Showing 154 of 154 total issues
Function tipsy
has 43 lines of code (exceeds 25 allowed). Consider refactoring. Open
$.fn.tipsy = function(options) {
if (options === true) {
return this.data('tipsy');
} else if (typeof options == 'string') {
Assignment Branch Condition size for find_by_page is too high. [20.64/20] Open
def find_by_page(page)
redis_ids = find_redis_ranks(page)
players = Player.includes(player_league: :league).find_players_by_region(redis_ids)
# Temporary fix
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Similar blocks of code found in 2 locations. Consider refactoring. Open
if ($(window).height() + $(document).scrollTop() - $this.offset().top < margin) dir.ns = 's';
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 60.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
if ($(window).width() + $(document).scrollLeft() - $this.offset().left < margin) dir.ew = 'e';
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 60.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Timing attack vulnerability in basic authentication in Action Controller. Open
actionpack (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7576
Criticality: Low
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
File Content Disclosure in Action View Open
actionview (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5418
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3
Possible remote code execution vulnerability in Action Pack Open
actionpack (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2098
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14
Broken Access Control vulnerability in Active Job Open
activejob (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
Possible Input Validation Circumvention in Active Model Open
activemodel (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0753
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14
Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 Open
nokogiri (1.6.6.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Solution: upgrade to >= 1.6.7.2
Object leak vulnerability for wildcard controller routes in Action Pack Open
actionpack (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7581
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14
Possible Information Leak Vulnerability in Action View Open
actionview (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0752
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14
Nokogiri gem contains several vulnerabilities in libxml2 Open
nokogiri (1.6.6.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Solution: upgrade to >= 1.6.7.1
Possible information leak / session hijack vulnerability Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3741
URL: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ
Solution: upgrade to >= 1.0.4
Possible XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7580
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Solution: upgrade to >= 1.0.3
Unsafe Query Generation Risk in Active Record Open
activerecord (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6317
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
Solution: upgrade to >= 4.2.7.1
Nested attributes rejection proc bypass in Active Record Open
activerecord (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7577
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Potential remote code execution of user-provided local names in ActionView Open
actionview (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8163
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
Solution: upgrade to >= 4.2.11.2
Possible Object Leak and Denial of Service attack in Action Pack Open
actionpack (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0751
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1