Showing 368 of 369 total issues
Potential remote code execution in ruby-git Open
git (1.10.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-46648
Criticality: Medium
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Code injection in ruby git Open
git (1.10.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-47318
Criticality: High
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
JMESPath for Ruby using JSON.load instead of JSON.parse Open
jmespath (1.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32511
Criticality: Critical
URL: https://github.com/jmespath/jmespath.rb/pull/55
Solution: upgrade to >= 1.6.1
Command injection in ruby-git Open
git (1.10.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-25648
Criticality: Critical
URL: https://github.com/ruby-git/ruby-git/pull/569
Solution: upgrade to >= 1.11.0
Line is too long. [187/120] Open
"message" => "Report is compressed using gzip", "help-url" => "https://github.com/datacite/sashimi", "data" => "usage data needs to be uncompressed" }.freeze
- Read upRead up
- Exclude checks
Checks the length of lines in the source code.
The maximum length is configurable.
The tab size is configured in the IndentationWidth
of the Layout/IndentationStyle
cop.
It also ignores a shebang line by default.
This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.
If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)
- ArgumentAlignment
- ArrayAlignment
- BlockAlignment
- BlockDelimiters
- BlockEndNewline
- ClosingParenthesisIndentation
- FirstArgumentIndentation
- FirstArrayElementIndentation
- FirstHashElementIndentation
- FirstParameterIndentation
- HashAlignment
- IndentationWidth
- MultilineArrayLineBreaks
- MultilineBlockLayout
- MultilineHashBraceLayout
- MultilineHashKeyLineBreaks
- MultilineMethodArgumentLineBreaks
- MultilineMethodParameterLineBreaks
- ParameterAlignment
Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:
Example:
# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}
# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}
# good (with recommended cops enabled)
{
foo: "0000000000",
bar: "0000000000",
baz: "0000000000",
}
Line is too long. [183/120] Open
Rails.logger.info "No events found for DOI #{data['id']}" if related_identifiers.blank? && name_identifiers.blank? && funding_references.blank? && affiliation_identifiers.blank?
- Read upRead up
- Exclude checks
Checks the length of lines in the source code.
The maximum length is configurable.
The tab size is configured in the IndentationWidth
of the Layout/IndentationStyle
cop.
It also ignores a shebang line by default.
This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.
If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)
- ArgumentAlignment
- ArrayAlignment
- BlockAlignment
- BlockDelimiters
- BlockEndNewline
- ClosingParenthesisIndentation
- FirstArgumentIndentation
- FirstArrayElementIndentation
- FirstHashElementIndentation
- FirstParameterIndentation
- HashAlignment
- IndentationWidth
- MultilineArrayLineBreaks
- MultilineBlockLayout
- MultilineHashBraceLayout
- MultilineHashKeyLineBreaks
- MultilineMethodArgumentLineBreaks
- MultilineMethodParameterLineBreaks
- ParameterAlignment
Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:
Example:
# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}
# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}
# good (with recommended cops enabled)
{
foo: "0000000000",
bar: "0000000000",
baz: "0000000000",
}
Line is too long. [176/120] Open
return x += [OpenStruct.new(body: { "errors" => "There are too many instances in #{data[:doi]} for report #{options[:url]}. There can only be 4" })] if instances.size > 8
- Read upRead up
- Exclude checks
Checks the length of lines in the source code.
The maximum length is configurable.
The tab size is configured in the IndentationWidth
of the Layout/IndentationStyle
cop.
It also ignores a shebang line by default.
This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.
If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)
- ArgumentAlignment
- ArrayAlignment
- BlockAlignment
- BlockDelimiters
- BlockEndNewline
- ClosingParenthesisIndentation
- FirstArgumentIndentation
- FirstArrayElementIndentation
- FirstHashElementIndentation
- FirstParameterIndentation
- HashAlignment
- IndentationWidth
- MultilineArrayLineBreaks
- MultilineBlockLayout
- MultilineHashBraceLayout
- MultilineHashKeyLineBreaks
- MultilineMethodArgumentLineBreaks
- MultilineMethodParameterLineBreaks
- ParameterAlignment
Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:
Example:
# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}
# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}
# good (with recommended cops enabled)
{
foo: "0000000000",
bar: "0000000000",
baz: "0000000000",
}
Block has too many lines. [74/25] Open
included do
# encode JWT token using SHA-256 hash algorithm
def encode_token(payload)
# replace newline characters with actual newlines
private_key = OpenSSL::PKey::RSA.new(ENV["JWT_PRIVATE_KEY"].to_s.gsub(
- Read upRead up
- Exclude checks
Checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
You can set constructs you want to fold with CountAsOne
.
Available are: 'array', 'hash', 'heredoc', and 'method_call'. Each construct
will be counted as one line regardless of its actual size.
NOTE: The ExcludedMethods
configuration is deprecated and only kept
for backwards compatibility. Please use AllowedMethods
and AllowedPatterns
instead. By default, there are no methods to allowed.
Example: CountAsOne: ['array', 'heredoc', 'method_call']
something do
array = [ # +1
1,
2
]
hash = { # +3
key: 'value'
}
msg = <<~HEREDOC # +1
Heredoc
content.
HEREDOC
foo( # +1
1,
2
)
end # 6 points
NOTE: This cop does not apply for Struct
definitions.
