Sign upLogin

flant/superhosting

View on GitHub
Star

Showing 153 of 153 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.7.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.7.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Race condition when using persistent connections
Open

    excon (0.54.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16779

Criticality: Medium

URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9

Solution: upgrade to >= 0.71.0

Improper handling of double quotes in file name in Diffy in Windows environment
Open

    diffy (3.1.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-33127

Criticality: Critical

URL: https://github.com/samg/diffy/commit/478f392082b66d38f54a02b4bb9c41be32fd6593

Solution: upgrade to >= 3.4.1

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Method install_users has a Cognitive Complexity of 25 (exceeds 5 allowed). Consider refactoring.
Open

      def install_users(name:)
        if (resp = existing_validation(name: name)).net_status_ok?
          mapper = index[name].inheritance_mapper

          # user / group
Severity: Minor
Found in lib/superhosting/controller/container/states.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method inheritors_tree has a Cognitive Complexity of 21 (exceeds 5 allowed). Consider refactoring.
Open

      def inheritors_tree(mapper, mux: false)
        tree = {}
        type = mux ? 'mux' : 'model'
        m_key = mapper.name
        tree[m_key] ||= {}
Severity: Minor
Found in lib/superhosting/mapper_inheritance/base.rb - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method _add_custom has a Cognitive Complexity of 17 (exceeds 5 allowed). Consider refactoring.
Open

      def _add_custom(name:, group:, shell: '/usr/sbin/nologin', home_dir: "/web/#{group}", uid: nil)
        debug_operation(desc: { code: :user, data: { name: name } }) do |&blk|
          if _get(name: name)
            blk.call(code: :ok)
            {}
Severity: Minor
Found in lib/superhosting/controller/user/user.rb - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Controller
    class Mysql
      class Db
        NAME_FORMAT = /^[a-zA-Z0-9._-]{1,64}$/
Severity: Major
Found in lib/superhosting/controller/mysql/db/validation.rb and 1 other location - About 2 hrs to fix
lib/superhosting/controller/mysql/user/validation.rb on lines 2..23

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 78.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Controller
    class Mysql
      class User
        NAME_FORMAT = /^[a-zA-Z0-9._-]{1,15}$/
Severity: Major
Found in lib/superhosting/controller/mysql/user/validation.rb and 1 other location - About 2 hrs to fix
lib/superhosting/controller/mysql/db/validation.rb on lines 2..23

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 78.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method _del has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring.
Open

      def _del(name:, group:)
        debug_operation(desc: { code: :user, data: { name: name } }) do |&blk|
          with_dry_run do |dry_run|
            resp = {}
            with_adding_group = _group_get_users(name: group).one? ? true : false
Severity: Minor
Found in lib/superhosting/controller/user/user.rb - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method add has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring.
Open

      def add(name:, container_name:, ftp_dir: nil, ftp_only: false, generate: false)
        return { error: :logical_error, code: :option_ftp_only_is_required } if ftp_dir && !ftp_only

        web_mapper = PathMapper.new("/web/#{container_name}")
        home_dir = ftp_dir.nil? ? web_mapper.path : web_mapper.f(ftp_dir).path
Severity: Minor
Found in lib/superhosting/controller/user.rb - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method _safe_run_docker has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
Open

      def _safe_run_docker(*docker_options, name:, restart: false)
        if restart
          _recreate_docker(*docker_options, name: name)
        elsif @docker_api.container_running?(name)
        elsif @docker_api.container_exists?(name)
Severity: Minor
Found in lib/superhosting/controller/container/docker.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method has too many lines. [40/38]
Open

      def install_users(name:)
        if (resp = existing_validation(name: name)).net_status_ok?
          mapper = index[name].inheritance_mapper

          # user / group
Severity: Minor
Found in lib/superhosting/controller/container/states.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        def _delete(name:)
          container_name, _db_name = @mysql_controller.alternative_name(name: name)
          index[name].each {|user_name| @mysql_controller._revoke(user_name: user_name, database_name: name) }

          debug_operation(desc: { code: :mysql_database, data: { name: name } }) do |&blk|
Severity: Major
Found in lib/superhosting/controller/mysql/db.rb and 1 other location - About 1 hr to fix
lib/superhosting/controller/mysql/user.rb on lines 76..91

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 69.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        def _delete(name:)
          container_name, _user_name = @mysql_controller.alternative_name(name: name)
          index[name].each { |db_name| @mysql_controller._revoke(user_name: name, database_name: db_name) }

          debug_operation(desc: { code: :mysql_user, data: { name: name } }) do |&blk|
Severity: Major
Found in lib/superhosting/controller/mysql/user.rb and 1 other location - About 1 hr to fix
lib/superhosting/controller/mysql/db.rb on lines 101..116

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 69.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method reindex_container has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
Open

        def reindex_container(container_name:)
          self.class.index ||= {}
          self.class.grant_index ||= {}
          container_users(container_name: container_name).each { |k, _v| self.class.index.delete(k) }
          container_grants(container_name: container_name).each { |k, _v| self.class.index.delete(k) }
Severity: Minor
Found in lib/superhosting/controller/mysql/user/index.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language