Sign upLogin

expressly/expressly-plugin-sdk-ruby-core

View on GitHub
Star

Showing 25 of 25 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

RDoc OS command injection vulnerability
Open

    rdoc (3.12.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

OS Command Injection in Rake
Open

    rake (10.4.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Insecure Source URI found: http://rubygems.org/
Open

  remote: http://rubygems.org/
Severity: Minor
Found in Gemfile.lock by bundler-audit

File domain.rb has 407 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Expressly
  class CustomerImport
    attr_accessor :metadata, :primary_email, :customer, :cart
    def initialize(attribute_value_map = {})
      attribute_value_map.map { |(k, v)| public_send("#{k}=", v) }
Severity: Minor
Found in lib/expressly/domain.rb - About 5 hrs to fix

    Method execute has 26 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        def execute(method_uri, http_verb, body = nil, limit = 4)
      raise 'too many HTTP redirects' if limit == 0

      uri = URI.parse("#{@endpoint}#{method_uri}")
      http = Net::HTTP.new(uri.host, uri.port)
    Severity: Minor
    Found in lib/expressly/api.rb - About 1 hr to fix

      ruby-ffi DDL loading issue on Windows OS
      Open

          ffi (1.9.3)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2018-1000201

      Criticality: High

      URL: https://github.com/ffi/ffi/releases/tag/1.9.24

      Solution: upgrade to >= 1.9.24

      ruby-ffi DDL loading issue on Windows OS
      Open

          ffi (1.9.3)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2018-1000201

      Criticality: High

      URL: https://github.com/ffi/ffi/releases/tag/1.9.24

      Solution: upgrade to >= 1.9.24

      Method execute has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
      Open

          def execute(method_uri, http_verb, body = nil, limit = 4)
      raise 'too many HTTP redirects' if limit == 0

      uri = URI.parse("#{@endpoint}#{method_uri}")
      http = Net::HTTP.new(uri.host, uri.port)
      Severity: Minor
      Found in lib/expressly/api.rb - About 45 mins to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
      Open

          def initialize(api_key, merchant_plugin_provider, merchant_plugin_endpoint, merchant_metadata = {}, expressly_endpoint = 'https://prod.expresslyapp.com/api')
      Severity: Minor
      Found in lib/expressly.rb - About 35 mins to fix

        (...) interpreted as grouped expression.
        Open

              raise (if is_json && !body['id'].nil? then ExpresslyError.new(body) else HttpError.new(response) end)
        Severity: Minor
        Found in lib/expressly/api.rb by rubocop

        Checks for space between the name of a called method and a left parenthesis.

        Example:

        # bad

puts (x + y)

        Example:

        # good

puts(x + y)

        Method Expressly::Phone#type= is defined at both lib/expressly/domain.rb:216 and lib/expressly/domain.rb:222.
        Open

            def type=(type)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end

        Method Expressly::Phone#country_code= is defined at both lib/expressly/domain.rb:216 and lib/expressly/domain.rb:227.
        Open

            def country_code=(country_code)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end

        Put one space between the method name and the first argument.
        Open

            attr_accessor  :email, :alias
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        Checks that exactly one space is used between a method name and the first argument for method calls without parentheses.

        Alternatively, extra spaces can be added to align the argument with something on a preceding or following line, if the AllowForAlignment config parameter is true.

        Example:

        # bad
something  x
something   y, z
something'hello'

# good
something x
something y, z
something 'hello'

        Method Expressly::CustomerOrder#order_date= is defined at both lib/expressly/domain.rb:458 and lib/expressly/domain.rb:463.
        Open

            def order_date=(order_date)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end

        Method Expressly::Address#phone_index= is defined at both lib/expressly/domain.rb:153 and lib/expressly/domain.rb:160.
        Open

            def phone_index=(phone_index)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end

        Method Expressly::Customer#gender= is defined at both lib/expressly/domain.rb:66 and lib/expressly/domain.rb:75.
        Open

            def gender=(gender)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end

        Put one space between the method name and the first argument.
        Open

            attr_accessor  :type, :number, :country_code
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        Checks that exactly one space is used between a method name and the first argument for method calls without parentheses.

        Alternatively, extra spaces can be added to align the argument with something on a preceding or following line, if the AllowForAlignment config parameter is true.

        Example:

        # bad
something  x
something   y, z
something'hello'

# good
something x
something y, z
something 'hello'

        Put one space between the method name and the first argument.
        Open

            attr_accessor   :id, :code, :description, :causes, :actions
        Severity: Minor
        Found in lib/expressly/api.rb by rubocop

        Checks that exactly one space is used between a method name and the first argument for method calls without parentheses.

        Alternatively, extra spaces can be added to align the argument with something on a preceding or following line, if the AllowForAlignment config parameter is true.

        Example:

        # bad
something  x
something   y, z
something'hello'

# good
something x
something y, z
something 'hello'

        Method Expressly::Customer#date_of_birth= is defined at both lib/expressly/domain.rb:66 and lib/expressly/domain.rb:80.
        Open

            def date_of_birth=(date_of_birth)
        Severity: Minor
        Found in lib/expressly/domain.rb by rubocop

        This cop checks for duplicated instance (or singleton) method definitions.

        Example:

        # bad

def duplicated
  1
end

def duplicated
  2
end

        Example:

        # bad

def duplicated
  1
end

alias duplicated other_duplicated

        Example:

        # good

def duplicated
  1
end

def other_duplicated
  2
end
        Severity
        Category
        Status
        Source
        Language