tootsuite/mastodon

View on GitHub

Showing 103 of 110 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/pull/809

Solution: remove or disable this gem until a patch is available!

Selectors must be placed on new lines
Open

ol, ul {

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Pseudo-elements must start with double colons
Open

q:before, q:after {

Pseudo-element

Rule pseudo-element will enforce that:

  • Pseudo-elements must start with double colons.
  • Pseudo-classes must start with single colon.

Examples

When enabled, the following are allowed:

.foo::before {
  content: "bar";
}

.foo:hover {
  content: "bar";
}

When enabled, the following are disallowed:

.foo:before {
  content: "bar";
}

.foo::hover {
  content: "bar";
}

Selectors must be placed on new lines
Open

del, dfn, em, img, ins, kbd, q, s, samp,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

dl, dt, dd, ol, ul, li,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

time, mark, audio, video {

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

article, aside, details, figcaption, figure,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Strings must use singlequote.
Open

    "f",
Severity: Minor
Found in streaming/index.js by eslint

enforce the consistent use of either backticks, double, or single quotes (quotes)

JavaScript allows you to define strings in one of three ways: double quotes, single quotes, and backticks (as of ECMAScript 6). For example:

/*eslint-env es6*/

var double = "double";
var single = 'single';
var backtick = `backtick`;    // ES6 only

Each of these lines creates a string and, in some cases, can be used interchangeably. The choice of how to define strings in a codebase is a stylistic one outside of template literals (which allow embedded of expressions to be interpreted).

Many codebases require strings to be defined in a consistent manner.

Rule Details

This rule enforces the consistent use of either backticks, double, or single quotes.

Options

This rule has two options, a string option and an object option.

String option:

  • "double" (default) requires the use of double quotes wherever possible
  • "single" requires the use of single quotes wherever possible
  • "backtick" requires the use of backticks wherever possible

Object option:

  • "avoidEscape": true allows strings to use single-quotes or double-quotes so long as the string contains a quote that would have to be escaped otherwise
  • "allowTemplateLiterals": true allows strings to use backticks

Deprecated: The object property avoid-escape is deprecated; please use the object property avoidEscape instead.

double

Examples of incorrect code for this rule with the default "double" option:

/*eslint quotes: ["error", "double"]*/

var single = 'single';
var unescaped = 'a string containing "double" quotes';
var backtick = `back\ntick`; // you can use \n in single or double quoted strings

Examples of correct code for this rule with the default "double" option:

/*eslint quotes: ["error", "double"]*/
/*eslint-env es6*/

var double = "double";
var backtick = `back
tick`;  // backticks are allowed due to newline
var backtick = tag`backtick`; // backticks are allowed due to tag

single

Examples of incorrect code for this rule with the "single" option:

/*eslint quotes: ["error", "single"]*/

var double = "double";
var unescaped = "a string containing 'single' quotes";

Examples of correct code for this rule with the "single" option:

/*eslint quotes: ["error", "single"]*/
/*eslint-env es6*/

var single = 'single';
var backtick = `back${x}tick`; // backticks are allowed due to substitution

backticks

Examples of incorrect code for this rule with the "backtick" option:

/*eslint quotes: ["error", "backtick"]*/

var single = 'single';
var double = "double";
var unescaped = 'a string containing `backticks`';

Examples of correct code for this rule with the "backtick" option:

/*eslint quotes: ["error", "backtick"]*/
/*eslint-env es6*/

var backtick = `backtick`;

avoidEscape

Examples of additional correct code for this rule with the "double", { "avoidEscape": true } options:

/*eslint quotes: ["error", "double", { "avoidEscape": true }]*/

var single = 'a string containing "double" quotes';

Examples of additional correct code for this rule with the "single", { "avoidEscape": true } options:

/*eslint quotes: ["error", "single", { "avoidEscape": true }]*/

var double = "a string containing 'single' quotes";

Examples of additional correct code for this rule with the "backtick", { "avoidEscape": true } options:

/*eslint quotes: ["error", "backtick", { "avoidEscape": true }]*/

var double = "a string containing `backtick` quotes"

allowTemplateLiterals

Examples of additional correct code for this rule with the "double", { "allowTemplateLiterals": true } options:

/*eslint quotes: ["error", "double", { "allowTemplateLiterals": true }]*/

var double = "double";
var double = `double`;

Examples of additional correct code for this rule with the "single", { "allowTemplateLiterals": true } options:

/*eslint quotes: ["error", "single", { "allowTemplateLiterals": true }]*/

var single = 'single';
var single = `single`;

{ "allowTemplateLiterals": false } will not disallow the usage of all template literals. If you want to forbid any instance of template literals, use no-restricted-syntax and target the TemplateLiteral selector.

