infusionvlc/infusion

View on GitHub

Showing 365 of 368 total issues

Perceived complexity for create is too high. [10/7]
Open

  def create
    auth = request.env['omniauth.auth']
    @identity = Identity.find_with_omniauth(auth)

    if @identity.nil?

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Perceived complexity for reply is too high. [8/7]
Open

  def reply
    if params[:result][:action] == 'getNextMeetupDate'
      msg = nextMeetupDate
    elsif params[:result][:action] == 'getNextMeetupSpeaker'
      context = params[:result][:contexts].any? {|context| context[:name].downcase == 'nextmeetup'}

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Method has too many lines. [21/20]
Open

  def create
    @meetup = Meetup.new(meetup_params)
    @meetup.on_ranking = true
    authorize @meetup
    respond_to do |format|

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method has too many lines. [21/20]
Open

  def create
    @proposal = Proposal.new(proposal_params)
    @proposal.user = current_user
    authorize @proposal
    respond_to do |format|

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method create has 28 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def create
    auth = request.env['omniauth.auth']
    @identity = Identity.find_with_omniauth(auth)

    if @identity.nil?
Severity: Minor
Found in app/controllers/sessions_controller.rb - About 1 hr to fix

    HTTP Smuggling via Transfer-Encoding Header in Puma
    Open

        puma (3.12.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-11077

    Criticality: Medium

    URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

    Solution: upgrade to ~> 3.12.6, >= 4.3.5

    Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
    Open

        activerecord (5.2.2)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-44566

    URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

    Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

    Denial of service via header parsing in Rack
    Open

        rack (2.0.6)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-44570

    URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

    Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

    Potential XSS vulnerability in Action View
    Open

        actionview (5.2.2)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-15169

    Criticality: Medium

    URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

    Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

    Improper Certificate Validation in oauth ruby gem
    Open

        oauth (0.5.4)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2016-11086

    Criticality: High

    URL: https://github.com/advisories/GHSA-7359-3c6r-hfc2

    Solution: upgrade to >= 0.5.5

    Denial of Service Vulnerability in Rack Content-Disposition parsing
    Open

        rack (2.0.6)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-44571

    URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

    Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

    HTTP Smuggling via Transfer-Encoding Header in Puma
    Open

        puma (3.12.0)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-11076

    Criticality: High

    URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

    Solution: upgrade to ~> 3.12.5, >= 4.3.4

    Denial of service via multipart parsing in Rack
    Open

        rack (2.0.6)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-44572

    URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

    Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

    Regular Expression Denial of Service in websocket-extensions (RubyGem)
    Open

        websocket-extensions (0.1.3)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-7663

    Criticality: High

    URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2

    Solution: upgrade to >= 0.1.5

    ReDoS based DoS vulnerability in Action Dispatch
    Open

        actionpack (5.2.2)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2023-22792

    URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

    Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

    HTTP Response Splitting vulnerability in puma
    Open

        puma (3.12.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-5247

    Criticality: Medium

    URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

    Solution: upgrade to ~> 3.12.4, >= 4.3.3

    Possible Information Disclosure / Unintended Method Execution in Action Pack
    Open

        actionpack (5.2.2)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2021-22885

    Criticality: High

    URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

    Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

    ReDoS based DoS vulnerability in Active Support’s underscore
    Open

        activesupport (5.2.2)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2023-22796

    URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

    Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

    Denial of Service Vulnerability in Rack Multipart Parsing
    Open

        rack (2.0.6)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-30122

    Criticality: High

    URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

    Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

    Possible DoS Vulnerability in Action Controller Token Authentication
    Open

        actionpack (5.2.2)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2021-22904

    Criticality: High

    URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

    Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

    Severity
    Category
    Status
    Source
    Language