Sign upLogin

helpyio/helpy

View on GitHub
Star

Showing 242 of 242 total issues

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Uncontrolled Recursion in Loofah
Open

    loofah (2.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Information Exposure with Puma when used with Rails
Open

    puma (5.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    function loadScript(src, onLoad) {
        var script_tag = document.createElement('script');
        script_tag.setAttribute("type", "text/javascript");
        script_tag.setAttribute("src", src);
Severity: Major
Found in app/assets/javascripts/widget.v2.js and 1 other location - About 6 hrs to fix
app/assets/javascripts/widget.v1.js on lines 25..40

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 159.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    function loadScript(src, onLoad) {
        var script_tag = document.createElement('script');
        script_tag.setAttribute("type", "text/javascript");
        script_tag.setAttribute("src", src);
Severity: Major
Found in app/assets/javascripts/widget.v1.js and 1 other location - About 6 hrs to fix
app/assets/javascripts/widget.v2.js on lines 25..40

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 159.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

File topics_controller.rb has 418 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class Admin::TopicsController < Admin::BaseController

  include SearchConcern

  before_action :verify_agent
Severity: Minor
Found in app/controllers/admin/topics_controller.rb - About 6 hrs to fix

    File app.js has 401 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    /*jshint multistr: true */

var Helpy = Helpy || {};

Helpy.ready = function(){
    Severity: Minor
    Found in app/assets/javascripts/app.js - About 5 hrs to fix

      Function admin has 132 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

      Helpy.admin = function(){

  $(".alert").delay(2000).slideUp(500, function(){
      $(".alert").alert('close');
  });
      Severity: Major
      Found in app/assets/javascripts/admin.js - About 5 hrs to fix

        Function initShortcuts has 125 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

        Helpy.initShortcuts = function() {

  // Keyboard Shortcut definition

  // pipeline and search
        Severity: Major
        Found in app/assets/javascripts/shortcuts.js - About 5 hrs to fix

          Function has too many statements (52). Maximum allowed is 30.
          Open

          Helpy.ready = function(){
          Severity: Minor
          Found in app/assets/javascripts/app.js by eslint

          enforce a maximum number of statements allowed in function blocks (max-statements)

          The max-statements rule allows you to specify the maximum number of statements allowed in a function.

          function foo() {
  var bar = 1; // one statement
  var baz = 2; // two statements
  var qux = 3; // three statements
}

          Rule Details

          This rule enforces a maximum number of statements allowed in function blocks.

          Options

          This rule has a number or object option:

          • "max" (default 10) enforces a maximum number of statements allows in function blocks

          Deprecated: The object property maximum is deprecated; please use the object property max instead.

          This rule has an object option:

          • "ignoreTopLevelFunctions": true ignores top-level functions

          max

          Examples of incorrect code for this rule with the default { "max": 10 } option:

          /*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;

  var foo11 = 11; // Too many.
}

let foo = () => {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;

  var foo11 = 11; // Too many.
};

          Examples of correct code for this rule with the default { "max": 10 } option:

          /*eslint max-statements: ["error", 10]*/
/*eslint-env es6*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  return function () {

    // The number of statements in the inner function does not count toward the
    // statement maximum.

    return 42;
  };
}

let foo = () => {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  return function () {

    // The number of statements in the inner function does not count toward the
    // statement maximum.

    return 42;
  };
}

          ignoreTopLevelFunctions

          Examples of additional correct code for this rule with the { "max": 10 }, { "ignoreTopLevelFunctions": true } options:

          /*eslint max-statements: ["error", 10, { "ignoreTopLevelFunctions": true }]*/

function foo() {
  var foo1 = 1;
  var foo2 = 2;
  var foo3 = 3;
  var foo4 = 4;
  var foo5 = 5;
  var foo6 = 6;
  var foo7 = 7;
  var foo8 = 8;
  var foo9 = 9;
  var foo10 = 10;
  var foo11 = 11;
}

          Related Rules

          • [complexity](complexity.md)
          • [max-depth](max-depth.md)
          • [max-len](max-len.md)
          • [max-nested-callbacks](max-nested-callbacks.md)
          • [max-params](max-params.md) Source: http://eslint.org/docs/rules/

          File topics.rb has 324 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module API
  module V1
    class Topics < Grape::API

      before do
          Severity: Minor
          Found in app/controllers/api/v1/topics.rb - About 3 hrs to fix

            Method set_vars has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
            Open

              def set_vars
    # Configure griddler, mailer, cloudinary, recaptcha
    Griddler.configuration.email_service = AppSettings["email.mail_service"].present? ? AppSettings["email.mail_service"].to_sym : :sendgrid

    ActionMailer::Base.smtp_settings = {
            Severity: Minor
            Found in app/controllers/application_controller.rb - About 3 hrs to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Class User has 30 methods (exceeds 20 allowed). Consider refactoring.
            Open

            class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable
  devise :invitable, :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
            Severity: Minor
            Found in app/models/user.rb - About 3 hrs to fix
              Severity
              Category
              Status
              Source
              Language