Method push_item
has 109 lines of code (exceeds 25 allowed). Consider refactoring. Open
def self.push_item(item)
attributes = item.fetch("attributes", {})
doi = attributes.fetch("doi", nil)
return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"
Block has too many lines. [73/25] Open
attributes.fetch("creators", []).map do |creator|
name_identifier = Array.wrap(creator.fetch("nameIdentifiers",
nil)).detect do |n|
n["nameIdentifierScheme"] == "ORCID"
end
- Read upRead up
- Exclude checks
Checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
You can set constructs you want to fold with CountAsOne
.
Available are: 'array', 'hash', 'heredoc', and 'method_call'. Each construct
will be counted as one line regardless of its actual size.
NOTE: The ExcludedMethods
configuration is deprecated and only kept
for backwards compatibility. Please use AllowedMethods
and AllowedPatterns
instead. By default, there are no methods to allowed.
Example: CountAsOne: ['array', 'heredoc', 'method_call']
something do
array = [ # +1
1,
2
]
hash = { # +3
key: 'value'
}
msg = <<~HEREDOC # +1
Heredoc
content.
HEREDOC
foo( # +1
1,
2
)
end # 6 points
NOTE: This cop does not apply for Struct
definitions.
Line is too long. [166/120] Open
when "ActiveModel::ForbiddenAttributesError", "ActionController::ParameterMissing", "ActionController::UnpermittedParameters", "NoMethodError" then 422
- Read upRead up
- Exclude checks
Checks the length of lines in the source code.
The maximum length is configurable.
The tab size is configured in the IndentationWidth
of the Layout/IndentationStyle
cop.
It also ignores a shebang line by default.
This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.
If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)
- ArgumentAlignment
- ArrayAlignment
- BlockAlignment
- BlockDelimiters
- BlockEndNewline
- ClosingParenthesisIndentation
- FirstArgumentIndentation
- FirstArrayElementIndentation
- FirstHashElementIndentation
- FirstParameterIndentation
- HashAlignment
- IndentationWidth
- MultilineArrayLineBreaks
- MultilineBlockLayout
- MultilineHashBraceLayout
- MultilineHashKeyLineBreaks
- MultilineMethodArgumentLineBreaks
- MultilineMethodParameterLineBreaks
- ParameterAlignment
Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:
Example:
# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}
# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}
# good (with recommended cops enabled)
{
foo: "0000000000",
bar: "0000000000",
baz: "0000000000",
}
Method push_item
has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring. Open
def self.push_item(item)
attributes = item.fetch("attributes", {})
doi = attributes.fetch("doi", nil)
return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method push_item
has 102 lines of code (exceeds 25 allowed). Consider refactoring. Open
def self.push_item(item)
attributes = item.fetch("attributes", {})
doi = attributes.fetch("doi", nil)
return nil if doi.blank?
File base.rb
has 335 lines of code (exceeds 250 allowed). Consider refactoring. Open
require "bolognese"
class Base
include Importable
include Cacheable
Perceived complexity for parse_record is too high. [28/8] Open
def parse_record(sqs_msg: nil, data: nil)
id = "https://doi.org/#{data['id']}"
response = get_datacite_json(id)
related_identifiers = Array.wrap(response.fetch("relatedIdentifiers",
nil)).select do |r|
- Read upRead up
- Exclude checks
Tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Method push_item
has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring. Open
def self.push_item(item)
attributes = item.fetch("attributes", {})
doi = attributes.fetch("doi", nil)
return nil if doi.blank?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Line is too long. [160/120] Open
Rails.logger.info "[Event Data] #{affiliation_identifiers.length} affiliation_identifiers found for DOI #{data['id']}" if affiliation_identifiers.present?
- Read upRead up
- Exclude checks
Checks the length of lines in the source code.
The maximum length is configurable.
The tab size is configured in the IndentationWidth
of the Layout/IndentationStyle
cop.
It also ignores a shebang line by default.
This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.
If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)
- ArgumentAlignment
- ArrayAlignment
- BlockAlignment
- BlockDelimiters
- BlockEndNewline
- ClosingParenthesisIndentation
- FirstArgumentIndentation
- FirstArrayElementIndentation
- FirstHashElementIndentation
- FirstParameterIndentation
- HashAlignment
- IndentationWidth
- MultilineArrayLineBreaks
- MultilineBlockLayout
- MultilineHashBraceLayout
- MultilineHashKeyLineBreaks
- MultilineMethodArgumentLineBreaks
- MultilineMethodParameterLineBreaks
- ParameterAlignment
Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:
Example:
# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}
# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}
# good (with recommended cops enabled)
{
foo: "0000000000",
bar: "0000000000",
baz: "0000000000",
}
Class Base
has 30 methods (exceeds 20 allowed). Consider refactoring. Open
class Base
include Importable
include Cacheable
include ::Bolognese::MetadataUtils
Perceived complexity for push_item is too high. [25/8] Open
def self.push_item(item)
attributes = item.fetch("attributes", {})
doi = attributes.fetch("doi", nil)
return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"
- Read upRead up
- Exclude checks
Tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Method parse_record
has 89 lines of code (exceeds 25 allowed). Consider refactoring. Open
def parse_record(sqs_msg: nil, data: nil)
id = "https://doi.org/#{data['id']}"
response = get_datacite_json(id)
related_identifiers = Array.wrap(response.fetch("relatedIdentifiers",
nil)).select do |r|