Sign upLogin

internetee/registry

View on GitHub
Star
app/controllers/epp/base_controller.rb

Summary

Maintainability
C
1 day
Test Coverage
C
79%

User controlled method execution
Open

      send(validation_method)
Severity: Critical
Found in app/controllers/epp/base_controller.rb by brakeman

Using unfiltered user data to select a Class or Method to be dynamically sent is dangerous.

It is much safer to whitelist the desired target or method.

Unsafe use of method:

method = params[:method]
@result = User.send(method.to_sym)

Safe:

method = params[:method] == 1 ? :method_a : :method_b
@result = User.send(method, *args)

Unsafe use of target:

table = params[:table]
model = table.classify.constantize
@result = model.send(:method)

Safe:

target = params[:target] == 1 ? Account : User
@result = target.send(:method, *args)

Including user data in the arguments passed to an Object#send is safe, as long as the method can properly handle potentially bad data.

Safe:

args = params["args"] || []
@result = User.send(:method, *args)

Class BaseController has 37 methods (exceeds 25 allowed). Consider refactoring.
Open

  class BaseController < ApplicationController
    class AuthorizationError < StandardError; end
    skip_before_action :verify_authenticity_token
    check_authorization
    layout false
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 4 hrs to fix

File base_controller.rb has 307 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Epp
  class BaseController < ApplicationController
    class AuthorizationError < StandardError; end
    skip_before_action :verify_authenticity_token
    check_authorization
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 3 hrs to fix

Method requires has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
Open

    def requires(*selectors)
      options = selectors.extract_options!
      allow_blank = options[:allow_blank] ||= false # allow_blank is false by default

      el, missing = nil, nil
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method requires_attribute has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def requires_attribute(element_selector, attribute_selector, options)
      element = requires(element_selector, allow_blank: options[:allow_blank])
      return unless element

      attribute = element[attribute_selector]
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method write_to_epp_log has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def write_to_epp_log
      request_command = params[:command] || params[:action] # error receives :command, other methods receive :action
      frame = params[:raw_frame] || params[:frame]

      # filter pw
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method element_count has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def element_count(*selectors)
      options = selectors.extract_options!
      use_prefix = options[:use_prefix] != false # use_prefix is true by default

      present_count = 0
Severity: Minor
Found in app/controllers/epp/base_controller.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

There are no issues that match your filters.

Category
Status