Showing 686 of 688 total issues
Improper neutralization of noscript
element content may allow XSS in Sanitize Open
sanitize (5.2.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-23627
Criticality: Medium
URL: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
Solution: upgrade to >= 6.0.1
CSRF vulnerability in OmniAuth's request phase Open
omniauth (1.9.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Solution: upgrade to >= 2.0.0
sinatra does not validate expanded path matches Open
sinatra (1.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-29970
Criticality: High
URL: https://github.com/sinatra/sinatra/pull/1683
Solution: upgrade to >= 2.2.0
Sinatra vulnerable to Reflected File Download attack Open
sinatra (1.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-45442
Criticality: High
URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
Solution: upgrade to ~> 2.2.3, >= 3.0.4
File node.rb
has 954 lines of code (exceeds 250 allowed). Consider refactoring. Open
class UniqueUrlValidator < ActiveModel::Validator
def validate(record)
if record.title.blank?
record.errors[:base] << "You must provide a title."
# otherwise the below title uniqueness check fails, as title presence validation doesn't run until after
- Create a ticketCreate a ticket
Class Node
has 105 methods (exceeds 20 allowed). Consider refactoring. Open
class Node < ActiveRecord::Base
extend RawStats
include NodeShared # common methods for node-like models
self.table_name = 'node'
- Create a ticketCreate a ticket
Method handle_site_login_flow
has a Cognitive Complexity of 77 (exceeds 5 allowed). Consider refactoring. Open
def handle_site_login_flow
username = params[:user_session][:username] if params[:user_session]
u = User.find_by(username: username) || User.find_by(email: username)
if u && u.password_checker != 0
n = u.password_checker
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Class User
has 71 methods (exceeds 20 allowed). Consider refactoring. Open
class User < ActiveRecord::Base
extend Utils
include Statistics
extend RawStats
self.table_name = 'rusers'
- Create a ticketCreate a ticket
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.18.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Uncontrolled Recursion in Loofah Open
loofah (2.18.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.18.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Method multiple_add
has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring. Open
def multiple_add
return_to = params[:return_to] || "/subscriptions?_=" + Time.now.to_i.to_s
if params[:tagnames].blank?
flash[:notice] = "Please enter tags for subscription in the url."
redirect_to return_to
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method add_tag
has a Cognitive Complexity of 51 (exceeds 5 allowed). Consider refactoring. Open
def add_tag(tagname, user)
if user.status == 1
tagname = tagname.downcase
unless has_tag_without_aliasing(tagname)
saved = false
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
File tag_controller.rb
has 492 lines of code (exceeds 250 allowed). Consider refactoring. Open
class TagController < ApplicationController
respond_to :html, :xml, :json, :ics
before_action :require_user, only: %i(create delete)
include Pagy::Backend
- Create a ticketCreate a ticket
Method can_tag
has a Cognitive Complexity of 50 (exceeds 5 allowed). Consider refactoring. Open
def can_tag(tagname, user, errors = false)
one_split = tagname.split(':')[1]
socials = { facebook: 'Facebook', github: 'Github', google_oauth2: 'Google', twitter: 'Twitter' }
if tagname[0..4] == 'with:'
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method index
has a Cognitive Complexity of 46 (exceeds 5 allowed). Consider refactoring. Open
def index
begin
permitted_params = params.permit(
'authenticity_token', 'back_to',
'commit',
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Class Comment
has 48 methods (exceeds 20 allowed). Consider refactoring. Open
class Comment < ApplicationRecord
include CommentsShared
extend RawStats
belongs_to :node, foreign_key: 'nid', touch: true, counter_cache: true
- Create a ticketCreate a ticket
File wiki_controller.rb
has 444 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'rss'
class WikiController < ApplicationController
before_action :require_user, only: %i(new create edit update delete replace)
- Create a ticketCreate a ticket
File user.rb
has 442 lines of code (exceeds 250 allowed). Consider refactoring. Open
class UniqueUsernameValidator < ActiveModel::Validator
def validate(record)
if User.find_by(username: record.username) && record.openid_identifier.nil?
record.errors[:base] << 'That username is already taken. If this is your username, you can simply log in to this site.'
end
- Create a ticketCreate a ticket
File users_controller.rb
has 440 lines of code (exceeds 250 allowed). Consider refactoring. Open
class UsersController < ApplicationController
before_action :require_no_user, only: [:new]
before_action :require_user, only: %i(edit update save_settings settings)
before_action :set_user, only: %i(info followed following followers)
- Create a ticketCreate a ticket