Sign upLogin

hrzlvn/coursequestionbank

View on GitHub
Star

Showing 53 of 53 total issues

Similar blocks of code found in 5 locations. Consider refactoring.
Open

        $.ajax({
          url: $(this).attr('action'),
          type: 'PUT',
          data: $(this).serialize()
        });
Severity: Major
Found in app/assets/javascripts/changeBloom.js and 4 other locations - About 45 mins to fix
app/assets/javascripts/SetObsolete.js on lines 4..8
app/assets/javascripts/changeCollection.js on lines 6..10
app/assets/javascripts/changePrivacy.js on lines 18..22
app/assets/javascripts/removeTag.js on lines 5..9

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 50.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

        $.ajax({
          url: $(this).attr('action'),
          type: 'PUT',
          data: $(this).serialize()
        });
Severity: Major
Found in app/assets/javascripts/changeCollection.js and 4 other locations - About 45 mins to fix
app/assets/javascripts/SetObsolete.js on lines 4..8
app/assets/javascripts/changeBloom.js on lines 7..11
app/assets/javascripts/changePrivacy.js on lines 18..22
app/assets/javascripts/removeTag.js on lines 5..9

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 50.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

            $.ajax({
                url: $(this).attr('action'),
                type: 'PUT',
                data: $(this).serialize()
            });
Severity: Major
Found in app/assets/javascripts/SetObsolete.js and 4 other locations - About 45 mins to fix
app/assets/javascripts/changeBloom.js on lines 7..11
app/assets/javascripts/changeCollection.js on lines 6..10
app/assets/javascripts/changePrivacy.js on lines 18..22
app/assets/javascripts/removeTag.js on lines 5..9

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 50.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        LoginButton.click(function() {
            BackButton.show();
            LoginButton.hide();
            IdentityPanel.show();
            return false;
Severity: Minor
Found in app/assets/javascripts/application.js and 1 other location - About 40 mins to fix
app/assets/javascripts/application.js on lines 69..74

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 49.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        BackButton.click(function() {
            BackButton.hide();
            LoginButton.show();
            IdentityPanel.hide();
            return false;
Severity: Minor
Found in app/assets/javascripts/application.js and 1 other location - About 40 mins to fix
app/assets/javascripts/application.js on lines 62..67

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 49.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method create has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def create

    # new answer

    # debugger
Severity: Minor
Found in app/controllers/studentanswers_controller.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method export has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def export(format)
    if problems.empty?
      return nil
    else
      if format == 'ruql'
Severity: Minor
Found in app/models/collection.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Rails 3.2.16 has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails version 3.2.17
Open

    rails (3.2.16)
Severity: Critical
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

Rails 3.2.16 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to 3.2.18
Open

Coursequestionbank::Application.routes.draw do
Severity: Minor
Found in config/routes.rb by brakeman

Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.

The obvious form of this is the use of eval with user input.

However, Brakeman also reports on dangerous uses of send, constantize, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.

Rails 3.2.16 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 3.2.22.4
Open

    rails (3.2.16)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ

Rails 3.2.16 contains a SQL injection vulnerability (CVE-2014-3483). Upgrade to 3.2.19
Open

    rails (3.2.16)
Severity: Critical
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

Rails 3.2.16 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails version 3.2.22.1
Open

    rails (3.2.16)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ

Rails 3.2.16 contains a SQL injection vulnerability (CVE-2014-3482). Upgrade to 3.2.19
Open

    rails (3.2.16)
Severity: Critical
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

Unescaped model attribute rendered inline
Open

    render :text => ruql_code
Severity: Minor
Found in app/controllers/collections_controller.rb by brakeman

Read more: https://brakemanscanner.org/docs/warning_types/cross-site_scripting/

Rails 3.2.16 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails version 3.2.22
Open

    rails (3.2.16)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

Potentially dangerous attribute available for mass assignment
Open

class Studentanswer < ActiveRecord::Base
Severity: Minor
Found in app/models/studentanswer.rb by brakeman

Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.

Example:

User.new(params[:user])

Unfortunately, if there is a user field called admin which controls administrator access, now any user can make themselves an administrator.

attr_accessible and attr_protected can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible is used, or mass assignment is completely disabled.

There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like

Unprotected mass assignment near line 61: User.new(params[:user])

The other warning is raised whenever a model is found which does not use attr_accessible. This produces generic warnings like

Mass assignment is not restricted using attr_accessible

with a list of affected models.

In Rails 3.1 and newer, mass assignment can easily be disabled:

config.active_record.whitelist_attributes = true

Unfortunately, it can also easily be bypassed:

User.new(params[:user], :without_protection => true)

Brakeman will warn on uses of without_protection.

