.application.class.parent_name
Severity: Minor
Found in lib/app_version_tasks/configuration.rb by reek

Control Parameter is a special case of Control Couple

Example

A simple example would be the "quoted" parameter in the following method:

def write(quoted)
  if quoted
    write_quoted @value
  else
    write_unquoted @value
  end
end

Fixing those problems is out of the scope of this document but an easy solution could be to remove the "write" method alltogether and to move the calls to "writequoted" / "writeunquoted" in the initial caller of "write".

AppVersionTasks::Configuration#git_working_directory= is controlled by argument 'value'
Open

      @git_working_directory = value || default_root_path
Severity: Minor
Found in lib/app_version_tasks/configuration.rb by reek

Control Parameter is a special case of Control Couple

Example

A simple example would be the "quoted" parameter in the following method:

def write(quoted)
  if quoted
    write_quoted @value
  else
    write_unquoted @value
  end
end

Fixing those problems is out of the scope of this document but an easy solution could be to remove the "write" method alltogether and to move the calls to "writequoted" / "writeunquoted" in the initial caller of "write".

AppVersionTasks::SemanticVersion has at least 17 methods
Open

  class SemanticVersion
Severity: Minor
Found in lib/app_version_tasks/semantic_version.rb by reek

Too Many Methods is a special case of LargeClass.

Example

Given this configuration

TooManyMethods:
  max_methods: 3

and this code:

class TooManyMethods
  def one; end
  def two; end
  def three; end
  def four; end
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [1]:TooManyMethods has at least 4 methods (TooManyMethods)

Broken Access Control vulnerability in Active Job
Open

    activejob (4.2.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

AppVersionTasks::Configuration#default_root_path doesn't depend on instance state (maybe move it to another class?)
Open

      def default_root_path
Severity: Minor
Found in lib/app_version_tasks/configuration.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

AppVersionTasks::SemanticVersionFile#version_template doesn't depend on instance state (maybe move it to another class?)
Open

      def version_template
Severity: Minor
Found in lib/app_version_tasks/semantic_version_file.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

AppVersionTasks::SemanticVersionFile#path doesn't depend on instance state (maybe move it to another class?)
Open

    def path
Severity: Minor
Found in lib/app_version_tasks/semantic_version_file.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

AppVersionTasks::SemanticVersion#git_release_branch? performs a nil-check
Open

        !response.match(/y/i).nil?
Severity: Minor
Found in lib/app_version_tasks/semantic_version.rb by reek

A NilCheck is a type check. Failures of NilCheck violate the "tell, don't ask" principle.

Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.

Example

Given

class Klass
  def nil_checker(argument)
    if argument.nil?
      puts "argument isn't nil!"
    end
  end
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [3]:Klass#nil_checker performs a nil-check. (NilCheck)
Severity
Category
Status
Source
Language