gitlabhq/gitlabhq

View on GitHub

Showing 2,301 of 2,301 total issues

Doorkeeper gem does not revoke token for public clients
Open

    doorkeeper (4.3.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-1000211

URL: https://blog.justinbull.ca/cve-2018-1000211-public-apps-cant-revoke-tokens-in-doorkeeper/

Solution: upgrade to >= 4.4.0, >= 5.0.0.rc2

File common_utils.js has 512 lines of code (exceeds 250 allowed). Consider refactoring.
Open

/**
 * @module common-utils
 */

import $ from 'jquery';
Severity: Major
Found in app/assets/javascripts/lib/utils/common_utils.js - About 1 day to fix

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    export default function subscriptionSelect() {
      $('.js-subscription-event').each((i, element) => {
        const fieldName = $(element).data('fieldName');
    
        return $(element).glDropdown({
    Severity: Major
    Found in app/assets/javascripts/subscription_select.js and 1 other location - About 7 hrs to fix
    app/assets/javascripts/issue_status_select.js on lines 4..26

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 194.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    export default function issueStatusSelect() {
      $('.js-issue-status').each((i, el) => {
        const fieldName = $(el).data('fieldName');
        return $(el).glDropdown({
          selectable: true,
    Severity: Major
    Found in app/assets/javascripts/issue_status_select.js and 1 other location - About 7 hrs to fix
    app/assets/javascripts/subscription_select.js on lines 4..27

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 194.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    File labels_select.js has 493 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    /* eslint-disable no-useless-return, func-names, no-underscore-dangle, no-new, consistent-return, no-shadow, no-param-reassign, no-lonely-if, no-else-return, dot-notation, no-empty */
    /* global Issuable */
    /* global ListLabel */
    
    import $ from 'jquery';
    Severity: Minor
    Found in app/assets/javascripts/labels_select.js - About 7 hrs to fix

      Class MergeRequestDiff has 54 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class MergeRequestDiff < ApplicationRecord
        include Sortable
        include Importable
        include ManualInverseAssociation
        include EachBatch
      Severity: Major
      Found in app/models/merge_request_diff.rb - About 7 hrs to fix

        Function Keyboard has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
        Open

        const Keyboard = function() {
          var currentKey;
          var currentFocus;
          var isUpArrow = false;
          var isDownArrow = false;
        Severity: Minor
        Found in app/assets/javascripts/droplab/keyboard.js - About 7 hrs to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Class Commit has 52 methods (exceeds 20 allowed). Consider refactoring.
        Open

            class Commit
              include Gitlab::EncodingHelper
              prepend Gitlab::Git::RuggedImpl::Commit
              extend Gitlab::Git::WrapsGitalyErrors
        
        
        Severity: Major
        Found in lib/gitlab/git/commit.rb - About 7 hrs to fix

          boardsStore has 51 functions (exceeds 20 allowed). Consider refactoring.
          Open

          const boardsStore = {
            disabled: false,
            timeTracking: {
              limitToHours: false,
            },
          Severity: Major
          Found in app/assets/javascripts/boards/stores/boards_store.js - About 7 hrs to fix

            Class Event has 51 methods (exceeds 20 allowed). Consider refactoring.
            Open

            class Event < ApplicationRecord
              include Sortable
              include FromUnion
              include Presentable
            
            
            Severity: Major
            Found in app/models/event.rb - About 7 hrs to fix

              File sorting_helper.rb has 462 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              module SortingHelper
                prepend_if_ee('::EE::SortingHelper') # rubocop: disable Cop/InjectEnterpriseEditionModule
              
                def sort_options_hash
                  {
              Severity: Minor
              Found in app/helpers/sorting_helper.rb - About 7 hrs to fix

                Function bindEvents has 175 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                const bindEvents = () => {
                  const $newProjectForm = $('#new_project');
                  const $projectImportUrl = $('#project_import_url');
                  const $projectPath = $('.tab-pane.active #project_path');
                  const $useTemplateBtn = $('.template-button > input');
                Severity: Major
                Found in app/assets/javascripts/projects/project_new.js - About 7 hrs to fix

                  File issuable_finder.rb has 458 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  class IssuableFinder
                    prepend FinderWithCrossProjectAccess
                    include FinderMethods
                    include CreatedAtFilter
                    include Gitlab::Utils::StrongMemoize
                  Severity: Minor
                  Found in app/finders/issuable_finder.rb - About 7 hrs to fix

                    File boards_store.js has 450 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    /* eslint-disable no-shadow */
                    /* global List */
                    
                    import $ from 'jquery';
                    import _ from 'underscore';
                    Severity: Minor
                    Found in app/assets/javascripts/boards/stores/boards_store.js - About 6 hrs to fix

                      Function types.SET_LINE_DISCUSSIONS_FOR_FILE has a Cognitive Complexity of 44 (exceeds 5 allowed). Consider refactoring.
                      Open

                        [types.SET_LINE_DISCUSSIONS_FOR_FILE](state, { discussion, diffPositionByLineCode, hash }) {
                          const { latestDiff } = state;
                      
                          const discussionLineCode = discussion.line_code;
                          const fileHash = discussion.diff_file.file_hash;
                      Severity: Minor
                      Found in app/assets/javascripts/diffs/store/mutations.js - About 6 hrs to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      File projects.rb has 444 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require_dependency 'declarative_policy'
                      
                      module API
                        class Projects < Grape::API
                          include PaginationParams
                      Severity: Minor
                      Found in lib/api/projects.rb - About 6 hrs to fix

                        Similar blocks of code found in 2 locations. Consider refactoring.
                        Open

                        export function startPollingDetails({ commit }, endpoint) {
                          detailPoll = new Poll({
                            resource: service,
                            method: 'getSentryData',
                            data: { endpoint },
                        app/assets/javascripts/error_tracking/store/details/actions.js on lines 39..61

                        Duplicated Code

                        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                        Tuning

                        This issue has a mass of 167.

                        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                        Refactorings

                        Further Reading

                        Similar blocks of code found in 2 locations. Consider refactoring.
                        Open

                        export function startPollingStacktrace({ commit }, endpoint) {
                          stackTracePoll = new Poll({
                            resource: service,
                            method: 'getSentryData',
                            data: { endpoint },
                        app/assets/javascripts/error_tracking/store/details/actions.js on lines 14..37

                        Duplicated Code

                        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                        Tuning

                        This issue has a mass of 167.

                        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                        Refactorings

                        Further Reading

                        Method each_pair has a Cognitive Complexity of 43 (exceeds 5 allowed). Consider refactoring.
                        Open

                                def each_pair
                                  state = :key
                                  key = StringIO.new
                                  value = StringIO.new
                                  hex_buffer = ""
                        Severity: Minor
                        Found in lib/gitlab/auth/ldap/dn.rb - About 6 hrs to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Class Namespace has 47 methods (exceeds 20 allowed). Consider refactoring.
                        Open

                        class Namespace < ApplicationRecord
                          include CacheMarkdownField
                          include Sortable
                          include Gitlab::VisibilityLevel
                          include Routable
                        Severity: Minor
                        Found in app/models/namespace.rb - About 6 hrs to fix
                          Severity
                          Category
                          Status
                          Source
                          Language