Sign upLogin

ikuseiGmbH/smart-village-app-cms

View on GitHub
Star

Showing 1,158 of 1,254 total issues

Information Exposure with Puma when used with Rails
Open

    puma (3.12.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.12.6)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

HTTP Request Smuggling in puma
Open

    puma (3.12.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.12.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

File jsonform.js has 2407 lines of code (exceeds 250 allowed). Consider refactoring.
Open

/* Copyright (c) 2012 Joshfire - MIT license */
/**
 * @fileoverview Core of the JSON Form client-side library.
 *
 * Generates an HTML form from a structured data model and a layout description.
Severity: Major
Found in lib/jsonform.js - About 6 days to fix

    Complex method ToursController#convert_params_for_graphql (411.5)
    Open

        def convert_params_for_graphql
      # Check recursively if any addresses data is given.
      # If not, we do not want to submit the params, because the name is required by the model,
      # which will result in a validation error.
      if @tour_params["addresses"].present?
    Severity: Minor
    Found in app/controllers/tours_controller.rb by flog

    Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.

    You can read more about ABC metrics or the flog tool

    Method convert_params_for_graphql has a Cognitive Complexity of 164 (exceeds 5 allowed). Consider refactoring.
    Open

        def convert_params_for_graphql
      # Check recursively if any addresses data is given.
      # If not, we do not want to submit the params, because the name is required by the model,
      # which will result in a validation error.
      if @tour_params["addresses"].present?
    Severity: Minor
    Found in app/controllers/tours_controller.rb - About 3 days to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Class has too many lines. [404/100]
    Open

    class ToursController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_tour") }
  before_action :init_graphql_client
  before_action :load_category_list, only: [:edit, :new, :create]
    Severity: Minor
    Found in app/controllers/tours_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [369/100]
    Open

    class EventsController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_event_record") }
  before_action :init_graphql_client
  before_action :load_category_list, only: [:edit, :new, :create]
    Severity: Minor
    Found in app/controllers/events_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Assignment Branch Condition size for convert_params_for_graphql is too high. [203.2/15]
    Open

        def convert_params_for_graphql
      # Check recursively if any addresses data is given.
      # If not, we do not want to submit the params, because the name is required by the model,
      # which will result in a validation error.
      if @tour_params["addresses"].present?
    Severity: Minor
    Found in app/controllers/tours_controller.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric and https://en.wikipedia.org/wiki/ABC_Software_Metric.

    Method has too many lines. [159/10]
    Open

      def edit
    results = @smart_village.query <<~GRAPHQL
      query {
        eventRecord(
          id: #{params[:id]}
    Severity: Minor
    Found in app/controllers/events_controller.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Method has too many lines. [152/10]
    Open

        def convert_params_for_graphql
      # Check recursively if any addresses data is given.
      # If not, we do not want to submit the params, because the name is required by the model,
      # which will result in a validation error.
      if @tour_params["addresses"].present?
    Severity: Minor
    Found in app/controllers/tours_controller.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [252/100]
    Open

    class WasteCalendarController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_waste_calendar") }
  before_action :init_graphql_client
  before_action :determine_waste_types, only: %i[index new edit_tour edit_location tour_dates]
    Severity: Minor
    Found in app/controllers/waste_calendar_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [234/100]
    Open

    class NewsItemsController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_news_item") }
  before_action :init_graphql_client
  before_action :load_category_list, only: [:edit, :new, :create]
    Severity: Minor
    Found in app/controllers/news_items_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [231/100]
    Open

    class DeadlinesController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_deadlines") }
  before_action :init_graphql_client
  before_action :load_deadline_category_list, only: %i[edit new create]
    Severity: Minor
    Found in app/controllers/deadlines_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [226/100]
    Open

    class JobsController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_job") }
  before_action :init_graphql_client
  before_action :load_category_list, only: [:edit, :new, :create]
    Severity: Minor
    Found in app/controllers/jobs_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Method has too many lines. [130/10]
    Open

      def index
    if helpers.visible_in_role?("role_news_item")
      news_results = @smart_village.query <<~GRAPHQL
        query {
          newsItems {
    Severity: Minor
    Found in app/controllers/dashboard_controller.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Method has too many lines. [128/10]
    Open

      def edit
    results = @smart_village.query <<~GRAPHQL
      query {
        pointOfInterest(
          id: #{params[:id]}
    Severity: Minor
    Found in app/controllers/point_of_interests_controller.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [201/100]
    Open

    class OffersController < ApplicationController
  before_action :verify_current_user
  before_action { verify_current_user_role("role_offer") }
  before_action :init_graphql_client
    Severity: Minor
    Found in app/controllers/offers_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Severity
    Category
    Status
    Source
    Language