Sign upLogin

dhhxu/projectscope

View on GitHub
Star

Showing 171 of 171 total issues

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.7.2)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Path Traversal in Sprockets
Open

    sprockets (3.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Method has too many lines. [56/30]
Open

  def index
    sort = params[:sort] || session[:sort]
    if params[:sort] == nil
      session[:sort] == nil
    end
Severity: Minor
Found in app/controllers/projects_controller.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method index has a Cognitive Complexity of 30 (exceeds 5 allowed). Consider refactoring.
Open

  def index
    sort = params[:sort] || session[:sort]
    if params[:sort] == nil
      session[:sort] == nil
    end
Severity: Minor
Found in app/controllers/projects_controller.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method has too many lines. [45/30]
Open

  def get_data
    # WILL NEED TO CHANGE LOCATION OF API TOKEN ONCE EACH PROJECT HAS ITS OWN
    if self.slack_api_token == nil or self.slack_api_token == ''
        return
    end
Severity: Minor
Found in app/models/slack_trend.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Cyclomatic complexity for index is too high. [21/6]
Open

  def index
    sort = params[:sort] || session[:sort]
    if params[:sort] == nil
      session[:sort] == nil
    end
Severity: Minor
Found in app/controllers/projects_controller.rb by rubocop

This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.

An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.

Function SlackTrendGraphic has 83 lines of code (exceeds 25 allowed). Consider refactoring.
Open

var SlackTrendGraphic = function(projectID, slackTrendURI) {
    this.slackTrendURI = slackTrendURI;
    this.getSlackTrendData = function() {
        jQuery.ajax({
            type: 'GET',
Severity: Major
Found in app/assets/javascripts/slack_trend_graphic.js - About 3 hrs to fix

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

        this.getSlackTrendData = function() {
        jQuery.ajax({
            type: 'GET',
            url: this.slackTrendURI,
            timeout: 5000,
    Severity: Major
    Found in app/assets/javascripts/slack_trend_graphic.js and 3 other locations - About 2 hrs to fix
    app/assets/javascripts/pivotal_tracker_graphic.js on lines 3..13
    app/assets/javascripts/pull_request_graphic.js on lines 3..13
    app/assets/javascripts/slack_graphic.js on lines 3..13

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 93.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

      this.getPullRequestData = function() {
    jQuery.ajax({type: 'GET',
            url: this.pullRequestURL,
            timeout: 5000,
            success: this.showPullRequestGraphic,
    Severity: Major
    Found in app/assets/javascripts/pull_request_graphic.js and 3 other locations - About 2 hrs to fix
    app/assets/javascripts/pivotal_tracker_graphic.js on lines 3..13
    app/assets/javascripts/slack_graphic.js on lines 3..13
    app/assets/javascripts/slack_trend_graphic.js on lines 3..15

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 93.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

      this.getPivotalTrackerData = function() {
    jQuery.ajax({type: 'GET',
            url: this.pivotalTrackerURL,
            timeout: 5000,
            success: this.showPivotalTrackerGraphic,
    Severity: Major
    Found in app/assets/javascripts/pivotal_tracker_graphic.js and 3 other locations - About 2 hrs to fix
    app/assets/javascripts/pull_request_graphic.js on lines 3..13
    app/assets/javascripts/slack_graphic.js on lines 3..13
    app/assets/javascripts/slack_trend_graphic.js on lines 3..15

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 93.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

      this.getSlackData = function() {
    jQuery.ajax({type: 'GET',
            url: this.slackURL,
            timeout: 5000,
            success: this.showSlackGraphic,
    Severity: Major
    Found in app/assets/javascripts/slack_graphic.js and 3 other locations - About 2 hrs to fix
    app/assets/javascripts/pivotal_tracker_graphic.js on lines 3..13
    app/assets/javascripts/pull_request_graphic.js on lines 3..13
    app/assets/javascripts/slack_trend_graphic.js on lines 3..15

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 93.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Function showSlackTrendGraphic has 68 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        this.showSlackTrendGraphic = function(jsonData, requestStatus, xhrObject) {
        if (jsonData.weekthree == null) {
          jQuery('#'+projectID+'-slack-trend').html('<p class="bg-danger">No Slack Found</p>');
          return(false);
        }
    Severity: Major
    Found in app/assets/javascripts/slack_trend_graphic.js - About 2 hrs to fix

      Function drawTrendlines has 61 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

              function drawTrendlines() {
            var data = new google.visualization.DataTable();
            data.addColumn('string', '');
            data.addColumn('number', 'Score');
            var color = '#FFFFFF'
      Severity: Major
      Found in app/assets/javascripts/slack_trend_graphic.js - About 2 hrs to fix
        Severity
        Category
        Status
        Source
        Language