Sign upLogin

presidentbeef/brakeman

View on GitHub
Star

Showing 42 of 56 total issues

Consider simplifying this complex logical expression.
Open

    if not protected_by_raise?(call) and
        not only_path?(call) and
        not explicit_host?(opt) and
        not slice_call?(opt) and
        not safe_permit?(opt) and
Severity: Major
Found in lib/brakeman/checks/check_redirect.rb - About 1 hr to fix

    Avoid deeply nested control flow statements.
    Open

              process block if sexp? block
    Severity: Major
    Found in lib/brakeman/processors/template_alias_processor.rb - About 45 mins to fix

      Avoid deeply nested control flow statements.
      Open

                  return match if match
      Severity: Major
      Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

        Avoid deeply nested control flow statements.
        Open

                   if string? v
             add_route_from_string v[1]
           elsif in_controller_block? and symbol? v
             add_route v
           end
        Severity: Major
        Found in lib/brakeman/processors/lib/rails3_route_processor.rb - About 45 mins to fix

          Avoid deeply nested control flow statements.
          Open

                    if exp.value.node_type == :rlist
            exp.value.each_sexp do |e|
              match = has_immediate_user_input?(e)
              return match if match
            end
          Severity: Major
          Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

            Avoid deeply nested control flow statements.
            Open

                        return match if match
            Severity: Major
            Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

              Avoid deeply nested control flow statements.
              Open

                        if exp.value.node_type == :rlist
            exp.value.each_sexp do |e|
              if match = has_immediate_model?(e, out)
                return match
              end
              Severity: Major
              Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

                Avoid deeply nested control flow statements.
                Open

                            if @app_tree.layout_exists?(name)
              @current_class.layout = "layouts/#{name}"
            else
              Brakeman.debug "[Notice] Layout not found: #{name}"
            end
                Severity: Major
                Found in lib/brakeman/processors/controller_processor.rb - About 45 mins to fix

                  Avoid deeply nested control flow statements.
                  Open

                            if string? v
            add_route_from_string v
          else
            add_route v
          end
                  Severity: Major
                  Found in lib/brakeman/processors/lib/rails3_route_processor.rb - About 45 mins to fix

                    Avoid deeply nested control flow statements.
                    Open

                                if exp.method == :to_json
              message << msg_plain(" in JSON hash")
              link_path += "_to_json"
              warning_code = :xss_to_json
            end
                    Severity: Major
                    Found in lib/brakeman/checks/check_cross_site_scripting.rb - About 45 mins to fix

                      Avoid deeply nested control flow statements.
                      Open

                                  if t.is_a? Symbol
              :"#{t}.#{exp.method}"
            else
              exp
            end
                      Severity: Major
                      Found in lib/brakeman/processors/lib/find_all_calls.rb - About 45 mins to fix

                        Avoid deeply nested control flow statements.
                        Open

                                  elsif node_type? last_arg, :nil, :false
            #layout :false or layout nil
            @current_class.layout = false
                        Severity: Major
                        Found in lib/brakeman/processors/controller_processor.rb - About 45 mins to fix

                          Consider simplifying this complex logical expression.
                          Open

                              if node_type? exp, :or
      decorated_model? exp.lhs or decorated_model? exp.rhs
    else
      tracker.config.has_gem? :draper and
      call? exp and
                          Severity: Major
                          Found in lib/brakeman/checks/check_redirect.rb - About 40 mins to fix

                            Consider simplifying this complex logical expression.
                            Open

                                if call? target and target.method == :connection
      target = target.target
      klass = class_name(target)

      target.nil? or
                            Severity: Major
                            Found in lib/brakeman/checks/check_sql.rb - About 40 mins to fix

                              Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                              Open

                                  def initialize name, parent, file_name, src, tracker
                              Severity: Minor
                              Found in lib/brakeman/tracker/model.rb - About 35 mins to fix

                                Method render_warnings has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                Open

                                  def render_warnings warnings, type, template, cols, sort_col
                                Severity: Minor
                                Found in lib/brakeman/report/report_table.rb - About 35 mins to fix

                                  Method process_template has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                  Open

                                      def process_template name, src, type, called_from = nil, file_name = nil
                                  Severity: Minor
                                  Found in lib/brakeman/processor.rb - About 35 mins to fix

                                    Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                    Open

                                        def initialize name, parent, file_name, src, tracker
                                    Severity: Minor
                                    Found in lib/brakeman/tracker/collection.rb - About 35 mins to fix

                                      Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                      Open

                                          def initialize name, parent, file_name, src, tracker
                                      Severity: Minor
                                      Found in lib/brakeman/tracker/controller.rb - About 35 mins to fix

                                        Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                        Open

                                            def initialize name, parent, file_name, src, tracker
                                        Severity: Minor
                                        Found in lib/brakeman/tracker/library.rb - About 35 mins to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language