Showing 4,497 of 4,497 total issues
Assignment Branch Condition size for edit is too high. [73.39/15] Open
def edit(_count)
html = '<tr>'
html += '<td align="center"><a rel="nofollow" data-method="delete" href="/questions/' + id.to_s + '">Remove</a></td>'
html += '<td><input size="6" value="' + seq.to_s + '" name="question[' + id.to_s + '][seq]" id="question_' + id.to_s
html += '_seq" type="text"></td><td><textarea cols="50" rows="1" name="question[' + id.to_s + '][txt]" id="question_' + id.to_s
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for calculate_score is too high. [73.11/15] Open
def calculate_score(map, response)
questionnaire = Questionnaire.find(map.reviewed_object_id)
scores = []
valid = true
questions = Question.where(questionnaire_id: questionnaire.id)
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Block has too many lines. [122/25] Open
describe '#course_student_grade_summary' do
context 'when course does not have participants' do
before(:each) do
request.env['HTTP_REFERER'] = REDIRECT_PATH
get 'course_student_grade_summary'
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Class has too many lines. [101/100] Open
class CollusionCycle
# Cycle data structure
# Each edge of the cycle stores a participant and the score given by to the participant by the reviewer.
# Consider a 3 node cycle: A --> B --> C --> A (A reviewed B; B reviewed C and C reviewed A)
# For the above cycle, the data structure would be: [[A, SCA], [B, SAB], [C, SCB]], where SCA is the score given by C to A.
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Potential remote code execution in ruby-git Open
git (1.12.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-46648
Criticality: Medium
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Possible XSS vulnerability in ActionView Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.18.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
protobuf-java has a potential Denial of Service issue Open
google-protobuf (3.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-3171
Criticality: Medium
URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
Solution: upgrade to ~> 3.16.3, ~> 3.19.6, ~> 3.20.3, >= 3.21.7
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
CSRF Vulnerability in rails-ujs Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Unsafe objects can be loaded from Redis Open
redis-store (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-1000248
Criticality: Critical
URL: https://github.com/redis-store/redis-store/commit/ce13252c26fcc40ed4935c9abfeb0ee0761e5704
Solution: upgrade to >= 1.4.0
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Uncontrolled Recursion in Loofah Open
loofah (2.18.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1