Sign upLogin

publiclab/mapknitter

View on GitHub
Star
app/controllers/export_controller.rb

Summary

Maintainability
A
1 hr
Test Coverage

Parameter value used in file name
Open

    send_file('public/warps/' + params[:id] + '/' + params[:id] + '-geo.tif')
Severity: Critical
Found in app/controllers/export_controller.rb by brakeman

Using user input when accessing files (local or remote) will raise a warning in Brakeman.

For example

File.open("/tmp/#{cookie[:file]}")

will raise an error like

Cookie value used in file name near line 4: File.open("/tmp/#{cookie[:file]}")

This type of vulnerability can be used to access arbitrary files on a server (including /etc/passwd.

Parameter value used in file name
Open

    send_file('public/warps/' + params[:id] + '/' + params[:id] + '.jpg')
Severity: Critical
Found in app/controllers/export_controller.rb by brakeman

Using user input when accessing files (local or remote) will raise a warning in Brakeman.

For example

File.open("/tmp/#{cookie[:file]}")

will raise an error like

Cookie value used in file name near line 4: File.open("/tmp/#{cookie[:file]}")

This type of vulnerability can be used to access arbitrary files on a server (including /etc/passwd.

Method progress has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def progress
    map = Map.find_by(id: params[:id])
    export = map.export
    output = if export.present?
      if export.status == 'complete'
Severity: Minor
Found in app/controllers/export_controller.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cancel has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def cancel
    @map = Map.find_by(id: params[:id])
    if @map.anonymous? || logged_in?
      export = @map.export
      export.status = 'none'
Severity: Minor
Found in app/controllers/export_controller.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

There are no issues that match your filters.

Category
Status