gitlabhq/gitlabhq

View on GitHub

Showing 2,852 of 2,852 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/pull/809

Solution: remove or disable this gem until a patch is available!

Class Project has 289 methods (exceeds 20 allowed). Consider refactoring.
Open

class Project < ApplicationRecord
  extend ::Gitlab::Utils::Override
  include Gitlab::ConfigHelper
  include Gitlab::VisibilityLevel
  include AccessRequestable
Severity: Major
Found in app/models/project.rb - About 5 days to fix

    File project.rb has 1903 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'carrierwave/orm/activerecord'
    
    class Project < ApplicationRecord
      extend ::Gitlab::Utils::Override
      include Gitlab::ConfigHelper
    Severity: Major
    Found in app/models/project.rb - About 5 days to fix

      Class User has 207 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class User < ApplicationRecord
        extend Gitlab::ConfigHelper
      
        include Gitlab::ConfigHelper
        include Gitlab::SQL::Pattern
      Severity: Major
      Found in app/models/user.rb - About 4 days to fix

        Class MergeRequest has 180 methods (exceeds 20 allowed). Consider refactoring.
        Open

        class MergeRequest < ApplicationRecord
          include AtomicInternalId
          include IidRoutes
          include Issuable
          include Noteable
        Severity: Major
        Found in app/models/merge_request.rb - About 3 days to fix

          File notes.js has 1309 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          /* eslint-disable no-restricted-properties, babel/camelcase,
          no-unused-expressions, default-case,
          consistent-return, no-alert, no-param-reassign,
          no-shadow, no-useless-escape,
          class-methods-use-this */
          Severity: Major
          Found in app/assets/javascripts/notes.js - About 3 days to fix

            File user.rb has 1292 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'carrierwave/orm/activerecord'
            
            class User < ApplicationRecord
              extend Gitlab::ConfigHelper
            
            
            Severity: Major
            Found in app/models/user.rb - About 3 days to fix

              File merge_request.rb has 1179 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              class MergeRequest < ApplicationRecord
                include AtomicInternalId
                include IidRoutes
                include Issuable
                include Noteable
              Severity: Major
              Found in app/models/merge_request.rb - About 3 days to fix

                Method services has 587 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                      def self.services
                        {
                          'alerts' => [],
                          'asana' => [
                            {
                Severity: Major
                Found in lib/api/helpers/services_helpers.rb - About 2 days to fix

                  Class Repository has 143 methods (exceeds 20 allowed). Consider refactoring.
                  Open

                  class Repository
                    REF_MERGE_REQUEST = 'merge-requests'
                    REF_KEEP_AROUND = 'keep-around'
                    REF_ENVIRONMENTS = 'environments'
                    REF_PIPELINES = 'pipelines'
                  Severity: Major
                  Found in app/models/repository.rb - About 2 days to fix

                    File solarized_dark.js has 1083 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    /*
                    
                    https://github.com/brijeshb42/monaco-themes/blob/master/themes/Solarized-dark.json
                    
                    The MIT License (MIT)
                    Severity: Major
                    Found in app/assets/javascripts/ide/lib/themes/solarized_dark.js - About 2 days to fix

                      File solarized_light.js has 1074 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      /*
                      
                      https://github.com/brijeshb42/monaco-themes/blob/master/themes/Solarized-dark.json
                      
                      The MIT License (MIT)
                      Severity: Major
                      Found in app/assets/javascripts/ide/lib/themes/solarized_light.js - About 2 days to fix

                        Class Repository has 127 methods (exceeds 20 allowed). Consider refactoring.
                        Open

                            class Repository
                              include Gitlab::Git::RepositoryMirroring
                              include Gitlab::Git::WrapsGitalyErrors
                              include Gitlab::EncodingHelper
                              include Gitlab::Utils::StrongMemoize
                        Severity: Major
                        Found in lib/gitlab/git/repository.rb - About 2 days to fix

                          Class Build has 121 methods (exceeds 20 allowed). Consider refactoring.
                          Open

                            class Build < Ci::Processable
                              include Ci::Metadatable
                              include Ci::Contextable
                              include TokenAuthenticatable
                              include AfterCommitQueue
                          Severity: Major
                          Found in app/models/ci/build.rb - About 2 days to fix

                            Class Pipeline has 112 methods (exceeds 20 allowed). Consider refactoring.
                            Open

                              class Pipeline < ApplicationRecord
                                extend Gitlab::Ci::Model
                                include Ci::HasStatus
                                include Importable
                                include AfterCommitQueue
                            Severity: Major
                            Found in app/models/ci/pipeline.rb - About 2 days to fix

                              File repository.rb has 861 lines of code (exceeds 250 allowed). Consider refactoring.
                              Open

                              require 'securerandom'
                              
                              class Repository
                                REF_MERGE_REQUEST = 'merge-requests'
                                REF_KEEP_AROUND = 'keep-around'
                              Severity: Major
                              Found in app/models/repository.rb - About 2 days to fix

                                Identical blocks of code found in 2 locations. Consider refactoring.
                                Open

                                const addNewDesignToStore = (store, designManagementUpload, query) => {
                                  const data = store.readQuery(query);
                                
                                  const newDesigns = data.project.issue.designCollection.designs.edges.reduce((acc, design) => {
                                    if (!acc.find(d => d.filename === design.node.filename)) {
                                app/assets/javascripts/design_management/utils/cache_update.js on lines 166..214

                                Duplicated Code

                                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                                Tuning

                                This issue has a mass of 360.

                                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                                Refactorings

                                Further Reading

                                Identical blocks of code found in 2 locations. Consider refactoring.
                                Open

                                const addNewDesignToStore = (store, designManagementUpload, query) => {
                                  const data = store.readQuery(query);
                                
                                  const newDesigns = data.project.issue.designCollection.designs.edges.reduce((acc, design) => {
                                    if (!acc.find(d => d.filename === design.node.filename)) {
                                Severity: Major
                                Found in app/assets/javascripts/design_management/utils/cache_update.js and 1 other location - About 2 days to fix
                                app/assets/javascripts/design_management_new/utils/cache_update.js on lines 166..214

                                Duplicated Code

                                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                                Tuning

                                This issue has a mass of 360.

                                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                                Refactorings

                                Further Reading

                                Identical blocks of code found in 2 locations. Consider refactoring.
                                Open

                                const addImageDiffNoteToStore = (store, createImageDiffNote, query, variables) => {
                                  const data = store.readQuery({
                                    query,
                                    variables,
                                  });
                                app/assets/javascripts/design_management_new/utils/cache_update.js on lines 89..137

                                Duplicated Code

                                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                                Tuning

                                This issue has a mass of 351.

                                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                                Refactorings

                                Further Reading

                                Identical blocks of code found in 2 locations. Consider refactoring.
                                Open

                                const addImageDiffNoteToStore = (store, createImageDiffNote, query, variables) => {
                                  const data = store.readQuery({
                                    query,
                                    variables,
                                  });
                                app/assets/javascripts/design_management/utils/cache_update.js on lines 89..137

                                Duplicated Code

                                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                                Tuning

                                This issue has a mass of 351.

                                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                                Refactorings

                                Further Reading

                                Severity
                                Category
                                Status
                                Source
                                Language