Sign upLogin

publiclab/plots2

View on GitHub
Star

Showing 686 of 688 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Improper neutralization of noscript element content may allow XSS in Sanitize
Open

    sanitize (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

sinatra does not validate expanded path matches
Open

    sinatra (1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

File node.rb has 954 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UniqueUrlValidator < ActiveModel::Validator
  def validate(record)
    if record.title.blank?
      record.errors[:base] << "You must provide a title."
      # otherwise the below title uniqueness check fails, as title presence validation doesn't run until after
Severity: Major
Found in app/models/node.rb - About 2 days to fix

Class Node has 105 methods (exceeds 20 allowed). Consider refactoring.
Open

class Node < ActiveRecord::Base
  extend RawStats
  include NodeShared # common methods for node-like models
 
  self.table_name = 'node'
Severity: Major
Found in app/models/node.rb - About 2 days to fix

Method handle_site_login_flow has a Cognitive Complexity of 77 (exceeds 5 allowed). Consider refactoring.
Open

  def handle_site_login_flow
    username = params[:user_session][:username] if params[:user_session]
    u = User.find_by(username: username) || User.find_by(email: username)
    if u && u.password_checker != 0
      n = u.password_checker
Severity: Minor
Found in app/controllers/user_sessions_controller.rb - About 1 day to fix

Class User has 71 methods (exceeds 20 allowed). Consider refactoring.
Open

class User < ActiveRecord::Base
  extend Utils
  include Statistics
  extend RawStats
  self.table_name = 'rusers'
Severity: Major
Found in app/models/user.rb - About 1 day to fix

Uncontrolled Recursion in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.18.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Method multiple_add has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def multiple_add
    return_to = params[:return_to] || "/subscriptions?_=" + Time.now.to_i.to_s
    if params[:tagnames].blank?
      flash[:notice] = "Please enter tags for subscription in the url."
      redirect_to return_to
Severity: Minor
Found in app/controllers/subscription_controller.rb - About 1 day to fix

Method add_tag has a Cognitive Complexity of 51 (exceeds 5 allowed). Consider refactoring.
Open

  def add_tag(tagname, user)
    if user.status == 1
      tagname = tagname.downcase
      unless has_tag_without_aliasing(tagname)
        saved = false
Severity: Minor
Found in app/models/node.rb - About 7 hrs to fix

File tag_controller.rb has 492 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class TagController < ApplicationController
  respond_to :html, :xml, :json, :ics
  before_action :require_user, only: %i(create delete)
  include Pagy::Backend
 
 
Severity: Minor
Found in app/controllers/tag_controller.rb - About 7 hrs to fix

Method can_tag has a Cognitive Complexity of 50 (exceeds 5 allowed). Consider refactoring.
Open

  def can_tag(tagname, user, errors = false)
    one_split = tagname.split(':')[1]
    socials = { facebook: 'Facebook', github: 'Github', google_oauth2: 'Google', twitter: 'Twitter' }
 
    if tagname[0..4] == 'with:'
Severity: Minor
Found in app/models/node.rb - About 7 hrs to fix

Method index has a Cognitive Complexity of 46 (exceeds 5 allowed). Consider refactoring.
Open

  def index
    begin
      permitted_params = params.permit(
        'authenticity_token', 'back_to',
        'commit',
Severity: Minor
Found in app/controllers/openid_controller.rb - About 7 hrs to fix

Class Comment has 48 methods (exceeds 20 allowed). Consider refactoring.
Open

class Comment < ApplicationRecord
  include CommentsShared
  extend RawStats
 
  belongs_to :node, foreign_key: 'nid', touch: true, counter_cache: true
Severity: Minor
Found in app/models/comment.rb - About 6 hrs to fix

File wiki_controller.rb has 444 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rss'
 
class WikiController < ApplicationController
  before_action :require_user, only: %i(new create edit update delete replace)
 
 
Severity: Minor
Found in app/controllers/wiki_controller.rb - About 6 hrs to fix

File user.rb has 442 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UniqueUsernameValidator < ActiveModel::Validator
  def validate(record)
    if User.find_by(username: record.username) && record.openid_identifier.nil?
      record.errors[:base] << 'That username is already taken. If this is your username, you can simply log in to this site.'
    end
Severity: Minor
Found in app/models/user.rb - About 6 hrs to fix

File users_controller.rb has 440 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UsersController < ApplicationController
  before_action :require_no_user, only: [:new]
  before_action :require_user, only: %i(edit update save_settings settings)
   before_action :set_user, only: %i(info followed following followers)
 
 
Severity: Minor
Found in app/controllers/users_controller.rb - About 6 hrs to fix
Severity
Category
Status
Source
Language