When Not To Use It

If you do not need consistency in your string styles, you can safely disable this rule. Source: http://eslint.org/docs/rules/

Missing trailing comma.
Open

    "OFF"
Severity: Minor
Found in streaming/index.js by eslint

require or disallow trailing commas (comma-dangle)

Trailing commas in object literals are valid according to the ECMAScript 5 (and ECMAScript 3!) spec. However, IE8 (when not in IE8 document mode) and below will throw an error when it encounters trailing commas in JavaScript.

var foo = {
    bar: "baz",
    qux: "quux",
};

Trailing commas simplify adding and removing items to objects and arrays, since only the lines you are modifying must be touched. Another argument in favor of trailing commas is that it improves the clarity of diffs when an item is added or removed from an object or array:

Less clear:

var foo = {
-    bar: "baz",
-    qux: "quux"
+    bar: "baz"
 };

More clear:

var foo = {
     bar: "baz",
-    qux: "quux",
 };

Rule Details

This rule enforces consistent use of trailing commas in object and array literals.

Options

This rule has a string option or an object option:

{
    "comma-dangle": ["error", "never"],
    // or
    "comma-dangle": ["error", {
        "arrays": "never",
        "objects": "never",
        "imports": "never",
        "exports": "never",
        "functions": "never"
    }]
}
  • "never" (default) disallows trailing commas
  • "always" requires trailing commas
  • "always-multiline" requires trailing commas when the last element or property is in a different line than the closing ] or } and disallows trailing commas when the last element or property is on the same line as the closing ] or }
  • "only-multiline" allows (but does not require) trailing commas when the last element or property is in a different line than the closing ] or } and disallows trailing commas when the last element or property is on the same line as the closing ] or }

You can also use an object option to configure this rule for each type of syntax. Each of the following options can be set to "never", "always", "always-multiline", "only-multiline", or "ignore". The default for each option is "never" unless otherwise specified.

  • arrays is for array literals and array patterns of destructuring. (e.g. let [a,] = [1,];)
  • objects is for object literals and object patterns of destructuring. (e.g. let {a,} = {a: 1};)
  • imports is for import declarations of ES Modules. (e.g. import {a,} from "foo";)
  • exports is for export declarations of ES Modules. (e.g. export {a,};)
  • functions is for function declarations and function calls. (e.g. (function(a,){ })(b,);)
    • functions should only be enabled when linting ECMAScript 2017 or higher.

never

Examples of incorrect code for this rule with the default "never" option:

/*eslint comma-dangle: ["error", "never"]*/

var foo = {
    bar: "baz",
    qux: "quux",
};

var arr = [1,2,];

foo({
  bar: "baz",
  qux: "quux",
});

Examples of correct code for this rule with the default "never" option:

/*eslint comma-dangle: ["error", "never"]*/

var foo = {
    bar: "baz",
    qux: "quux"
};

var arr = [1,2];

foo({
  bar: "baz",
  qux: "quux"
});

always

Examples of incorrect code for this rule with the "always" option:

/*eslint comma-dangle: ["error", "always"]*/

var foo = {
    bar: "baz",
    qux: "quux"
};

var arr = [1,2];

foo({
  bar: "baz",
  qux: "quux"
});

Examples of correct code for this rule with the "always" option:

/*eslint comma-dangle: ["error", "always"]*/

var foo = {
    bar: "baz",
    qux: "quux",
};

var arr = [1,2,];

foo({
  bar: "baz",
  qux: "quux",
});

always-multiline

Examples of incorrect code for this rule with the "always-multiline" option:

/*eslint comma-dangle: ["error", "always-multiline"]*/

var foo = {
    bar: "baz",
    qux: "quux"
};

var foo = { bar: "baz", qux: "quux", };

var arr = [1,2,];

var arr = [1,
    2,];

var arr = [
    1,
    2
];

foo({
  bar: "baz",
  qux: "quux"
});

Examples of correct code for this rule with the "always-multiline" option:

