Showing 4,033 of 4,033 total issues
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Injection/XSS in Redcarpet Open
redcarpet (3.2.3)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26298
Criticality: Medium
URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
Solution: upgrade to >= 3.5.1
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Denial of Service in rubyzip ("zip bombs") Open
rubyzip (1.2.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-16892
Criticality: Medium
URL: https://github.com/rubyzip/rubyzip/pull/403
Solution: upgrade to >= 1.3.0
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.8.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Assignment Branch Condition size for included is too high. [72.59/15] Open
def self.included(klass)
# stuff related to flagging and moderation
klass.send :include, FlaggingController
# Kieran Pilkington, 2008/10/23- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method populate_result_sets_for has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring. Open
def populate_result_sets_for(zoom_class)
# potential elements of query
# zoom_class and optionally basket
# search_terms which search both title attribute and all content attribute
# source_item for things related to item- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method populate_attributes_from_embedded_in has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring. Open
def populate_attributes_from_embedded_in(file_path)
# if there is no file we just leave it up to validation
# to sort out what needs doing
return unless File.exist?(file_path)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method has too many lines. [66/10] Open
def formatted_value_from_xml(value, ef = nil, item = nil)
if ef && %w(autocomplete choice).member?(ef.ftype)
base_url = ef.base_url
# If the extended field type is a choice, then link the value to the search page for the EF.- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for show is too high. [70.3/15] Open
def show
# Only respond to known types to avoid code injection attacks
raise UnknownTypeError unless %w(documents image_files audio video).member?(params[:type])
# Ensure we load the correct object type- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [65/10] Open
def show_comments_for(item)
html_string = "<p>#{t('application_helper.show_comments_for.comment_count', count: @comments.size)}</p><p>"
unless @comments.empty?
html_string += t('application_helper.show_comments_for.read_and')- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for create is too high. [70.26/15] Open
def create
@import = Import.new(params[:import])
@import.basket_id = @current_basket.id
if importing_archive_file?- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [65/10] Open
def populate_result_sets_for(zoom_class)
# potential elements of query
# zoom_class and optionally basket
# search_terms which search both title attribute and all content attribute
# source_item for things related to item- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class ApplicationController has 56 methods (exceeds 20 allowed). Consider refactoring. Open
class ApplicationController < ActionController::Base
# helper :all # include all helpers, all the time
protect_from_forgery # See ActionController::RequestForgeryProtection for details
include DefaultUrlOptionsMethod has too many lines. [63/10] Open
def render_baskets_as_menu
html = '<ul id="sub-menu" class="menu basket-list-menu">'
basket_count = 0
Basket.except_certain_baskets(@standard_baskets).all.each do |basket|- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.