XML Injection in Xerces Java affects Nokogiri
Open

  def perform_installation
    SshExecution.new(server).execute_with_block do |ssh|
      ch = ssh.open_channel do |channel|
        logger.debug("Executing #{install_dokku}")
        channel.exec install_dokku do |_, success|

Found in app/jobs/install_server_job.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def perform(server, app_name)
    SshExecution.new(server).execute_with_block do |ssh|
      ssh.open_channel do |channel|
        channel.exec "dokku apps:destroy #{app_name}" do |channel2, success|
          abort "could not destroy app" unless success

Found in app/jobs/remove_app_job.rb - About 1 hr to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

intercity/intercity-next

Showing 98 of 98 total issues

XML Injection in Xerces Java affects Nokogiri
Open

HTTP Response Splitting vulnerability in puma
Open

Denial of Service in rubyzip ("zip bombs")
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Inline SVG vulnerable to Cross-site Scripting
Open

Potential XSS vulnerability in jQuery
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible Strong Parameters Bypass in ActionPack
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Improper Restriction of Excessive Authentication Attempts in Sorcery
Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25]
Open

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Severity

Category

Status

Source

Language

intercity/intercity-next

Showing 98 of 98 total issues

XML Injection in Xerces Java affects Nokogiri Open

HTTP Response Splitting vulnerability in puma Open

Denial of Service in rubyzip ("zip bombs") Open

ReDoS based DoS vulnerability in Action Dispatch Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Improper Handling of Unexpected Data Type in Nokogiri Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Inline SVG vulnerable to Cross-site Scripting Open

Potential XSS vulnerability in jQuery Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Possible Strong Parameters Bypass in ActionPack Open

HTTP Response Splitting (Early Hints) in Puma Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Improper Restriction of Excessive Authentication Attempts in Sorcery Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25] Open

Method perform has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open

Cognitive Complexity

A method's cognitive complexity is based on a few simple rules:

Further reading

Severity

Category

Status

Source

Language

XML Injection in Xerces Java affects Nokogiri
Open

HTTP Response Splitting vulnerability in puma
Open

Denial of Service in rubyzip ("zip bombs")
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Inline SVG vulnerable to Cross-site Scripting
Open

Potential XSS vulnerability in jQuery
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible Strong Parameters Bypass in ActionPack
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Improper Restriction of Excessive Authentication Attempts in Sorcery
Open

Assignment Branch Condition size for perform_installation is too high. [27.31/25]
Open

Method `perform` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open