philou/planning-poker

View on GitHub

Showing 27 of 29 total issues

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3741

URL: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ

Solution: upgrade to >= 1.0.4

Path Traversal in Sprockets
Open

    sprockets (3.7.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Loofah 2.0.3 is vulnerable (CVE-2018-8048). Upgrade to 2.1.2
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

rails-html-sanitizer 1.0.3 is vulnerable (CVE-2018-3741). Upgrade to 1.0.4
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

The use of eval is a serious security risk.
Open

eval(`cat #{Rails.root.to_s}/db/schema.rb | sed 's/,[^:]*: :serial\//g'`)
Severity: Minor
Found in spec/rails_helper.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

TODO found
Open

# TODO remove the 'from his browser' from the step def. This is really implementation specific

TODO found
Open

  # TODO upgrade postgresql to the same as Heroku
Severity: Minor
Found in docker-compose.yml by fixme

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_not_running.html.erb by fixme

TODO found
Open

    # TODO update jasmine test framework version
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

# TODO define env var in some special purpose place (check dotenv gem)
Severity: Minor
Found in config/application.rb by fixme

TODO found
Open

    # TODO move to an hexagonal architecture in order to encapsulate team.animator= this would ensure a unique way to update the animator, and we could remove this almost duplicated test https://medium.com/@vsavkin/hexagonal-architecture-for-rails-developers-8b1fee64a613#.c2giyb3mh

TODO found
Open

# TODO find a way to test that we are subscribing with the correct arguments.

TODO found
Open

    # TODO use stream_to instead
Severity: Minor
Found in app/channels/team_channel.rb by fixme

TODO found
Open

    # TODO move some of this in the Team class using events
Severity: Minor
Found in app/controllers/votes_controller.rb by fixme

TODO found
Open

# TODO use FactoryGirl to simplify the data setup.

TODO found
Open

# TODO add a primary key on contributors(name, team)
Severity: Minor
Found in db/todo.rb by fixme
Severity
Category
Status
Source
Language