fga-gpp-mds/2017.1-Escola-X

Paperclip Gem for Ruby contains a flaw

Open

    paperclip (3.5.4)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Information Exposure with Puma when used with Rails

Open

    puma (3.9.1)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Keepalive Connections Causing Denial Of Service in puma

Open

    puma (3.9.1)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.

Open

    paperclip (3.5.4)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Open

    puma (3.9.1)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

ReDoS based DoS vulnerability in GlobalID

Open

    globalid (0.4.0)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Server-side request forgery in CarrierWave

Open

    carrierwave (0.10.0)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Paperclip Gem for Ruby vulnerable to content type spoofing

Open

    paperclip (3.5.4)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Code Injection vulnerability in CarrierWave::RMagick

Open

    carrierwave (0.10.0)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

HTTP Request Smuggling in puma

Open

    puma (3.9.1)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

File escolaX.rb has 689 lines of code (exceeds 250 allowed). Consider refactoring.

Open

require 'selenium-webdriver'
 
driver = Selenium::WebDriver.for :chrome
 
@selenium

Class has too many lines. [140/100]

Open

 class AlumnsController < ApplicationController
  include SessionsHelper
 
  def index
    if ( is_parent? )

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Class has too many lines. [120/100]

Open

class SubjectsController < ApplicationController
    include SessionsHelper
 
  def index
      if ( is_principal? or is_teacher? )

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Class has too many lines. [118/100]

Open

class ClassroomsController < ApplicationController
  include SessionsHelper
 
  def index
    if ( is_principal? or is_secretary? )

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Module has too many lines. [111/100]

Open

module SessionsHelper
  def current_user
    if ( !@current_user.nil? )
      @current_user = @current_user
    else

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Class has too many lines. [110/100]

Open

class ParentsController < ApplicationController
  include SessionsHelper
 
  def index
    if ( is_employee? )

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

Class has too many lines. [107/100]

Open

class TeachersController < ApplicationController
 
  include SessionsHelper
 
  def index

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

ReDoS based DoS vulnerability in Active Support’s underscore

Open

    activesupport (5.0.3)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

XSS vulnerability via data-target in bootstrap-sass

Open

    bootstrap-sass (3.3.7)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check

HTTP Response Splitting vulnerability in puma

Open

    puma (3.9.1)

• Read up
  Read up
• Exclude checks
  • Disable engine
  • Disable check