myfreecomm/rexpense-client-ruby

View on GitHub

Showing 77 of 78 total issues

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Resources
    #
    # A wrapper to Rexpense Tag API
    #
    # [API]
Severity: Major
Found in lib/rexpense/resources/tag.rb and 1 other location - About 2 hrs to fix
lib/rexpense/resources/webhook.rb on lines 2..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 99.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Resources
    #
    # A wrapper to Rexpense organizations API
    #
    # [API]
Severity: Major
Found in lib/rexpense/resources/webhook.rb and 1 other location - About 2 hrs to fix
lib/rexpense/resources/tag.rb on lines 2..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 99.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Entities
    class Reimbursement < Base
      [:id, :comments_count, :activities_count].each { |n| attribute n, Integer }
      [:description, :currency].each { |n| attribute n, String }
      attribute :amount, Decimal
Severity: Minor
Found in lib/rexpense/entities/reimbursement.rb and 1 other location - About 55 mins to fix
lib/rexpense/entities/advancement.rb on lines 2..12

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 46.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Entities
    class Advancement < Base
      [:id, :comments_count, :activities_count].each { |n| attribute n, Integer }
      [:description, :currency].each { |n| attribute n, String }
      attribute :amount, Decimal
Severity: Minor
Found in lib/rexpense/entities/advancement.rb and 1 other location - About 55 mins to fix
lib/rexpense/entities/reimbursement.rb on lines 2..12

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 46.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method resolve! has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def resolve!
      if success?
        block_given? ? yield(self) : self
      elsif timed_out?
        raise RequestTimeout
Severity: Minor
Found in lib/rexpense/response.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

        response.parsed_body['participants'].each do |attributes|

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Avoid rescuing without specifying an error class.
Open

                   rescue
Severity: Minor
Found in lib/rexpense/entities/collection.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Use %i or %I for an array of symbols.
Open

      [:amount, :approved_amount, :latitude, :longitude, :distance,
        :destination_latitude, :destination_longitude, :origin_longitude,
        :origin_latitude].each { |n| attribute n, Decimal }
Severity: Minor
Found in lib/rexpense/entities/expense.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      @version = 'v1'
Severity: Minor
Found in lib/rexpense/configuration.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Unused block argument - response. You can omit the argument if you don't care about it.
Open

        http.delete("#{endpoint_base(id)}/#{webhook_id}") do |response|
Severity: Minor
Found in lib/rexpense/resources/webhook.rb by rubocop

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Extra empty line detected at class body beginning.
Open


      attr_accessor :http
Severity: Minor
Found in lib/rexpense/resources/base.rb by rubocop

This cops checks if empty lines around the bodies of classes match the configuration.

Example: EnforcedStyle: empty_lines

# good

class Foo

  def bar
    # ...
  end

end

Example: EnforcedStyle: emptylinesexcept_namespace

# good

class Foo
  class Bar

    # ...

  end
end

Example: EnforcedStyle: emptylinesspecial

# good
class Foo

  def bar; end

end

Example: EnforcedStyle: noemptylines (default)

# good

class Foo
  def bar
    # ...
  end
end

Unused block argument - response. You can omit the argument if you don't care about it.
Open

        http.delete("#{endpoint_base}/#{id}", body: {}) do |response|

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

            main_email = email_data['email']; break
Severity: Minor
Found in lib/rexpense/entities/user.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Unused block argument - response. You can omit the argument if you don't care about it.
Open

      http.delete("#{membership_endpoint(organization_id)}/#{membership_id}") do |response|

This cop checks for unused block arguments.

Example:

# bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

Example:

#good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

Inherit from RuntimeError instead of Exception.
Open

  class RequestError < Exception; end
Severity: Minor
Found in lib/rexpense/response.rb by rubocop

This cop looks for error classes inheriting from Exception and its standard library subclasses, excluding subclasses of StandardError. It is configurable to suggest using either RuntimeError (default) or StandardError instead.

Example: EnforcedStyle: runtime_error (default)

# bad

class C < Exception; end

# good

class C < RuntimeError; end

Example: EnforcedStyle: standard_error

# bad

class C < Exception; end

# good

class C < StandardError; end

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      define_method(endpoint + 's') do
Severity: Minor
Found in lib/rexpense/client.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

        response.parsed_body['organizations'].each do |attributes|

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Severity
Category
Status
Source
Language