Inline SVG vulnerable to Cross-site Scripting
Open

  def perform_installation
    SshExecution.new(server).execute_with_block do |ssh|
      ch = ssh.open_channel do |channel|
        logger.debug("Executing #{install_dokku}")
        channel.exec install_dokku do |_, success|

Found in app/jobs/install_server_job.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def perform(server)
    @server = server
    SshExecution.new(server).execute_with_block do |ssh|
      ssh.open_channel do |channel|
        channel.exec update_command do |exec_channel, success|

Found in app/jobs/update_server_job.rb - About 1 hr to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

intercity/intercity-next

Showing 98 of 98 total issues

Inline SVG vulnerable to Cross-site Scripting
Open

XML Injection in Xerces Java affects Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Regular Expression Denial of Service in Addressable templates
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Injection/XSS in Redcarpet
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

sinatra does not validate expanded path matches
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

HTTP Response Splitting (Early Hints) in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible exposure of information vulnerability in Action Pack
Open

Denial of Service in rubyzip ("zip bombs")
Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25]
Open

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Severity

Category

Status

Source

Language

intercity/intercity-next

Showing 98 of 98 total issues

Inline SVG vulnerable to Cross-site Scripting Open

XML Injection in Xerces Java affects Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Regular Expression Denial of Service in Addressable templates Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Injection/XSS in Redcarpet Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

sinatra does not validate expanded path matches Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

HTTP Response Splitting (Early Hints) in Puma Open

ReDoS based DoS vulnerability in Action Dispatch Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Possible exposure of information vulnerability in Action Pack Open

Denial of Service in rubyzip ("zip bombs") Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25] Open

Method perform has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Severity

Category

Status

Source

Language

Inline SVG vulnerable to Cross-site Scripting
Open

XML Injection in Xerces Java affects Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Regular Expression Denial of Service in Addressable templates
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Injection/XSS in Redcarpet
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

sinatra does not validate expanded path matches
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

HTTP Response Splitting (Early Hints) in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible exposure of information vulnerability in Action Pack
Open

Denial of Service in rubyzip ("zip bombs")
Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25]
Open

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open