dtaniwaki/e2e-tester

View on GitHub

Showing 259 of 259 total issues

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Insecure Source URI found: git://github.com/rails/activemodel-serializers-xml.git
Open

  remote: git://github.com/rails/activemodel-serializers-xml.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Insecure Source URI found: git://github.com/rails/jbuilder.git
Open

  remote: git://github.com/rails/jbuilder.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Insecure Source URI found: git://github.com/rubysherpas/paranoia.git
Open

  remote: git://github.com/rubysherpas/paranoia.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Reallocation bug can trigger heap memory corruption
Open

    yajl-ruby (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24795

Criticality: Medium

URL: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm

Solution: upgrade to >= 1.4.2

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def create
    @test_version = TestVersion.find(params[:test_version_id])
    authorize @test_version, :show?
    @user = User.find_or_invite_by({ email: params[:email] }, current_user)

Severity: Major
Found in app/controllers/user_test_versions_controller.rb and 1 other location - About 2 hrs to fix
app/controllers/user_tests_controller.rb on lines 2..19

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 83.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def create
    @test = Test.find(params[:test_id])
    authorize @test, :show?
    @user = User.find_or_invite_by({ email: params[:email] }, current_user)
    if @user.valid?
Severity: Major
Found in app/controllers/user_tests_controller.rb and 1 other location - About 2 hrs to fix
app/controllers/user_test_versions_controller.rb on lines 2..19

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 83.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method take_full_screenshot has 50 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def take_full_screenshot(driver)
      tempfiles = []
      MiniMagick.logger.level = Logger::DEBUG
      # Webdriver doesn't support full screenshot, so implement it by myself
      append_file_paths = []
Severity: Minor
Found in lib/web_driver_ext/full_screenshot.rb - About 2 hrs to fix

    Method auto_decorate has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
    Open

        def auto_decorate(*variables)
          options = variables.extract_options!
          only = options[:only]&.map(&:to_s) || []
          except = options[:except]&.map(&:to_s) || []
          define_method :render do |*args|
    Severity: Minor
    Found in app/controllers/concerns/auto_decorate.rb - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method validate_each has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
    Open

      def validate_each(record, attribute, value)
        if value.is_a?(String)
          uri = URI(value)
          # The following validation is not necessary as of Ruby 2.2.0
          raise URI::InvalidURIError, "bad URI(is not URI?): #{value}" if value.include?(' ')
    Severity: Minor
    Found in lib/validators/url_validator.rb - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method driver has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
    Open

        def driver(credential = nil)
          caps = Selenium::WebDriver::Remote::Capabilities.new
          caps['device']          = device          if device.present?
          caps['browser']         = browser         if browser.present?
          caps['browser_version'] = browser_version if browser_version.present?
    Severity: Minor
    Found in app/models/browser/browserstack.rb - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method take_full_screenshot has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
    Open

        def take_full_screenshot(driver)
          tempfiles = []
          MiniMagick.logger.level = Logger::DEBUG
          # Webdriver doesn't support full screenshot, so implement it by myself
          append_file_paths = []
    Severity: Minor
    Found in lib/web_driver_ext/full_screenshot.rb - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method execute! has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
    Open

        def execute!(_test_step_execution, driver, _variables = {})
          width = self.width
          height = self.height
    
          if width.to_s =~ /%$/ || height.to_s =~ /%$/
    Severity: Minor
    Found in app/models/test_step/resize_window.rb - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method driver has 32 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        def driver(credential = nil)
          caps = Selenium::WebDriver::Remote::Capabilities.new
          caps['device']          = device          if device.present?
          caps['browser']         = browser         if browser.present?
          caps['browser_version'] = browser_version if browser_version.present?
    Severity: Minor
    Found in app/models/browser/browserstack.rb - About 1 hr to fix
      Severity
      Category
      Status
      Source
      Language