Sign upLogin

myfreecomm/rexpense-client-ruby

View on GitHub
Star

Showing 77 of 78 total issues

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Resources
    #
    # A wrapper to Rexpense Tag API
    #
    # [API]
Severity: Major
Found in lib/rexpense/resources/tag.rb and 1 other location - About 2 hrs to fix
lib/rexpense/resources/webhook.rb on lines 2..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 99.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Resources
    #
    # A wrapper to Rexpense organizations API
    #
    # [API]
Severity: Major
Found in lib/rexpense/resources/webhook.rb and 1 other location - About 2 hrs to fix
lib/rexpense/resources/tag.rb on lines 2..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 99.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Entities
    class Advancement < Base
      [:id, :comments_count, :activities_count].each { |n| attribute n, Integer }
      [:description, :currency].each { |n| attribute n, String }
      attribute :amount, Decimal
Severity: Minor
Found in lib/rexpense/entities/advancement.rb and 1 other location - About 55 mins to fix
lib/rexpense/entities/reimbursement.rb on lines 2..12

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 46.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module Entities
    class Reimbursement < Base
      [:id, :comments_count, :activities_count].each { |n| attribute n, Integer }
      [:description, :currency].each { |n| attribute n, String }
      attribute :amount, Decimal
Severity: Minor
Found in lib/rexpense/entities/reimbursement.rb and 1 other location - About 55 mins to fix
lib/rexpense/entities/advancement.rb on lines 2..12

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 46.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method resolve! has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def resolve!
      if success?
        block_given? ? yield(self) : self
      elsif timed_out?
        raise RequestTimeout
Severity: Minor
Found in lib/rexpense/response.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Use %i or %I for an array of symbols.
Open

      [:created_at, :updated_at].each { |n| attribute n, String }
Severity: Minor
Found in lib/rexpense/entities/organization.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Align the elements of an array literal if they span more than one line.
Open

        :distance_kind, :destination, :origin].each { |n| attribute n, String }
Severity: Minor
Found in lib/rexpense/entities/expense.rb by rubocop

Here we check if the elements of a multi-line array literal are aligned.

Example:

# bad
a = [1, 2, 3,
  4, 5, 6]
array = ['run',
     'forrest',
     'run']

# good
a = [1, 2, 3,
     4, 5, 6]
a = ['run',
     'forrest',
     'run']

Useless private access modifier.
Open

      private
Severity: Minor
Found in lib/rexpense/entities/user.rb by rubocop

This cop checks for redundant access modifiers, including those with no code, those which are repeated, and leading public modifiers in a class or module body. Conditionally-defined methods are considered as always being defined, and thus access modifiers guarding such methods are not redundant.

Example:

class Foo
  public # this is redundant (default access is public)

  def method
  end

  private # this is not redundant (a method is defined)
  def method2
  end

  private # this is redundant (no following methods are defined)
end

Example:

class Foo
  # The following is not redundant (conditionally defined methods are
  # considered as always defining a method)
  private

  if condition?
    def method
    end
  end

  protected # this is not redundant (method is defined)

  define_method(:method2) do
  end

  protected # this is redundant (repeated from previous modifier)

  [1,2,3].each do |i|
    define_method("foo#{i}") do
    end
  end

  # The following is redundant (methods defined on the class'
  # singleton class are not affected by the public modifier)
  public

  def self.method3
  end
end

Example:

# Lint/UselessAccessModifier:
#   ContextCreatingMethods:
#     - concerning
require 'active_support/concern'
class Foo
  concerning :Bar do
    def some_public_method
    end

    private

    def some_private_method
    end
  end

  # this is not redundant because `concerning` created its own context
  private

  def some_other_private_method
  end
end

Example:

# Lint/UselessAccessModifier:
#   MethodCreatingMethods:
#     - delegate
require 'active_support/core_ext/module/delegation'
class Foo
  # this is not redundant because `delegate` creates methods
  private

  delegate :method_a, to: :method_b
end

Surrounding space missing in default value assignment.
Open

      def create(id, params={})
Severity: Minor
Found in lib/rexpense/resources/webhook.rb by rubocop

Checks that the equals signs in parameter default assignments have or don't have surrounding space depending on configuration.

Example:

# bad
def some_method(arg1=:default, arg2=nil, arg3=[])
  # do something...
end

# good
def some_method(arg1 = :default, arg2 = nil, arg3 = [])
  # do something...
end

Align the elements of an array literal if they span more than one line.
Open

        :destination_latitude, :destination_longitude, :origin_longitude,
Severity: Minor
Found in lib/rexpense/entities/expense.rb by rubocop

Here we check if the elements of a multi-line array literal are aligned.

Example:

# bad
a = [1, 2, 3,
  4, 5, 6]
array = ['run',
     'forrest',
     'run']

# good
a = [1, 2, 3,
     4, 5, 6]
a = ['run',
     'forrest',
     'run']

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

        response.parsed_body['pre_expenses'].each do |attributes|
Severity: Minor
Found in lib/rexpense/entities/pre_expense_collection.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Use %i or %I for an array of symbols.
Open

      [:id, :comments_count, :activities_count].each { |n| attribute n, Integer }
Severity: Minor
Found in lib/rexpense/entities/advancement.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Use %i or %I for an array of symbols.
Open

      [:created_at, :converted_at, :updated_at,
       :ignored_at, :occurred_at].each { |n| attribute n, String }
Severity: Minor
Found in lib/rexpense/entities/pre_expense.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

        response.parsed_body['tags'].each do |attributes|
Severity: Minor
Found in lib/rexpense/entities/tag_collection.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      @version = 'v1'
Severity: Minor
Found in lib/rexpense/configuration.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      define_method(endpoint + 's') do
Severity: Minor
Found in lib/rexpense/client.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Align the elements of an array literal if they span more than one line.
Open

        :origin_latitude].each { |n| attribute n, Decimal }
Severity: Minor
Found in lib/rexpense/entities/expense.rb by rubocop

Here we check if the elements of a multi-line array literal are aligned.

Example:

# bad
a = [1, 2, 3,
  4, 5, 6]
array = ['run',
     'forrest',
     'run']

# good
a = [1, 2, 3,
     4, 5, 6]
a = ['run',
     'forrest',
     'run']
Severity
Category
Status
Source
Language