Sign upLogin

lujanfernaud/prevy

View on GitHub
Star

Showing 1,727 of 1,727 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

HTTP Request Smuggling in puma
Open

    puma (3.11.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.11.4)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Information Exposure with Puma when used with Rails
Open

    puma (3.11.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Function l has a Cognitive Complexity of 274 (exceeds 5 allowed). Consider refactoring.
Open

}(window, function l(window, document) {
    'use strict';
    /*jshint eqnull:true */
    if(!document.getElementsByClassName){return;}
Severity: Minor
Found in public/assets/lazysizes-0622dd876a33cdbe06d2c1c01c3e3b9a8ca531f3c3c3ec27639622d535ceeec0.js - About 5 days to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function l has 535 lines of code (exceeds 25 allowed). Consider refactoring.
Open

}(window, function l(window, document) {
    'use strict';
    /*jshint eqnull:true */
    if(!document.getElementsByClassName){return;}
Severity: Major
Found in public/assets/lazysizes-0622dd876a33cdbe06d2c1c01c3e3b9a8ca531f3c3c3ec27639622d535ceeec0.js - About 2 days to fix

    File lazysizes-0622dd876a33cdbe06d2c1c01c3e3b9a8ca531f3c3c3ec27639622d535ceeec0.js has 642 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    (function(window, factory) {
    var lazySizes = factory(window, window.document);
    window.lazySizes = lazySizes;
    if(typeof module == 'object' && module.exports){
        module.exports = lazySizes;
    Severity: Major
    Found in public/assets/lazysizes-0622dd876a33cdbe06d2c1c01c3e3b9a8ca531f3c3c3ec27639622d535ceeec0.js - About 1 day to fix

      Class has too many lines. [143/100]
      Open

      class Group < ApplicationRecord
  UPCOMING_EVENTS = 6
  RECENT_MEMBERS  = 8
  TOP_MEMBERS     = 12
  GROUPS_PER_PAGE = 24
      Severity: Minor
      Found in app/models/group.rb by rubocop

      This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

      Class has too many lines. [133/100]
      Open

      class Event < ApplicationRecord
  RECENT_ATTENDEES = 8
  RANDOM_ATTENDEES = 6
  EVENTS_PER_PAGE  = 15
      Severity: Minor
      Found in app/models/event.rb by rubocop

      This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

      Function loader has 250 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          var loader = (function(){
        var preloadElems, isCompleted, resetPreloadingTimer, loadMode, started;

        var eLvW, elvH, eLtop, eLleft, eLright, eLbottom;
      Severity: Major
      Found in public/assets/lazysizes-0622dd876a33cdbe06d2c1c01c3e3b9a8ca531f3c3c3ec27639622d535ceeec0.js - About 1 day to fix

        Class has too many lines. [125/100]
        Open

        class Groups::TopicsController < ApplicationController
  include Groups::AuthorizationRedirecter

  before_action :find_group
  after_action  :verify_authorized, except: [:index, :show]
        Severity: Minor
        Found in app/controllers/groups/topics_controller.rb by rubocop

        This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Class has too many lines. [118/100]
        Open

        class EventsController < ApplicationController
  require "will_paginate/array"

  include ApplicationHelper
  include Groups::AuthorizationRedirecter
        Severity: Minor
        Found in app/controllers/events_controller.rb by rubocop

        This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Class has too many lines. [114/100]
        Open

        class GroupsController < ApplicationController
  before_action :find_group,     only: [:show, :edit, :update, :destroy]
  before_action :redirect_to_root_if_not_own_sample_group, only: [:show]
  before_action :store_invitation_token_in_session,        only: [:show]
  before_action :render_notice_if_group_hidden,            only: [:show]
        Severity: Minor
        Found in app/controllers/groups_controller.rb by rubocop

        This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Class has too many lines. [107/100]
        Open

        class User < ApplicationRecord
  attribute :skip_sample_content, :boolean

  has_many :owned_groups, class_name: "Group", foreign_key: "user_id",
            dependent: :destroy
        Severity: Minor
        Found in app/models/user.rb by rubocop

        This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Class has too many lines. [103/100]
        Open

        class NotificationMailer < ApplicationMailer
  default from: "notifications@prevy.herokuapp.com"

  def new_membership_request(user, group)
    @user  = user
        Severity: Minor
        Found in app/mailers/notification_mailer.rb by rubocop

        This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Loofah XSS Vulnerability
        Open

            loofah (2.2.2)
        Severity: Minor
        Found in Gemfile.lock by bundler-audit

        Advisory: CVE-2019-15587

        Criticality: Medium

        URL: https://github.com/flavorjones/loofah/issues/171

        Solution: upgrade to >= 2.3.1

        Inefficient Regular Expression Complexity in Nokogiri
        Open

            nokogiri (1.8.2)
        Severity: Critical
        Found in Gemfile.lock by bundler-audit

        Advisory: CVE-2022-24836

        Criticality: High

        URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

        Solution: upgrade to >= 1.13.4

        Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
        Open

            nokogiri (1.8.2)
        Severity: Critical
        Found in Gemfile.lock by bundler-audit

        Advisory: CVE-2021-41098

        Criticality: High

        URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

        Solution: upgrade to >= 1.12.5

        Severity
        Category
        Status
        Source
        Language