Sign upLogin

dianhua1560/bhgh

View on GitHub
Star

Showing 208 of 208 total issues

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

File boardCtrl.js has 328 lines of code (exceeds 250 allowed). Consider refactoring.
Open

myApp.controller("BoardCtrl", function ($scope) {
    $scope.events = events;
    $scope.brags = brags;
    $scope.posts = posts;
    $scope.newEvent = {};
Severity: Minor
Found in public/controllers/boardCtrl.js - About 3 hrs to fix

    Function has too many statements (46). Maximum allowed is 30.
    Open

    myApp.controller("BoardCtrl", function ($scope) {
    Severity: Minor
    Found in public/controllers/boardCtrl.js by eslint

    enforce a maximum number of statements allowed in function blocks (max-statements)

    The max-statements rule allows you to specify the maximum number of statements allowed in a function.

    function foo() {
  var bar = 1; // one statement
  var baz = 2; // two statements
  var qux = 3; // three statements
}

    Rule Details

    This rule enforces a maximum number of statements allowed in function blocks.

    Options

    This rule has a number or object option:

    • "max" (default 10) enforces a maximum number of statements allows in function blocks

    Deprecated: The object property maximum is deprecated; please use the object property max instead.

    This rule has an object option:

    • "ignoreTopLevelFunctions": true ignores top-level functions

    max

    Examples of incorrect code for this rule with the default { "max": 10 } option:

    /*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;

  var foo11 = 11; // Too many.
}

let foo = () => {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;

  var foo11 = 11; // Too many.
};

    Examples of correct code for this rule with the default { "max": 10 } option:

    /*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  return function () {

    // The number of statements in the inner function does not count toward the
    // statement maximum.

    return 42;
  };
}

let foo = () => {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  return function () {

    // The number of statements in the inner function does not count toward the
    // statement maximum.

    return 42;
  };
}

    ignoreTopLevelFunctions

    Examples of additional correct code for this rule with the { "max": 10 }, { "ignoreTopLevelFunctions": true } options:

    /*eslint max-statements: ["error", 10, { "ignoreTopLevelFunctions": true }]*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  var foo11 = 11;
}

    Related Rules

    • [complexity](complexity.md)
    • [max-depth](max-depth.md)
    • [max-len](max-len.md)
    • [max-nested-callbacks](max-nested-callbacks.md)
    • [max-params](max-params.md) Source: http://eslint.org/docs/rules/

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        $scope.deleteBrag = function(brag){
        $.ajax({
            url:'/brags/delete/'+brag.id,
            type:'post',
            success:function(data){
    Severity: Major
    Found in public/controllers/boardCtrl.js and 1 other location - About 3 hrs to fix
    public/controllers/boardCtrl.js on lines 305..317

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 105.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        $scope.deleteEvent = function(event){
        $.ajax({
            url:'/events/delete/'+event.id,
            type:'post',
            success:function(data){
    Severity: Major
    Found in public/controllers/boardCtrl.js and 1 other location - About 3 hrs to fix
    public/controllers/boardCtrl.js on lines 281..293

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 105.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        $scope.showBragModal = function(brag){
        $scope.selectedBrag = brag;
        $scope.isEditingBrag = false;
        $('#brag-modal').modal('show');
        $.ajax({
    Severity: Major
    Found in public/controllers/boardCtrl.js and 1 other location - About 3 hrs to fix
    public/controllers/boardCtrl.js on lines 193..203

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 95.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        $scope.showEventModal = function(event){
        $scope.selectedEvent = event;
        $scope.isEditingEvent = false;
        $('#event-modal').modal('show');
        $.ajax({
    Severity: Major
    Found in public/controllers/boardCtrl.js and 1 other location - About 3 hrs to fix
    public/controllers/boardCtrl.js on lines 204..214

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 95.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

            $.ajax({
            url:'/events/modal_show/'+$(this).attr('data-id'),
            type:'get',
            success:function(data){
                console.log(data);
    Severity: Major
    Found in app/assets/javascripts/board.js and 1 other location - About 2 hrs to fix
    app/assets/javascripts/board.js on lines 21..28

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 75.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

            $.ajax({
            url:'/brags/modal_show/'+$(this).attr('data-id'),
            type:'get',
            success:function(data){
                console.log(data);
    Severity: Major
    Found in app/assets/javascripts/board.js and 1 other location - About 2 hrs to fix
    app/assets/javascripts/board.js on lines 34..41

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 75.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Denial of service or RCE from libxml2 and libxslt
    Open

        nokogiri (1.6.7.2)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2015-8806

    Criticality: High

    URL: https://github.com/sparklemotion/nokogiri/issues/1473

    Solution: upgrade to >= 1.6.8

    Possible XSS Vulnerability in Action View
    Open

        actionview (4.2.5.1)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2016-6316

    Criticality: Medium

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

    Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1

    Possible XSS vulnerability in Rack
    Open

        rack (1.6.4)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-16471

    URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

    Solution: upgrade to ~> 1.6.11, >= 2.0.6

    File Content Disclosure in Action View
    Open

        actionview (4.2.5.1)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2019-5418

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

    Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

    Denial of Service Vulnerability in Action View
    Open

        actionview (4.2.5.1)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2019-5419

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

    Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

    Broken Access Control vulnerability in Active Job
    Open

        activejob (4.2.5.1)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-16476

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

    Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

    Severity
    Category
    Status
    Source
    Language