presidentbeef/brakeman

View on GitHub

Showing 42 of 56 total issues

Consider simplifying this complex logical expression.
Open

    if not protected_by_raise?(call) and
        not only_path?(call) and
        not explicit_host?(opt) and
        not slice_call?(opt) and
        not safe_permit?(opt) and
Severity: Major
Found in lib/brakeman/checks/check_redirect.rb - About 1 hr to fix

    Avoid deeply nested control flow statements.
    Open

              process block if sexp? block
    Severity: Major
    Found in lib/brakeman/processors/template_alias_processor.rb - About 45 mins to fix

      Avoid deeply nested control flow statements.
      Open

                elsif node_type? last_arg, :nil, :false
                  #layout :false or layout nil
                  @current_class.layout = false
      Severity: Major
      Found in lib/brakeman/processors/controller_processor.rb - About 45 mins to fix

        Avoid deeply nested control flow statements.
        Open

                    if exp.method == :to_json
                      message << msg_plain(" in JSON hash")
                      link_path += "_to_json"
                      warning_code = :xss_to_json
                    end
        Severity: Major
        Found in lib/brakeman/checks/check_cross_site_scripting.rb - About 45 mins to fix

          Avoid deeply nested control flow statements.
          Open

                      if @app_tree.layout_exists?(name)
                        @current_class.layout = "layouts/#{name}"
                      else
                        Brakeman.debug "[Notice] Layout not found: #{name}"
                      end
          Severity: Major
          Found in lib/brakeman/processors/controller_processor.rb - About 45 mins to fix

            Avoid deeply nested control flow statements.
            Open

                      if exp.value.node_type == :rlist
                        exp.value.each_sexp do |e|
                          match = has_immediate_user_input?(e)
                          return match if match
                        end
            Severity: Major
            Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

              Avoid deeply nested control flow statements.
              Open

                          if t.is_a? Symbol
                            :"#{t}.#{exp.method}"
                          else
                            exp
                          end
              Severity: Major
              Found in lib/brakeman/processors/lib/find_all_calls.rb - About 45 mins to fix

                Avoid deeply nested control flow statements.
                Open

                          if exp.value.node_type == :rlist
                            exp.value.each_sexp do |e|
                              if match = has_immediate_model?(e, out)
                                return match
                              end
                Severity: Major
                Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

                  Avoid deeply nested control flow statements.
                  Open

                             if string? v
                               add_route_from_string v[1]
                             elsif in_controller_block? and symbol? v
                               add_route v
                             end
                  Severity: Major
                  Found in lib/brakeman/processors/lib/rails3_route_processor.rb - About 45 mins to fix

                    Avoid deeply nested control flow statements.
                    Open

                                return match if match
                    Severity: Major
                    Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

                      Avoid deeply nested control flow statements.
                      Open

                                if string? v
                                  add_route_from_string v
                                else
                                  add_route v
                                end
                      Severity: Major
                      Found in lib/brakeman/processors/lib/rails3_route_processor.rb - About 45 mins to fix

                        Avoid deeply nested control flow statements.
                        Open

                                    return match if match
                        Severity: Major
                        Found in lib/brakeman/checks/base_check.rb - About 45 mins to fix

                          Consider simplifying this complex logical expression.
                          Open

                              if call? target and target.method == :connection
                                target = target.target
                                klass = class_name(target)
                          
                                target.nil? or
                          Severity: Major
                          Found in lib/brakeman/checks/check_sql.rb - About 40 mins to fix

                            Consider simplifying this complex logical expression.
                            Open

                                if node_type? exp, :or
                                  decorated_model? exp.lhs or decorated_model? exp.rhs
                                else
                                  tracker.config.has_gem? :draper and
                                  call? exp and
                            Severity: Major
                            Found in lib/brakeman/checks/check_redirect.rb - About 40 mins to fix

                              Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                              Open

                                  def initialize name, parent, file_name, src, tracker
                              Severity: Minor
                              Found in lib/brakeman/tracker/library.rb - About 35 mins to fix

                                Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                Open

                                    def initialize name, parent, file_name, src, tracker
                                Severity: Minor
                                Found in lib/brakeman/tracker/controller.rb - About 35 mins to fix

                                  Method render_warnings has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                  Open

                                    def render_warnings warnings, type, template, cols, sort_col
                                  Severity: Minor
                                  Found in lib/brakeman/report/report_table.rb - About 35 mins to fix

                                    Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                    Open

                                        def initialize name, parent, file_name, src, tracker
                                    Severity: Minor
                                    Found in lib/brakeman/tracker/model.rb - About 35 mins to fix

                                      Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                      Open

                                          def initialize name, parent, file_name, src, tracker
                                      Severity: Minor
                                      Found in lib/brakeman/tracker/collection.rb - About 35 mins to fix

                                        Method process_template has 5 arguments (exceeds 4 allowed). Consider refactoring.
                                        Open

                                            def process_template name, src, type, called_from = nil, file_name = nil
                                        Severity: Minor
                                        Found in lib/brakeman/processor.rb - About 35 mins to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language