Potential remote code execution in ruby-git
Open

                              "message" => "Report is compressed using gzip", "help-url" => "https://github.com/datacite/sashimi", "data" => "usage data needs to be uncompressed" }.freeze

Found in app/models/report.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks the length of lines in the source code. The maximum length is configurable. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop. It also ignores a shebang line by default.

This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.

If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)

ArgumentAlignment
ArrayAlignment
BlockAlignment
BlockDelimiters
BlockEndNewline
ClosingParenthesisIndentation
FirstArgumentIndentation
FirstArrayElementIndentation
FirstHashElementIndentation
FirstParameterIndentation
HashAlignment
IndentationWidth
MultilineArrayLineBreaks
MultilineBlockLayout
MultilineHashBraceLayout
MultilineHashKeyLineBreaks
MultilineMethodArgumentLineBreaks
MultilineMethodParameterLineBreaks
ParameterAlignment

Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:

Example:

# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}

# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}

# good (with recommended cops enabled)
{
  foo: "0000000000",
  bar: "0000000000",
  baz: "0000000000",
}

Line is too long. [183/120]
Open

      Rails.logger.info "No events found for DOI #{data['id']}" if related_identifiers.blank? && name_identifiers.blank? && funding_references.blank? && affiliation_identifiers.blank?

Found in app/models/concerns/importable.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks the length of lines in the source code. The maximum length is configurable. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop. It also ignores a shebang line by default.

This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.

If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)

ArgumentAlignment
ArrayAlignment
BlockAlignment
BlockDelimiters
BlockEndNewline
ClosingParenthesisIndentation
FirstArgumentIndentation
FirstArrayElementIndentation
FirstHashElementIndentation
FirstParameterIndentation
HashAlignment
IndentationWidth
MultilineArrayLineBreaks
MultilineBlockLayout
MultilineHashBraceLayout
MultilineHashKeyLineBreaks
MultilineMethodArgumentLineBreaks
MultilineMethodParameterLineBreaks
ParameterAlignment

Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:

Example:

# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}

# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}

# good (with recommended cops enabled)
{
  foo: "0000000000",
  bar: "0000000000",
  baz: "0000000000",
}

Line is too long. [176/120]
Open

      return x += [OpenStruct.new(body: { "errors" => "There are too many instances in #{data[:doi]} for report #{options[:url]}. There can only be 4" })] if instances.size > 8

Found in app/models/report.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks the length of lines in the source code. The maximum length is configurable. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop. It also ignores a shebang line by default.

This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.

If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)

ArgumentAlignment
ArrayAlignment
BlockAlignment
BlockDelimiters
BlockEndNewline
ClosingParenthesisIndentation
FirstArgumentIndentation
FirstArrayElementIndentation
FirstHashElementIndentation
FirstParameterIndentation
HashAlignment
IndentationWidth
MultilineArrayLineBreaks
MultilineBlockLayout
MultilineHashBraceLayout
MultilineHashKeyLineBreaks
MultilineMethodArgumentLineBreaks
MultilineMethodParameterLineBreaks
ParameterAlignment

Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:

Example:

# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}

# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}

# good (with recommended cops enabled)
{
  foo: "0000000000",
  bar: "0000000000",
  baz: "0000000000",
}

Block has too many lines. [74/25]
Open

  included do
    # encode JWT token using SHA-256 hash algorithm
    def encode_token(payload)
      # replace newline characters with actual newlines
      private_key = OpenSSL::PKey::RSA.new(ENV["JWT_PRIVATE_KEY"].to_s.gsub(

Found in app/models/concerns/authenticable.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set constructs you want to fold with CountAsOne. Available are: 'array', 'hash', 'heredoc', and 'method_call'. Each construct will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use AllowedMethods and AllowedPatterns instead. By default, there are no methods to allowed.

Example: CountAsOne: ['array', 'heredoc', 'method_call']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC

  foo(              # +1
    1,
    2
  )
end                 # 6 points

NOTE: This cop does not apply for Struct definitions.

Method `push_item` has 109 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.push_item(item)
    attributes = item.fetch("attributes", {})
    doi = attributes.fetch("doi", nil)
    return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"

Found in app/models/related_identifier.rb - About 4 hrs to fix

Block has too many lines. [73/25]
Open

    attributes.fetch("creators", []).map do |creator|
      name_identifier = Array.wrap(creator.fetch("nameIdentifiers",
                                                 nil)).detect do |n|
        n["nameIdentifierScheme"] == "ORCID"
      end

Found in app/models/orcid_affiliation.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set constructs you want to fold with CountAsOne. Available are: 'array', 'hash', 'heredoc', and 'method_call'. Each construct will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use AllowedMethods and AllowedPatterns instead. By default, there are no methods to allowed.

Example: CountAsOne: ['array', 'heredoc', 'method_call']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC

  foo(              # +1
    1,
    2
  )
end                 # 6 points

NOTE: This cop does not apply for Struct definitions.

Line is too long. [166/120]
Open

               when "ActiveModel::ForbiddenAttributesError", "ActionController::ParameterMissing", "ActionController::UnpermittedParameters", "NoMethodError" then 422

Found in app/controllers/application_controller.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Checks the length of lines in the source code. The maximum length is configurable. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop. It also ignores a shebang line by default.

