Sign upLogin

dpn-admin/dpn-sync

View on GitHub
Star

Showing 52 of 52 total issues

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Command injection in ruby-git
Open

    git (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-25648

Criticality: Critical

URL: https://github.com/ruby-git/ruby-git/pull/569

Solution: upgrade to >= 1.11.0

Block has too many lines. [103/25]
Open

namespace :sidekiq do
  namespace :service do
    sidekiq_config_file = File.join('config', 'sidekiq.yml')
    sidekiq_config_file = File.expand_path(sidekiq_config_file)
    if File.exist? sidekiq_config_file
Severity: Minor
Found in lib/tasks/sidekiq.rake by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [50/25]
Open

  namespace :service do
    sidekiq_config_file = File.join('config', 'sidekiq.yml')
    sidekiq_config_file = File.expand_path(sidekiq_config_file)
    if File.exist? sidekiq_config_file
      sidekiq_config = YAML.load(File.read(sidekiq_config_file))
Severity: Minor
Found in lib/tasks/sidekiq.rake by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [45/25]
Open

namespace :dpn do
  namespace :sync do
    desc "DPN - fetch bag meta-data from remote nodes"
    task :bags do
      DPN::Workers::SyncWorker.perform_async "DPN::Workers::SyncBags"
Severity: Minor
Found in lib/tasks/dpn_sync.rake by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [43/25]
Open

  namespace :sync do
    desc "DPN - fetch bag meta-data from remote nodes"
    task :bags do
      DPN::Workers::SyncWorker.perform_async "DPN::Workers::SyncBags"
    end
Severity: Minor
Found in lib/tasks/dpn_sync.rake by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Path traversal is possible via backslash characters on Windows.
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-7212

URL: https://github.com/sinatra/sinatra/pull/1379

Solution: upgrade to >= 2.0.1, ~> 1.5.4

Possible information leak / session hijack vulnerability
Open

    rack (1.6.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Possible XSS vulnerability in Rack
Open

    rack (1.6.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Possible arbitrary path traversal and file access via yard server
Open

    yard (0.9.12)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr

Solution: upgrade to >= 0.9.20

rack-protection gem timing attack vulnerability when validating CSRF token
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-1000119

Criticality: Medium

URL: https://github.com/sinatra/rack-protection/pull/98

Solution: upgrade to ~> 1.5.5, >= 2.0.0

Arbitrary path traversal and file access via yard server
Open

    yard (0.9.12)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-1020001

Criticality: High

URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr

Solution: upgrade to >= 0.9.20

Method os_execute has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

        def os_execute(command)
          status, stdout, stderr = systemu(command)
          status.exitstatus.zero? ? stdout : raise(stderr)
        rescue
          msg = ["Command failed to execute: #{command}"]
Severity: Minor
Found in lib/dpn/workers/bag_rsync.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Prefer using YAML.safe_load over YAML.load.
Open

      sidekiq_config = YAML.load(File.read(sidekiq_config_file))
Severity: Minor
Found in lib/tasks/sidekiq.rake by rubocop

This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Example:

# bad
YAML.load("--- foo")

# good
YAML.safe_load("--- foo")
YAML.dump("foo")

Use __dir__ to get an absolute path to the current file's directory.
Open

    cwd = File.expand_path(File.dirname(__FILE__))
Severity: Minor
Found in Rakefile by rubocop

This cop checks for places where the #__dir__ method can replace more complex constructs to retrieve a canonicalized absolute path to the current file.

Example:

# bad
path = File.expand_path(File.dirname(__FILE__))

# bad
path = File.dirname(File.realpath(__FILE__))

# good
path = __dir__

Heading (h1) has already been defined.
Open

  h1 {
Severity: Minor
Found in app/public/stylesheets/main.css by csslint

Avoid rescuing without specifying an error class.
Open

        rescue
Severity: Minor
Found in lib/dpn/workers.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Avoid rescuing without specifying an error class.
Open

      rescue
Severity: Minor
Found in lib/dpn/workers/node.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Heading (h2) has already been defined.
Open

  h2 {
Severity: Minor
Found in app/public/stylesheets/main.css by csslint
Severity
Category
Status
Source
Language