Sign upLogin

heavenstudio/ytsongdw

View on GitHub
Star

Showing 50 of 50 total issues

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of service via header parsing in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Use warn instead of $stderr.puts to allow such output to be disabled.
Open

  $stderr.puts e.message
Severity: Minor
Found in Rakefile by rubocop

This cop identifies places where $stderr.puts can be replaced by warn. The latter has the advantage of easily being disabled by, e.g. the -W0 interpreter flag, or setting $VERBOSE to nil.

Example:

# bad
$stderr.puts('hello')

# good
warn('hello')

Use warn instead of $stderr.puts to allow such output to be disabled.
Open

  $stderr.puts 'Run `bundle install` to install missing gems'
Severity: Minor
Found in Rakefile by rubocop

This cop identifies places where $stderr.puts can be replaced by warn. The latter has the advantage of easily being disabled by, e.g. the -W0 interpreter flag, or setting $VERBOSE to nil.

Example:

# bad
$stderr.puts('hello')

# good
warn('hello')

%w-literals should be delimited by [ and ].
Open

  gem.authors = %w(teonimesic ggouzi)
Severity: Minor
Found in Rakefile by rubocop

This cop enforces the consistent usage of %-literal delimiters.

Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.

Example:

# Style/PercentLiteralDelimiters:
#   PreferredDelimiters:
#     default: '[]'
#     '%i':    '()'

# good
%w[alpha beta] + %i(gamma delta)

# bad
%W(alpha #{beta})

# bad
%I(alpha beta)

Avoid rescuing without specifying an error class.
Open

  rescue
Severity: Minor
Found in lib/song_downloader.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Avoid rescuing without specifying an error class.
Open

  rescue
Severity: Minor
Found in lib/playlist_downloader.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Unnecessary utf-8 encoding comment.
Open

# encoding: utf-8
Severity: Minor
Found in Rakefile by rubocop

URI.encode method is obsolete and should not be used. Instead, use CGI.escape, URI.encode_www_form or URI.encode_www_form_component depending on your specific use case.
Open

    search_url = YOUTUBE_SEARCH_URL + URI.encode(name)
Severity: Minor
Found in lib/song_downloader.rb by rubocop

This cop identifies places where URI.escape can be replaced by CGI.escape, URI.encode_www_form or URI.encode_www_form_component depending on your specific use case. Also this cop identifies places where URI.unescape can be replaced by CGI.unescape, URI.decode_www_form or URI.decode_www_form_component depending on your specific use case.

Example:

# bad
URI.escape('http://example.com')
URI.encode('http://example.com')

# good
CGI.escape('http://example.com')
URI.encode_www_form([['example', 'param'], ['lang', 'en']])
URI.encode_www_form(page: 10, locale: 'en')
URI.encode_www_form_component('http://example.com')

# bad
URI.unescape(enc_uri)
URI.decode(enc_uri)

# good
CGI.unescape(enc_uri)
URI.decode_www_form(enc_uri)
URI.decode_www_form_component(enc_uri)
Severity
Category
Status
Source
Language