internetee/registry

app/models/domain.rb

Summary

Maintainability

F

3 days

Test Coverage

A

90%

Possible SQL injection
Open

    where("#{attribute_alias(:outzone_time)} < ?", Time.zone.now)

Found in app/models/domain.rb by brakeman

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Injection is #1 on the 2013 OWASP Top Ten web security risks. SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes.

Brakeman focuses on ActiveRecord methods dealing with building SQL statements.

A basic (Rails 2.x) example looks like this:

User.first(:conditions => "username = '#{params[:username]}'")

Brakeman would produce a warning like this:

Possible SQL injection near line 30: User.first(:conditions => ("username = '#{params[:username]}'"))

The safe way to do this query is to use a parameterized query:

User.first(:conditions => ["username = ?", params[:username]])

Brakeman also understands the new Rails 3.x way of doing things (and local variables and concatenation):

username = params[:user][:name].downcase
password = params[:user][:password]

User.first.where("username = '" + username + "' AND password = '" + password + "'")

This results in this kind of warning:

Possible SQL injection near line 37:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))

See the Ruby Security Guide for more information and Rails-SQLi.org for many examples of SQL injection in Rails.

Class `Domain` has 97 methods (exceeds 25 allowed). Consider refactoring.
Open

class Domain < ApplicationRecord
  include UserEvents
  include Roids
  include Versions # version/domain_version.rb
  include Domain::Expirable

Found in app/models/domain.rb - About 1 day to fix

Create a ticket
Create a ticket

File `domain.rb` has 637 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class Domain < ApplicationRecord
  include UserEvents
  include Roids
  include Versions # version/domain_version.rb
  include Domain::Expirable

Found in app/models/domain.rb - About 1 day to fix

Create a ticket
Create a ticket

Method `manage_automatic_statuses` has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
Open

  def manage_automatic_statuses
    unless self.class.nameserver_required?
      deactivate if nameservers.reject(&:marked_for_destruction?).empty?
      activate if nameservers.reject(&:marked_for_destruction?).size >= Setting.ns_min_count
    end

Found in app/models/domain.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `admin_status_update` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def admin_status_update(update)
    return unless update

    PaperTrail.request(enabled: false) do
      update_unless_locked_by_registrant(update)

Found in app/models/domain.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `validate_nameserver_ips` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def validate_nameserver_ips
    nameservers.to_a.reject(&:marked_for_destruction?).each do |ns|
      next unless ns.hostname.end_with?(".#{name}")
      next if ns.ipv4.present? || ns.ipv6.present?

Found in app/models/domain.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `registrant_update_confirmable?` has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def registrant_update_confirmable?(token)
    return false if statuses.include? DomainStatus::DELETE_CANDIDATE
    return false unless pending_update?
    return false unless registrant_verification_asked?
    return false unless registrant_verification_token == token

Found in app/models/domain.rb - About 35 mins to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `registrant_delete_confirmable?` has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def registrant_delete_confirmable?(token)
    return false unless pending_delete?
    return false unless registrant_verification_asked?
    return false unless registrant_verification_token == token

Found in app/models/domain.rb - About 25 mins to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

There are no issues that match your filters.