philou/planning-poker

View on GitHub

Showing 22 of 24 total issues

Keepalive thread overload/DoS in puma
Open

    puma (4.1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Possible information leak / session hijack vulnerability
Open

    rack (2.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

The use of eval is a serious security risk.
Open

eval(`cat #{Rails.root.to_s}/db/schema.rb | sed 's/,[^:]*: :serial\//g'`)
Severity: Minor
Found in spec/rails_helper.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_not_running.html.erb by fixme

TODO found
Open

    # TODO move some of this in the Team class using events
Severity: Minor
Found in app/controllers/votes_controller.rb by fixme

TODO found
Open

# TODO use rails-assets.org instead of jquery-rails to get jquery
Severity: Minor
Found in Gemfile by fixme

TODO found
Open

  # TODO do some polling instead of sleeping for a full second

TODO found
Open

  # TODO Write unit test for the subscription when the action cable tests commits are available (https://github.com/rails/rails/pull/23211 and https://github.com/rspec/rspec-rails/issues/1606)
Severity: Minor
Found in spec/channels/team_channel_spec.rb by fixme

TODO found
Open

# TODO define env var in some special purpose place (check dotenv gem)
Severity: Minor
Found in config/application.rb by fixme

TODO found
Open

  # TODO upgrade postgresql to the same as Heroku
Severity: Minor
Found in docker-compose.yml by fixme

TODO found
Open

    # TODO could we load jasmine through the rails-asset gem source instead of teaspoon ?
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

    # TODO move to an hexagonal architecture in order to encapsulate team.animator= this would ensure a unique way to update the animator, and we could remove this almost duplicated test https://medium.com/@vsavkin/hexagonal-architecture-for-rails-developers-8b1fee64a613#.c2giyb3mh

TODO found
Open

# TODO remove the 'from his browser' from the step def. This is really implementation specific

TODO found
Open

  <% # TODO get rid of these 2 'if' %>
Severity: Minor
Found in app/views/contributors/show.html.erb by fixme

TODO found
Open

# TODO add a primary key on teams(name)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

# TODO add a primary key on contributors(name, team)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

    # TODO update jasmine test framework version
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

# TODO use FactoryGirl to simplify the data setup.

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_running.html.erb by fixme
Severity
Category
Status
Source
Language