deliveroo/routemaster

View on GitHub

Showing 11 of 11 total issues

Keepalive thread overload/DoS in puma
Open

    puma (3.7.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Class Batch has 28 methods (exceeds 20 allowed). Consider refactoring.
Open

    class Batch
      include Mixins::Redis
      include Mixins::Assert
      include Mixins::Log
      include Mixins::Counters
Severity: Minor
Found in routemaster/models/batch.rb - About 3 hrs to fix

    Class Subscriber has 28 methods (exceeds 20 allowed). Consider refactoring.
    Open

      class Subscriber < Routemaster::Models::Base
        TIMEOUT_RANGE = 0..3_600_000
        DEFAULT_TIMEOUT = 500
        DEFAULT_MAX_EVENTS = 100
    
    
    Severity: Minor
    Found in routemaster/models/subscriber.rb - About 3 hrs to fix

      Method has too many lines. [31/30]
      Open

            def call
              @dispatcher.batched do
                Models::Batch.gauges.each_pair do |type, data|
                  data.each_pair do |name, count|
                    @dispatcher.gauge(
      Severity: Minor
      Found in routemaster/jobs/monitor.rb by rubocop

      This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

      Method call has 31 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

            def call
              @dispatcher.batched do
                Models::Batch.gauges.each_pair do |type, data|
                  data.each_pair do |name, count|
                    @dispatcher.gauge(
      Severity: Minor
      Found in routemaster/jobs/monitor.rb - About 1 hr to fix

        Method call has 26 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

              def call
                trace_with_newrelic('Custom/Services/ingest') do
                  data = Services::Codec.new.dump(@event)
        
                  @topic.subscribers.each do |s|
        Severity: Minor
        Found in routemaster/services/ingest.rb - About 1 hr to fix

          Possible information leak / session hijack vulnerability
          Open

              rack (1.6.11)
          Severity: Minor
          Found in Gemfile.lock by bundler-audit

          Advisory: CVE-2019-16782

          URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

          Solution: upgrade to ~> 1.6.12, >= 2.0.8

          Method registered has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

                def self.registered(app)
                  app.helpers Helpers
          
                  app.set :parse do |format|
                    condition do
          Severity: Minor
          Found in routemaster/controllers/parser.rb - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method call has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

                def call
                  Services::Worker.each do |w|
                    last_at = w.last_at
                    next if last_at.nil?
                    next unless last_at <= Routemaster.now - @max_age
          Severity: Minor
          Found in routemaster/jobs/scrub_workers.rb - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method call has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

                def call
                  next_at = Routemaster.now + @every
                  @queue.push Models::Job.new(name: @name, run_at: @delay ? next_at : nil)
                  sleep TICK while (block_given? ? yield : true) && Routemaster.now < next_at
                end
          Severity: Minor
          Found in routemaster/services/ticker.rb - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method length has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
          Open

                def length(deadline: nil, scheduled: true, instant: true)
                  _assert(deadline.nil? || deadline.kind_of?(Integer), 'bad deadline value')
          
                  deadline ||= '+inf'
                  (scheduled ? _redis.zcount(_scheduled_key, '-inf', deadline) : 0) +
          Severity: Minor
          Found in routemaster/models/queue.rb - About 25 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Severity
          Category
          Status
          Source
          Language