/*eslint comma-dangle: ["error", "always-multiline"]*/

var foo = {
    bar: "baz",
    qux: "quux",
};

var foo = {bar: "baz", qux: "quux"};
var arr = [1,2];

var arr = [1,
    2];

var arr = [
    1,
    2,
];

foo({
  bar: "baz",
  qux: "quux",
});

only-multiline

Examples of incorrect code for this rule with the "only-multiline" option:

/*eslint comma-dangle: ["error", "only-multiline"]*/

var foo = { bar: "baz", qux: "quux", };

var arr = [1,2,];

var arr = [1,
    2,];

Examples of correct code for this rule with the "only-multiline" option:

/*eslint comma-dangle: ["error", "only-multiline"]*/

var foo = {
    bar: "baz",
    qux: "quux",
};

var foo = {
    bar: "baz",
    qux: "quux"
};

var foo = {bar: "baz", qux: "quux"};
var arr = [1,2];

var arr = [1,
    2];

var arr = [
    1,
    2,
];

var arr = [
    1,
    2
];

foo({
  bar: "baz",
  qux: "quux",
});

foo({
  bar: "baz",
  qux: "quux"
});

functions

Examples of incorrect code for this rule with the {"functions": "never"} option:

/*eslint comma-dangle: ["error", {"functions": "never"}]*/

function foo(a, b,) {
}

foo(a, b,);
new foo(a, b,);

Examples of correct code for this rule with the {"functions": "never"} option:

/*eslint comma-dangle: ["error", {"functions": "never"}]*/

function foo(a, b) {
}

foo(a, b);
new foo(a, b);

Examples of incorrect code for this rule with the {"functions": "always"} option:

/*eslint comma-dangle: ["error", {"functions": "always"}]*/

function foo(a, b) {
}

foo(a, b);
new foo(a, b);

Examples of correct code for this rule with the {"functions": "always"} option:

/*eslint comma-dangle: ["error", {"functions": "always"}]*/

function foo(a, b,) {
}

foo(a, b,);
new foo(a, b,);

When Not To Use It

You can turn this rule off if you are not concerned with dangling commas. Source: http://eslint.org/docs/rules/

Selectors must be placed on new lines
Open

a, abbr, acronym, address, big, cite, code,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

h1, h2, h3, h4, h5, h6, p, blockquote, pre,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

small, strike, strong, sub, sup, tt, var,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

table, caption, tbody, tfoot, thead, tr, th, td,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

article, aside, canvas, details, embed,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

No unit allowed for values of 0
Open

  border: 0px none $base-border-color;

Zero Unit

Rule zero-unit will enforce whether or not values of 0 used for length should be unitless.

Options

  • include: true/false (defaults to false)

Examples

When include: false, the following are allowed. When include: true, the following are disallowed:

.foo {
  margin: 0;
}

.bar {
  padding: 5px 0 0;
}

When include: true, the following are allowed. When include: false, the following are disallowed:

.foo {
  margin: 0px;
}

.bar {
  padding: 5px 0px 0px;
}

No unit allowed for values of 0
Open

  border: 0px none $base-border-color;

Zero Unit

Rule zero-unit will enforce whether or not values of 0 used for length should be unitless.

Options

  • include: true/false (defaults to false)

Examples

When include: false, the following are allowed. When include: true, the following are disallowed:

.foo {
  margin: 0;
}

.bar {
  padding: 5px 0 0;
}

When include: true, the following are allowed. When include: false, the following are disallowed:

.foo {
  margin: 0px;
}

.bar {
  padding: 5px 0px 0px;
}

Assignment Branch Condition size for process_update is too high. [<24, 120, 24> 124.7/100]
Open

  def process_update
    user.settings['notification_emails'] = merged_notification_emails if change?('notification_emails')
    user.settings['interactions']        = merged_interactions if change?('interactions')
    user.settings['default_privacy']     = default_privacy_preference if change?('setting_default_privacy')
    user.settings['default_sensitive']   = default_sensitive_preference if change?('setting_default_sensitive')
Severity: Minor
Found in app/lib/user_settings_decorator.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric and https://en.wikipedia.org/wiki/ABC_Software_Metric.

Selectors must be placed on new lines
Open

html, body, div, span, applet, object, iframe,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

html, body, div, span, applet, object, iframe,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

h1, h2, h3, h4, h5, h6, p, blockquote, pre,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}
Severity
Category
Status
Source
Language