Showing 242 of 242 total issues
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Uncontrolled Recursion in Loofah Open
loofah (2.7.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
Information Exposure with Puma when used with Rails Open
puma (5.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.10.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Similar blocks of code found in 2 locations. Consider refactoring. Open
function loadScript(src, onLoad) {
var script_tag = document.createElement('script');
script_tag.setAttribute("type", "text/javascript");
script_tag.setAttribute("src", src);
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 159.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
function loadScript(src, onLoad) {
var script_tag = document.createElement('script');
script_tag.setAttribute("type", "text/javascript");
script_tag.setAttribute("src", src);
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 159.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
File topics_controller.rb
has 418 lines of code (exceeds 250 allowed). Consider refactoring. Open
class Admin::TopicsController < Admin::BaseController
include SearchConcern
before_action :verify_agent
File app.js
has 401 lines of code (exceeds 250 allowed). Consider refactoring. Open
/*jshint multistr: true */
var Helpy = Helpy || {};
Helpy.ready = function(){
Function admin
has 132 lines of code (exceeds 25 allowed). Consider refactoring. Open
Helpy.admin = function(){
$(".alert").delay(2000).slideUp(500, function(){
$(".alert").alert('close');
});
Function initShortcuts
has 125 lines of code (exceeds 25 allowed). Consider refactoring. Open
Helpy.initShortcuts = function() {
// Keyboard Shortcut definition
// pipeline and search
Function has too many statements (52). Maximum allowed is 30. Open
Helpy.ready = function(){
- Read upRead up
- Exclude checks
enforce a maximum number of statements allowed in function blocks (max-statements)
The max-statements
rule allows you to specify the maximum number of statements allowed in a function.
function foo() {
var bar = 1; // one statement
var baz = 2; // two statements
var qux = 3; // three statements
}
Rule Details
This rule enforces a maximum number of statements allowed in function blocks.
Options
This rule has a number or object option:
-
"max"
(default10
) enforces a maximum number of statements allows in function blocks
Deprecated: The object property maximum
is deprecated; please use the object property max
instead.
This rule has an object option:
-
"ignoreTopLevelFunctions": true
ignores top-level functions
max
Examples of incorrect code for this rule with the default { "max": 10 }
option:
/*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/
function foo() {
var foo1 = 1;
var foo2 = 2;
var foo3 = 3;
var foo4 = 4;
var foo5 = 5;
var foo6 = 6;
var foo7 = 7;
var foo8 = 8;
var foo9 = 9;
var foo10 = 10;
var foo11 = 11; // Too many.
}
let foo = () => {
var foo1 = 1;
var foo2 = 2;
var foo3 = 3;
var foo4 = 4;
var foo5 = 5;
var foo6 = 6;
var foo7 = 7;
var foo8 = 8;
var foo9 = 9;
var foo10 = 10;
var foo11 = 11; // Too many.
};
Examples of correct code for this rule with the default { "max": 10 }
option:
/*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/
function foo() {
var foo1 = 1;
var foo2 = 2;
var foo3 = 3;
var foo4 = 4;
var foo5 = 5;
var foo6 = 6;
var foo7 = 7;
var foo8 = 8;
var foo9 = 9;
var foo10 = 10;
return function () {
// The number of statements in the inner function does not count toward the
// statement maximum.
return 42;
};
}
let foo = () => {
var foo1 = 1;
var foo2 = 2;
var foo3 = 3;
var foo4 = 4;
var foo5 = 5;
var foo6 = 6;
var foo7 = 7;
var foo8 = 8;
var foo9 = 9;
var foo10 = 10;
return function () {
// The number of statements in the inner function does not count toward the
// statement maximum.
return 42;
};
}
ignoreTopLevelFunctions
Examples of additional correct code for this rule with the { "max": 10 }, { "ignoreTopLevelFunctions": true }
options:
/*eslint max-statements: ["error", 10, { "ignoreTopLevelFunctions": true }]*/
function foo() {
var foo1 = 1;
var foo2 = 2;
var foo3 = 3;
var foo4 = 4;
var foo5 = 5;
var foo6 = 6;
var foo7 = 7;
var foo8 = 8;
var foo9 = 9;
var foo10 = 10;
var foo11 = 11;
}
Related Rules
- [complexity](complexity.md)
- [max-depth](max-depth.md)
- [max-len](max-len.md)
- [max-nested-callbacks](max-nested-callbacks.md)
- [max-params](max-params.md) Source: http://eslint.org/docs/rules/
File topics.rb
has 324 lines of code (exceeds 250 allowed). Consider refactoring. Open
module API
module V1
class Topics < Grape::API
before do
Method set_vars
has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring. Open
def set_vars
# Configure griddler, mailer, cloudinary, recaptcha
Griddler.configuration.email_service = AppSettings["email.mail_service"].present? ? AppSettings["email.mail_service"].to_sym : :sendgrid
ActionMailer::Base.smtp_settings = {
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Class User
has 30 methods (exceeds 20 allowed). Consider refactoring. Open
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable
devise :invitable, :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,