This cop has some autocorrection capabilities. It can programmatically shorten certain long lines by inserting line breaks into expressions that can be safely split across lines. These include arrays, hashes, and method calls with argument lists.

If autocorrection is enabled, the following Layout cops are recommended to further format the broken lines. (Many of these are enabled by default.)

ArgumentAlignment
ArrayAlignment
BlockAlignment
BlockDelimiters
BlockEndNewline
ClosingParenthesisIndentation
FirstArgumentIndentation
FirstArrayElementIndentation
FirstHashElementIndentation
FirstParameterIndentation
HashAlignment
IndentationWidth
MultilineArrayLineBreaks
MultilineBlockLayout
MultilineHashBraceLayout
MultilineHashKeyLineBreaks
MultilineMethodArgumentLineBreaks
MultilineMethodParameterLineBreaks
ParameterAlignment

Together, these cops will pretty print hashes, arrays, method calls, etc. For example, let's say the max columns is 25:

Example:

# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}

# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}

# good (with recommended cops enabled)
{
  foo: "0000000000",
  bar: "0000000000",
  baz: "0000000000",
}

Method `push_item` has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def self.push_item(item)
    attributes = item.fetch("attributes", {})
    doi = attributes.fetch("doi", nil)
    return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"

Found in app/models/related_identifier.rb - About 4 hrs to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Method `push_item` has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def self.push_item(item)
    attributes = item.fetch("attributes", {})
    doi = attributes.fetch("doi", nil)
    return nil if doi.blank?

Found in app/models/name_identifier.rb - About 3 hrs to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Example:

# bad
{foo: "0000000000", bar: "0000000000", baz: "0000000000"}

# good
{foo: "0000000000",
bar: "0000000000", baz: "0000000000"}

# good (with recommended cops enabled)
{
  foo: "0000000000",
  bar: "0000000000",
  baz: "0000000000",
}

Class `Base` has 30 methods (exceeds 20 allowed). Consider refactoring.
Open

class Base
  include Importable
  include Cacheable
  include ::Bolognese::MetadataUtils

Found in app/models/base.rb - About 3 hrs to fix

Perceived complexity for push_item is too high. [25/8]
Open

  def self.push_item(item)
    attributes = item.fetch("attributes", {})
    doi = attributes.fetch("doi", nil)
    return nil unless doi.present? && cached_doi_ra(doi) == "DataCite"

Found in app/models/related_identifier.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Method `parse_record` has 89 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def parse_record(sqs_msg: nil, data: nil)
      id = "https://doi.org/#{data['id']}"
      response = get_datacite_json(id)
      related_identifiers = Array.wrap(response.fetch("relatedIdentifiers",
                                                      nil)).select do |r|

Found in app/models/concerns/importable.rb - About 3 hrs to fix

datacite/levriero

Showing 368 of 369 total issues

Potential remote code execution in ruby-git Open

Code injection in ruby git Open

JMESPath for Ruby using JSON.load instead of JSON.parse Open

Command injection in ruby-git Open

Line is too long. [187/120] Open

Example:

Line is too long. [183/120] Open

Example:

Line is too long. [176/120] Open

Example:

Block has too many lines. [74/25] Open

Example: CountAsOne: ['array', 'heredoc', 'method_call']

Method push_item has 109 lines of code (exceeds 25 allowed). Consider refactoring. Open

Block has too many lines. [73/25] Open

Example: CountAsOne: ['array', 'heredoc', 'method_call']

Line is too long. [166/120] Open

Example:

Method push_item has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring. Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Method push_item has 102 lines of code (exceeds 25 allowed). Consider refactoring. Open

File base.rb has 335 lines of code (exceeds 250 allowed). Consider refactoring. Open

Perceived complexity for parse_record is too high. [28/8] Open

Example:

Method push_item has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring. Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Line is too long. [160/120] Open

Example:

Class Base has 30 methods (exceeds 20 allowed). Consider refactoring. Open

Perceived complexity for push_item is too high. [25/8] Open

Example:

Method parse_record has 89 lines of code (exceeds 25 allowed). Consider refactoring. Open

Severity

Category

Status

Source

Language

Potential remote code execution in ruby-git
Open

Code injection in ruby git
Open

JMESPath for Ruby using JSON.load instead of JSON.parse
Open

Command injection in ruby-git
Open

Line is too long. [187/120]
Open

Line is too long. [183/120]
Open

Line is too long. [176/120]
Open

Block has too many lines. [74/25]
Open

Method `push_item` has 109 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Block has too many lines. [73/25]
Open

Line is too long. [166/120]
Open

Method `push_item` has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

Method `push_item` has 102 lines of code (exceeds 25 allowed). Consider refactoring.
Open

File `base.rb` has 335 lines of code (exceeds 250 allowed). Consider refactoring.
Open

Perceived complexity for parse_record is too high. [28/8]
Open

Method `push_item` has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

Line is too long. [160/120]
Open

Class `Base` has 30 methods (exceeds 20 allowed). Consider refactoring.
Open

Perceived complexity for push_item is too high. [25/8]
Open

Method `parse_record` has 89 lines of code (exceeds 25 allowed). Consider refactoring.
Open