Sign upLogin

travis-ci/job-board

View on GitHub
Star

Showing 92 of 92 total issues

HTTP Request Smuggling in puma
Open

    puma (3.12.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.12.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.12.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Information Exposure with Puma when used with Rails
Open

    puma (3.12.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

sinatra does not validate expanded path matches
Open

    sinatra (2.0.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (2.0.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Method build_candidate_tags has 50 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    private def build_candidate_tags
      full_tag_set = {}
      candidate_tags = []

      add_default_tag = proc do |tag|
Severity: Minor
Found in lib/job_board/job_queries_transformer.rb - About 2 hrs to fix

    Method reclaim_for_queue has 49 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        private def reclaim_for_queue(redis: nil, site: '', queue_name: '',
                                  cutoff_seconds: 120)
      reclaimed_for_queue = []
      claimed_by_id = redis.hgetall("queue:#{site}:#{queue_name}:claims")
      claimed_by_processor = {}
    Severity: Minor
    Found in lib/job_board/job_queue_reconciler.rb - About 1 hr to fix

      Method reconcile! has 44 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          def reconcile!(with_ids: JobBoard.config.reconcile_stats_with_ids,
                   purge_unknown: false,
                   cutoff_seconds: JobBoard.config.reconcile_cutoff_seconds)
      JobBoard.logger.info('starting reconciliation process')
      start_time = Time.now
      Severity: Minor
      Found in lib/job_board/job_queue_reconciler.rb - About 1 hr to fix

        Method reconcile! has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
        Open

            def reconcile!(with_ids: JobBoard.config.reconcile_stats_with_ids,
                   purge_unknown: false,
                   cutoff_seconds: JobBoard.config.reconcile_cutoff_seconds)
      JobBoard.logger.info('starting reconciliation process')
      start_time = Time.now
        Severity: Minor
        Found in lib/job_board/job_queue_reconciler.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method build_candidate_tags has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
        Open

            private def build_candidate_tags
      full_tag_set = {}
      candidate_tags = []

      add_default_tag = proc do |tag|
        Severity: Minor
        Found in lib/job_board/job_queries_transformer.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method run has 30 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

              def run
        results = { :@site => site }

        if queue_name.empty?
          results[:jobs] = JobBoard::JobQueue.for_site(
        Severity: Minor
        Found in lib/job_board/services/search_jobs.rb - About 1 hr to fix

          Method run has 29 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

                def run
        return nil if job_id.empty? || site.empty?

        job = {}
        db_job = fetch_db_job
          Severity: Minor
          Found in lib/job_board/services/fetch_job.rb - About 1 hr to fix

            Method call has 29 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                def call(env)
      auth = Request.new(env)

      if site_paths =~ auth.request.path_info &&
         !env.key?('HTTP_TRAVIS_SITE')
            Severity: Minor
            Found in lib/job_board/auth.rb - About 1 hr to fix

              Method call has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
              Open

                  def call(env)
      auth = Request.new(env)

      if site_paths =~ auth.request.path_info &&
         !env.key?('HTTP_TRAVIS_SITE')
              Severity: Minor
              Found in lib/job_board/auth.rb - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method claim has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
              Open

                  def claim(processor: '')
      raise Invalid, 'missing processor name' if processor.empty?

      claimed = nil
              Severity: Minor
              Found in lib/job_board/job_queue.rb - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Severity
              Category
              Status
              Source
              Language