publiclab/plots2

View on GitHub

Showing 686 of 688 total issues

Improper neutralization of noscript element content may allow XSS in Sanitize
Open

    sanitize (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-23627

Criticality: Medium

URL: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7

Solution: upgrade to >= 6.0.1

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

sinatra does not validate expanded path matches
Open

    sinatra (1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

File node.rb has 954 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UniqueUrlValidator < ActiveModel::Validator
  def validate(record)
    if record.title.blank?
      record.errors[:base] << "You must provide a title."
      # otherwise the below title uniqueness check fails, as title presence validation doesn't run until after
Severity: Major
Found in app/models/node.rb - About 2 days to fix

Class Node has 105 methods (exceeds 20 allowed). Consider refactoring.
Open

class Node < ActiveRecord::Base
  extend RawStats
  include NodeShared # common methods for node-like models

  self.table_name = 'node'
Severity: Major
Found in app/models/node.rb - About 2 days to fix

Method handle_site_login_flow has a Cognitive Complexity of 77 (exceeds 5 allowed). Consider refactoring.
Open

  def handle_site_login_flow
    username = params[:user_session][:username] if params[:user_session]
    u = User.find_by(username: username) || User.find_by(email: username)
    if u && u.password_checker != 0
      n = u.password_checker
Severity: Minor
Found in app/controllers/user_sessions_controller.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Class User has 71 methods (exceeds 20 allowed). Consider refactoring.
Open

class User < ActiveRecord::Base
  extend Utils
  include Statistics
  extend RawStats
  self.table_name = 'rusers'
Severity: Major
Found in app/models/user.rb - About 1 day to fix

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.18.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Uncontrolled Recursion in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Method multiple_add has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def multiple_add
    return_to = params[:return_to] || "/subscriptions?_=" + Time.now.to_i.to_s
    if params[:tagnames].blank?
      flash[:notice] = "Please enter tags for subscription in the url."
      redirect_to return_to
Severity: Minor
Found in app/controllers/subscription_controller.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method add_tag has a Cognitive Complexity of 51 (exceeds 5 allowed). Consider refactoring.
Open

  def add_tag(tagname, user)
    if user.status == 1
      tagname = tagname.downcase
      unless has_tag_without_aliasing(tagname)
        saved = false
Severity: Minor
Found in app/models/node.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File tag_controller.rb has 492 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class TagController < ApplicationController
  respond_to :html, :xml, :json, :ics
  before_action :require_user, only: %i(create delete)
  include Pagy::Backend

Severity: Minor
Found in app/controllers/tag_controller.rb - About 7 hrs to fix

Method can_tag has a Cognitive Complexity of 50 (exceeds 5 allowed). Consider refactoring.
Open

  def can_tag(tagname, user, errors = false)
    one_split = tagname.split(':')[1]
    socials = { facebook: 'Facebook', github: 'Github', google_oauth2: 'Google', twitter: 'Twitter' }

    if tagname[0..4] == 'with:'
Severity: Minor
Found in app/models/node.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method index has a Cognitive Complexity of 46 (exceeds 5 allowed). Consider refactoring.
Open

  def index
    begin
      permitted_params = params.permit(
        'authenticity_token', 'back_to',
        'commit',
Severity: Minor
Found in app/controllers/openid_controller.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Class Comment has 48 methods (exceeds 20 allowed). Consider refactoring.
Open

class Comment < ApplicationRecord
  include CommentsShared
  extend RawStats

  belongs_to :node, foreign_key: 'nid', touch: true, counter_cache: true
Severity: Minor
Found in app/models/comment.rb - About 6 hrs to fix

File wiki_controller.rb has 444 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rss'

class WikiController < ApplicationController
  before_action :require_user, only: %i(new create edit update delete replace)

Severity: Minor
Found in app/controllers/wiki_controller.rb - About 6 hrs to fix

File user.rb has 442 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UniqueUsernameValidator < ActiveModel::Validator
  def validate(record)
    if User.find_by(username: record.username) && record.openid_identifier.nil?
      record.errors[:base] << 'That username is already taken. If this is your username, you can simply log in to this site.'
    end
Severity: Minor
Found in app/models/user.rb - About 6 hrs to fix

File users_controller.rb has 440 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UsersController < ApplicationController
  before_action :require_no_user, only: [:new]
  before_action :require_user, only: %i(edit update save_settings settings)
   before_action :set_user, only: %i(info followed following followers)

Severity: Minor
Found in app/controllers/users_controller.rb - About 6 hrs to fix
Severity
Category
Status
Source
Language