Rails 3.2.16 has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails version 3.2.17
Open

    rails (3.2.16)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

Unused block argument - task. If it's necessary, use _ or _task as an argument name to indicate that it won't be used.
Open

  task :add_instructor, [:username] => :environment do |task,args|
Severity: Minor
Found in lib/tasks/setup.rake by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Missing radix parameter.
Open

       wrong_cnt = parseInt($(this).find(".allAttemptsWrongAmount").text().trim());
Severity: Minor
Found in app/assets/javascripts/charts.js by eslint

Require Radix Parameter (radix)

When using the parseInt() function it is common to omit the second argument, the radix, and let the function try to determine from the first argument what type of number it is. By default, parseInt() will autodetect decimal and hexadecimal (via 0x prefix). Prior to ECMAScript 5, parseInt() also autodetected octal literals, which caused problems because many developers assumed a leading 0 would be ignored.

This confusion led to the suggestion that you always use the radix parameter to parseInt() to eliminate unintended consequences. So instead of doing this:

var num = parseInt("071");      // 57

Do this:

var num = parseInt("071", 10);  // 71

ECMAScript 5 changed the behavior of parseInt() so that it no longer autodetects octal literals and instead treats them as decimal literals. However, the differences between hexadecimal and decimal interpretation of the first parameter causes many developers to continue using the radix parameter to ensure the string is interpreted in the intended way.

On the other hand, if the code is targeting only ES5-compliant environments passing the radix 10 may be redundant. In such a case you might want to disallow using such a radix.

Rule Details

This rule is aimed at preventing the unintended conversion of a string to a number of a different base than intended or at preventing the redundant 10 radix if targeting modern environments only.

Options

There are two options for this rule:

  • "always" enforces providing a radix (default)
  • "as-needed" disallows providing the 10 radix

always

Examples of incorrect code for the default "always" option:

/*eslint radix: "error"*/

var num = parseInt("071");

var num = parseInt(someValue);

var num = parseInt("071", "abc");

var num = parseInt();

Examples of correct code for the default "always" option:

/*eslint radix: "error"*/

var num = parseInt("071", 10);

var num = parseInt("071", 8);

var num = parseFloat(someValue);

as-needed

Examples of incorrect code for the "as-needed" option:

/*eslint radix: ["error", "as-needed"]*/

var num = parseInt("071", 10);

var num = parseInt("071", "abc");

var num = parseInt();

Examples of correct code for the "as-needed" option:

/*eslint radix: ["error", "as-needed"]*/

var num = parseInt("071");

var num = parseInt("071", 8);

var num = parseFloat(someValue);

When Not To Use It

If you don't want to enforce either presence or omission of the 10 radix value you can turn this rule off.

Further Reading

Missing radix parameter.
Open

       first_success = parseInt($(this).find(".first_success_rate").text().trim());
Severity: Minor
Found in app/assets/javascripts/charts.js by eslint

Require Radix Parameter (radix)

When using the parseInt() function it is common to omit the second argument, the radix, and let the function try to determine from the first argument what type of number it is. By default, parseInt() will autodetect decimal and hexadecimal (via 0x prefix). Prior to ECMAScript 5, parseInt() also autodetected octal literals, which caused problems because many developers assumed a leading 0 would be ignored.

This confusion led to the suggestion that you always use the radix parameter to parseInt() to eliminate unintended consequences. So instead of doing this:

var num = parseInt("071");      // 57

Do this:

var num = parseInt("071", 10);  // 71

ECMAScript 5 changed the behavior of parseInt() so that it no longer autodetects octal literals and instead treats them as decimal literals. However, the differences between hexadecimal and decimal interpretation of the first parameter causes many developers to continue using the radix parameter to ensure the string is interpreted in the intended way.

On the other hand, if the code is targeting only ES5-compliant environments passing the radix 10 may be redundant. In such a case you might want to disallow using such a radix.

Rule Details

This rule is aimed at preventing the unintended conversion of a string to a number of a different base than intended or at preventing the redundant 10 radix if targeting modern environments only.

Options

There are two options for this rule:

  • "always" enforces providing a radix (default)
  • "as-needed" disallows providing the 10 radix

always

Examples of incorrect code for the default "always" option:

/*eslint radix: "error"*/

var num = parseInt("071");

var num = parseInt(someValue);

var num = parseInt("071", "abc");

var num = parseInt();

Examples of correct code for the default "always" option:

/*eslint radix: "error"*/

var num = parseInt("071", 10);

var num = parseInt("071", 8);

var num = parseFloat(someValue);

as-needed

Examples of incorrect code for the "as-needed" option:

/*eslint radix: ["error", "as-needed"]*/

var num = parseInt("071", 10);

var num = parseInt("071", "abc");

var num = parseInt();

Examples of correct code for the "as-needed" option:

/*eslint radix: ["error", "as-needed"]*/

var num = parseInt("071");

var num = parseInt("071", 8);

var num = parseFloat(someValue);

When Not To Use It

If you don't want to enforce either presence or omission of the 10 radix value you can turn this rule off.

Further Reading

Severity
Category
Status
Source
Language