Showing 128 of 128 total issues
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
XSS vulnerability in bootstrap-sass Open
bootstrap-sass (3.2.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-8331
Criticality: Medium
URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
Solution: upgrade to >= 3.4.1
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
Cyclomatic complexity for path_to is too high. [7/6] Open
def path_to(page_name)
case page_name
when /^the home\s?page$/
'/'
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Method create
has 30 lines of code (exceeds 25 allowed). Consider refactoring. Open
def create
# Might want to figure out how to just call Form.new(form_params), was getting error with that approach initially
if @form.nil?
unlocked_params = ActiveSupport::HashWithIndifferentAccess.new(form_params)
session[:form_params] = nil
Method create
has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
def create
# Might want to figure out how to just call Form.new(form_params), was getting error with that approach initially
if @form.nil?
unlocked_params = ActiveSupport::HashWithIndifferentAccess.new(form_params)
session[:form_params] = nil
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Denial of Service Vulnerability in Action View Open
actionview (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Unsafe Query Generation Risk in Active Record Open
activerecord (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6317
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
Solution: upgrade to >= 4.2.7.1
Possible XSS Vulnerability in Action View Open
actionview (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6316
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1
Broken Access Control vulnerability in Active Job Open
activejob (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
Possible information leak / session hijack vulnerability Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3741
URL: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ
Solution: upgrade to >= 1.0.4
Potential remote code execution of user-provided local names in ActionView Open
actionview (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8163
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
Solution: upgrade to >= 4.2.11.2
File Content Disclosure in Action View Open
actionview (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5418
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3
Possible XSS vulnerability in Rack Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
Denial of service or RCE from libxml2 and libxslt Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-8806
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1473
Solution: upgrade to >= 1.6.8