Sign upLogin

mammooc/mammooc.org

View on GitHub
Star

Showing 351 of 351 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

File i18n.js has 674 lines of code (exceeds 250 allowed). Consider refactoring.
Open

// I18n.js
// =======
//
// This small library provides the Rails I18n API on the Javascript.
// You don't actually have to use Rails (or even Ruby) to use I18n.js.
Severity: Major
Found in public/javascripts/i18n.js - About 1 day to fix

    Method handle_response_data has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_response_data(response_data)
    update_map = create_update_map mooc_provider

    free_track_type = CourseTrackType.find_by(type_of_achievement: 'nothing')
    certificate_track_type = CourseTrackType.find_by(type_of_achievement: 'edx_verified_certificate')
    Severity: Minor
    Found in app/workers/edx_course_worker.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Inefficient Regular Expression Complexity in Loofah
    Open

        loofah (2.13.0)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-23514

    Criticality: High

    URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

    Solution: upgrade to >= 2.19.1

    Improper neutralization of data URIs may allow XSS in Loofah
    Open

        loofah (2.13.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-23515

    Criticality: Medium

    URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

    Solution: upgrade to >= 2.19.1

    JMESPath for Ruby using JSON.load instead of JSON.parse
    Open

        jmespath (1.5.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-32511

    Criticality: Critical

    URL: https://github.com/jmespath/jmespath.rb/pull/55

    Solution: upgrade to >= 1.6.1

    Uncontrolled Recursion in Loofah
    Open

        loofah (2.13.0)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-23516

    Criticality: High

    URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

    Solution: upgrade to >= 2.19.1

    Method handle_response_data has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_response_data(response_data)
    update_map = create_update_map mooc_provider

    free_track_type = CourseTrackType.find_by(type_of_achievement: 'iversity_record_of_achievement')
    certificate_track_type = CourseTrackType.find_by(type_of_achievement: 'iversity_certificate')
    Severity: Minor
    Found in app/workers/iversity_course_worker.rb - About 7 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method handle_response_data has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_response_data(response_data)
    update_map = create_update_map mooc_provider

    free_track_type = CourseTrackType.find_by(type_of_achievement: 'nothing')
    certificate_track_type = CourseTrackType.find_by(type_of_achievement: 'certificate')
    Severity: Minor
    Found in app/workers/coursera_course_worker.rb - About 5 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method handle_enrollments_response has a Cognitive Complexity of 37 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_enrollments_response(response_data, user)
    update_map = create_enrollments_update_map mooc_provider, user

    if response_data.present?
      enrollment_list = response_data.data
    Severity: Minor
    Found in app/controllers/concerns/abstract_xikolo_connector.rb - About 5 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method find_for_omniauth has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
    Open

      def self.find_for_omniauth(auth, signed_in_resource = nil)
    # Get the identity and user if they exist
    identity = UserIdentity.find_for_omniauth(auth)

    # If a signed_in_resource is provided it always overrides the existing user
    Severity: Minor
    Found in app/models/user.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method handle_response_data has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_response_data(response_data)
    update_map = create_update_map mooc_provider
    non_free_track_type = CourseTrackType.find_by(type_of_achievement: "#{mooc_provider.name}_full_certificate")
    free_track_type = CourseTrackType.find_by(type_of_achievement: "#{mooc_provider.name}_certificate")
    Severity: Minor
    Found in app/workers/abstract_json_api_course_worker.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method handle_response_data has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.
    Open

      def handle_response_data(response_data)
    update_map = create_update_map mooc_provider
    confirmation_of_participation = CourseTrackType.find_by(type_of_achievement: 'xikolo_confirmation_of_participation')
    record_of_achievement = CourseTrackType.find_by(type_of_achievement: 'xikolo_record_of_achievement')
    qualified_certificate = CourseTrackType.find_by(type_of_achievement: 'xikolo_qualified_certificate')
    Severity: Minor
    Found in app/workers/abstract_xikolo_course_worker.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    File course.rb has 354 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class Course < ApplicationRecord
  filterrific(
      default_filter_params: {sorted_by: 'relevance_asc'},
      available_filters: %i[with_start_date_gte
                          with_end_date_lte
    Severity: Minor
    Found in app/models/course.rb - About 4 hrs to fix

      Class User has 34 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :omniauthable and :encryptable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :omniauthable
      Severity: Minor
      Found in app/models/user.rb - About 4 hrs to fix

        Class GroupsController has 34 methods (exceeds 20 allowed). Consider refactoring.
        Open

        class GroupsController < ApplicationController
  load_and_authorize_resource only: %i[index show edit update destroy admins invite_group_members add_administrator members recommendations statistics demote_administrator remove_group_member leave condition_for_changing_member_status all_members_to_administrators recommendations synchronize_courses]

  NUMBER_OF_SHOWN_RECOMMENDATIONS = 2
  NUMBER_OF_SHOWN_USERS = 10
        Severity: Minor
        Found in app/controllers/groups_controller.rb - About 4 hrs to fix

          Method handle_response_data has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
          Open

            def handle_response_data(response_data)
    update_map = create_update_map mooc_provider

    free_track_type = CourseTrackType.find_by(type_of_achievement: 'nothing')
    certificate_track_type = CourseTrackType.find_by(type_of_achievement: 'certificate')
          Severity: Minor
          Found in app/workers/future_learn_course_worker.rb - About 4 hrs to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method handle_response_data has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
          Open

            def handle_response_data(response_data)
    update_map = create_update_map mooc_provider

    free_track_type = CourseTrackType.find_by(type_of_achievement: 'udacity_nothing')
    certificate_track_type = CourseTrackType.find_by(type_of_achievement: 'udacity_verified_certificate')
          Severity: Minor
          Found in app/workers/udacity_course_worker.rb - About 4 hrs to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method create has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
          Open

              def create
      flash['error'] ||= []
      exception = ''
      full_user_params = sign_up_params
      build_resource(full_user_params)
          Severity: Minor
          Found in app/controllers/users/registrations_controller.rb - About 4 hrs to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File users_controller.rb has 329 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          class UsersController < ApplicationController
  include ConnectorMapper
  before_action :set_provider_logos, only: %i[settings mooc_provider_settings]
  load_and_authorize_resource only: %i[show edit update destroy finish_signup completions]
          Severity: Minor
          Found in app/controllers/users_controller.rb - About 3 hrs to fix
            Severity
            Category
            Status
            Source
            Language