petities/petitions.eu

View on GitHub

Showing 22 of 22 total issues

Class Petition has 29 methods (exceeds 20 allowed). Consider refactoring.
Open

class Petition < ApplicationRecord
  translates :name, :description, :initiators,
             :statement, :request, :slug,
             fallbacks_for_empty_translations: true,
             versioning: :paper_trail
Severity: Minor
Found in app/models/petition.rb - About 3 hrs to fix

    Method create has 37 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def create
        @petition = Petition.new(petition_params)
    
        @petition.status = 'concept'
    
    
    Severity: Minor
    Found in app/controllers/petitions_controller.rb - About 1 hr to fix

      Method set_redis_keys has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
      Open

        def set_redis_keys(task = false)
          redis = Redis.current
      
          # last updates
          if confirmed_at
      Severity: Minor
      Found in app/models/signature.rb - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method create has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
      Open

        def create
          @petition = Petition.new(petition_params)
      
          @petition.status = 'concept'
      
      
      Severity: Minor
      Found in app/controllers/petitions_controller.rb - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method included has 33 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def self.included(dsl)
          dsl.actions :all, except: [:new]
          dsl.filter :petition_id
      
          dsl.filter :person_name
      Severity: Minor
      Found in app/admin_concerns/admin_signatures.rb - About 1 hr to fix

        Method redis_history_chart_json has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
        Open

          def redis_history_chart_json(hist = 10)
            start = Time.now - hist.day
        
            if created_at and start < created_at
              start = created_at
        Severity: Minor
        Found in app/models/petition.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method create has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
        Open

          def create
            # try to find old signature first
            email = signature_params[:person_email]
            @signature = Signature.find_by(person_email: email, petition: @petition)
        
        
        Severity: Minor
        Found in app/controllers/signatures_controller.rb - About 55 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          sidebar :translations, only: :show do
            table_for resource.translations do
              column :id do |item|
                link_to(item.id, [:admin, item])
              end
        Severity: Minor
        Found in app/admin/petition.rb and 1 other location - About 45 mins to fix
        app/admin/petition.rb on lines 163..172

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 40.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          sidebar :newsletters, only: :show do
            table_for resource.newsletters do
              column :number do |item|
                link_to(item.number, [:admin, item])
              end
        Severity: Minor
        Found in app/admin/petition.rb and 1 other location - About 45 mins to fix
        app/admin/petition.rb on lines 134..143

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 40.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Method invalid_attributes has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
        Open

          def invalid_attributes
            remove = []
        
            return remove if user.has_role?(:admin)
        
        
        Severity: Minor
        Found in app/policies/petition_policy.rb - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method set_petition has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
        Open

          def set_petition
            find_petition
        
            return if @petition.nil?
        
        
        Severity: Minor
        Found in app/controllers/petitions_controller.rb - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Unescaped model attribute
        Open

        $('a.navigation-loadmore:first').attr('href', '<%= raw(path_to_next_page(@petitions, params: { sorting: @sorting })) %>');
        Severity: Minor
        Found in app/views/petitions/index.js.erb by brakeman

        Cross-site scripting (or XSS) is #3 on the 2013 [OWASP Top Ten](https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS\)) web security risks and it pops up nearly everywhere.

        XSS occurs when a user-controlled value is displayed on a web page without properly escaping it, allowing someone to inject Javascript or HTML into the page which will be interpreted and executed by the browser..

        In Rails 2.x, values need to be explicitly escaped (e.g., by using the h method). Since Rails 3.x, auto-escaping in views is enabled by default. However, one can still use the raw or html_safe methods to output a value directly.

        See the Ruby Security Guide for more details.

        Query Parameters and Cookies

        ERB example:

        <%= params[:query].html_safe %>

        Brakeman looks for several situations that can allow XSS. The simplest is like the example above: a value from the params or cookies is being directly output to a view. In such cases, it will issue a warning like:

        Unescaped parameter value near line 3: params[:query]

        By default, Brakeman will also warn when a parameter or cookie value is used as an argument to a method, the result of which is output unescaped to a view.

        For example:

        <%= raw some_method(cookie[:name]) %>

        This raises a warning like:

        Unescaped cookie value near line 5: some_method(cookies[:oreo])

        However, the confidence level for this warning will be weak, because it is not directly outputting the cookie value.

        Some methods are known to Brakeman to either be dangerous (link_to is one) or safe (escape_once). Users can specify safe methods using the --safe-methods option. Alternatively, Brakeman can be set to only warn when values are used directly with the --report-direct option.

        Model Attributes

        Because (many) models come from database values, Brakeman mistrusts them by default.

        For example, if @user is an instance of a model set in an action like

        def set_user
          @user = User.first
        end

        and there is a view with

        <%= @user.name.html_safe %>

        Brakeman will raise a warning like

        Unescaped model attribute near line 3: User.first.name

        If you trust all your data (although you probably shouldn't), this can be disabled with --ignore-model-output.

        Possible SQL injection
        Open

            @petitions = @petitions.order("FIELD(petitions.id, #{ordered_petition_ids.join(', ')})") if ordered_petition_ids.any?

        Injection is #1 on the 2013 OWASP Top Ten web security risks. SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes.

        Brakeman focuses on ActiveRecord methods dealing with building SQL statements.

        A basic (Rails 2.x) example looks like this:

        User.first(:conditions => "username = '#{params[:username]}'")

        Brakeman would produce a warning like this:

        Possible SQL injection near line 30: User.first(:conditions => ("username = '#{params[:username]}'"))

        The safe way to do this query is to use a parameterized query:

        User.first(:conditions => ["username = ?", params[:username]])

        Brakeman also understands the new Rails 3.x way of doing things (and local variables and concatenation):

        username = params[:user][:name].downcase
        password = params[:user][:password]
        
        User.first.where("username = '" + username + "' AND password = '" + password + "'")

        This results in this kind of warning:

        Possible SQL injection near line 37:
        User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))

        See the Ruby Security Guide for more information and Rails-SQLi.org for many examples of SQL injection in Rails.

        Method confirm has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

          def confirm
            @petition = @signature.petition
            # generate the update signature url
            @url = petition_signature_confirm_submit_path(@petition, @signature.unique_key)
        
        
        Severity: Minor
        Found in app/controllers/signatures_controller.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method create has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

          def create
            @update = Update.new(update_params)
            authorize @update
        
            respond_to do |format|
        Severity: Minor
        Found in app/controllers/updates_controller.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method update has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

            def update
              if params[:petition_id].present?
                petition = Petition.find(params[:petition_id])
                role = petition.roles.find_or_create_by(name: :admin)
                params[:user][:role_ids].push(role.id)
        Severity: Minor
        Found in app/admin/user.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Line exceeds maximum allowed length
        Open

              $('div.person_born_at_errors').append('<div class="has_error_help">' + $.map(messages, (m) -> m.charAt(0).toUpperCase() + m.slice(1)).join('<br />') + '</div>')

        Line exceeds maximum allowed length
        Open

            input.parent().append('<div class="has_error_help">' + $.map(messages, (m) -> m.charAt(0).toUpperCase() + m.slice(1)).join('<br />') + '</div>')

        Line exceeds maximum allowed length
        Open

        Mailcheck.defaultTopLevelDomains = ['com', 'net', 'org', 'be', 'de', 'eu', 'fr', 'nl', 'nu']

        Line exceeds maximum allowed length
        Open

            $('.edit_pledge, .new_pledge').render_form_errors('pledge', data.responseJSON)
        Severity
        Category
        Status
        Source
        Language