Showing 943 of 943 total issues
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
RuboCop gem Insecure use of /tmp Open
rubocop (0.42.0)- Read upRead up
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.7.0)- Read upRead up
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.6.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Method has too many lines. [18/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def build_single_marker(volop, marker)
location = volop.first
vol_ops = volop.last
source = VolunteerOp.get_source(vol_ops)
marker.lat location.latitude- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [18/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def self.build params
params.require(:proposed_organisation).permit(
:superadmin_email_to_add,
:description,
:address,- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class Organisation has 27 methods (exceeds 20 allowed). Consider refactoring. Open
class Organisation < BaseOrganisation
has_many :volunteer_ops
has_many :users
has_many :edits, class_name: 'ProposedOrganisationEdit', :dependent => :destroyMethod has too many lines. [15/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def devise_error_messages!
return "" if resource.errors.empty?
errors = resource.errors
reset_token_error = errors.to_hash.fetch(:reset_password_token,'')- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [15/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def show
render template: 'pages/404', status: 404 and return if @organisation.nil?
organisations = Organisation.where(id: @organisation.id)
if current_user
@pending_org_admin = current_user.pending_org_admin? @organisation- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [15/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def self.build params
params.require(:organisation).permit(
:superadmin_email_to_add,
:description,
:address,- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for show is too high. [24.49/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def show
render template: 'pages/404', status: 404 and return if @organisation.nil?
organisations = Organisation.where(id: @organisation.id)
if current_user
@pending_org_admin = current_user.pending_org_admin? @organisation- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [13/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def persist_doit_vol_ops(opportunities)
opportunities.each do |op|
model_klass.find_or_create_by(doit_op_id: op['id']) do |model|
model.source = 'doit'
model.latitude = op['lat']- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [13/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def build_map_markers(organisations)
::MapMarkerJson.build(organisations) do |org, marker|
marker.lat org.latitude
marker.lng org.longitude
marker.infowindow render_to_string(partial: 'organisations/popup', locals: {org: org})- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for after_sign_in_path_for is too high. [22.36/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def after_sign_in_path_for(resource)
set_flash_warning_reminder_to_update_details resource
return edit_user_path id: current_user.id if session[:pending_organisation_id]
return organisation_path(current_user.organisation) if current_user.organisation
return session[:previous_url] if session[:previous_url]- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric