Showing 4,033 of 4,033 total issues
Assignment Branch Condition size for find_related is too high. [75.05/15] Open
def find_related
# related items are now shown on basket homepage topics, small change to allow linking here
params[:relate_to_type] = 'Topic' if params[:relate_to_type] == 'IndexPage'
@relate_to_item = params[:relate_to_type].constantize.find(params[:relate_to_item])
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Module has too many lines. [105/100] Open
module InstanceMethods
# TODO: Work out how to invoke an instance method from an included module..
# Might need to overload self.non_versioned_columns the method
# self.non_versioned_columns << "file_private"
- Read upRead up
- Exclude checks
This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for add_tags is too high. [74.44/15] Open
def add_tags
zoom_class = zoom_class_from_controller(params[:controller])
item_key = zoom_class.underscore.to_sym
@item = item_from_controller_and_id
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for assign_value_to_appropriate_fields is too high. [74.14/15] Open
def assign_value_to_appropriate_fields(record_field, record_value, params, zoom_class)
return if SystemSetting.import_fields_to_ignore.include?(record_field)
logger.debug('record_field ' + record_field.inspect)
zoom_class_for_params = zoom_class.tableize.singularize
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Module has too many lines. [101/100] Open
module ExtendedContentTestUnitHelper
# xml attributes pulls extended_content column xml out into a hash
# TODO: test case where the model is a topic and we need form fields from ancestors
# TODO: test case where extended_field is a multiple
# TODO: test that position is in right order?
- Read upRead up
- Exclude checks
This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Possible XSS vulnerability in Rack Open
rack (1.4.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
Path Traversal in Sprockets Open
sprockets (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3760
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Loofah XSS Vulnerability Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Uncontrolled Recursion in Loofah Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Possible information leak / session hijack vulnerability Open
rack (1.4.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4