Sign upLogin

tyrbo/lolsummoners

View on GitHub
Star

Showing 154 of 154 total issues

Denial of Service Vulnerability in Action View
Open

    actionview (4.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Denial of service or RCE from libxml2 and libxslt
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-8806

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1473

Solution: upgrade to >= 1.6.8

Possible XSS vulnerability in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Possible XSS Vulnerability in Action View
Open

    actionview (4.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-6316

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1

Possible XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7578

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI

Solution: upgrade to >= 1.0.3

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

uglifier incorrectly handles non-boolean comparisons during minification
Open

    uglifier (2.7.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: OSVDB-126747

URL: https://github.com/mishoo/UglifyJS2/issues/751

Solution: upgrade to >= 2.7.2

Method perform has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def perform(region, summoner_id)
    player = Player.find_by(region: region, summoner_id: summoner_id)

    if player
      player.touch
Severity: Minor
Found in app/jobs/player_job.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_or_update has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def self.create_or_update(player, attributes, region, league)
    attributes['league_id'] = league.id
    attributes = prepare_attributes(attributes)

    begin
Severity: Minor
Found in app/lib/player_league_builder.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method handle_response has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def handle_response(response)
    if !response.nil?
      if response.response_code == 200
        JSON.parse(response.body_str)
      elsif response.response_code == 404
Severity: Minor
Found in app/lib/riot_api.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Do not suppress exceptions.
Open

rescue LoadError
Severity: Minor
Found in bin/rails by rubocop

This cop checks for rescue blocks with no body.

Example:

# bad

def some_method
  do_something
rescue
  # do nothing
end

Example:

# bad

begin
  do_something
rescue
  # do nothing
end

Example:

# good

def some_method
  do_something
rescue
  handle_exception
end

Example:

# good

begin
  do_something
rescue
  handle_exception
end

'title' is already defined.
Open

            var title, o = this.options;
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

disallow variable redeclaration (no-redeclare)

In JavaScript, it's possible to redeclare the same variable name using var. This can lead to confusion as to where the variable is actually declared and initialized.

Rule Details

This rule is aimed at eliminating variables that have multiple declarations in the same scope.

Examples of incorrect code for this rule:

/*eslint no-redeclare: "error"*/

var a = 3;
var a = 10;

Examples of correct code for this rule:

/*eslint no-redeclare: "error"*/

var a = 3;
// ...
a = 10;

Options

This rule takes one optional argument, an object with a boolean property "builtinGlobals". It defaults to false. If set to true, this rule also checks redeclaration of built-in globals, such as Object, Array, Number...

builtinGlobals

Examples of incorrect code for the { "builtinGlobals": true } option:

/*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/

var Object = 0;

Examples of incorrect code for the { "builtinGlobals": true } option and the browser environment:

/*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/
/*eslint-env browser*/

var top = 0;

The browser environment has many built-in global variables (for example, top). Some of built-in global variables cannot be redeclared. Source: http://eslint.org/docs/rules/

'document' is not defined.
Open

                boundLeft = $(document).scrollLeft() + margin,
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

Disallow Undeclared Variables (no-undef)

This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var keyword in a for loop initializer).

Rule Details

Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/ comment.

Examples of incorrect code for this rule:

/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

Examples of correct code for this rule with global declaration:

/*global someFunction b:true*/
/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

The b:true syntax in /*global */ indicates that assignment to b is correct.

Examples of incorrect code for this rule with global declaration:

/*global b*/
/*eslint no-undef: "error"*/

b = 10;

By default, variables declared in /*global */ are read-only, therefore assignment is incorrect.

Options

  • typeof set to true will warn for variables used inside typeof check (Default false).

typeof

Examples of correct code for the default { "typeof": false } option:

/*eslint no-undef: "error"*/

if (typeof UndefinedIdentifier === "undefined") {
    // do something ...
}

You can use this option if you want to prevent typeof check on a variable which has not been declared.

Examples of incorrect code for the { "typeof": true } option:

/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Examples of correct code for the { "typeof": true } option with global declaration:

/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Environments

For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.

browser

Examples of correct code for this rule with browser environment:

/*eslint no-undef: "error"*/
/*eslint-env browser*/

setTimeout(function() {
    alert("Hello");
});

node

Examples of correct code for this rule with node environment:

/*eslint no-undef: "error"*/
/*eslint-env node*/

var fs = require("fs");
module.exports = function() {
    console.log(fs);
};

When Not To Use It

If explicit declaration of global variables is not to your taste.

Compatibility

This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/

'window' is not defined.
Open

            if ($(window).width() + $(document).scrollLeft() - $this.offset().left < margin) dir.ew = 'e';
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

Disallow Undeclared Variables (no-undef)

This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var keyword in a for loop initializer).

Rule Details

Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/ comment.

Examples of incorrect code for this rule:

/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

Examples of correct code for this rule with global declaration:

/*global someFunction b:true*/
/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

The b:true syntax in /*global */ indicates that assignment to b is correct.

Examples of incorrect code for this rule with global declaration:

/*global b*/
/*eslint no-undef: "error"*/

b = 10;

By default, variables declared in /*global */ are read-only, therefore assignment is incorrect.

Options

  • typeof set to true will warn for variables used inside typeof check (Default false).

typeof

Examples of correct code for the default { "typeof": false } option:

/*eslint no-undef: "error"*/

if (typeof UndefinedIdentifier === "undefined") {
    // do something ...
}

You can use this option if you want to prevent typeof check on a variable which has not been declared.

Examples of incorrect code for the { "typeof": true } option:

/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Examples of correct code for the { "typeof": true } option with global declaration:

/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Environments

For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.

browser

Examples of correct code for this rule with browser environment:

/*eslint no-undef: "error"*/
/*eslint-env browser*/

setTimeout(function() {
    alert("Hello");
});

node

Examples of correct code for this rule with node environment:

/*eslint no-undef: "error"*/
/*eslint-env node*/

var fs = require("fs");
module.exports = function() {
    console.log(fs);
};

When Not To Use It

If explicit declaration of global variables is not to your taste.

Compatibility

This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/

Unnecessary semicolon.
Open

        };
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

disallow unnecessary semicolons (no-extra-semi)

Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.

Rule Details

This rule disallows unnecessary semicolons.

Examples of incorrect code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;;

function foo() {
    // code
};

Examples of correct code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;

var foo = function() {
    // code
};

When Not To Use It

If you intentionally use extra semicolons then you can disable this rule.

Related Rules

Unnecessary semicolon.
Open

    };
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

disallow unnecessary semicolons (no-extra-semi)

Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.

Rule Details

This rule disallows unnecessary semicolons.

Examples of incorrect code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;;

function foo() {
    // code
};

Examples of correct code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;

var foo = function() {
    // code
};

When Not To Use It

If you intentionally use extra semicolons then you can disable this rule.

Related Rules

Unnecessary semicolon.
Open

    };
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

disallow unnecessary semicolons (no-extra-semi)

Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.

Rule Details

This rule disallows unnecessary semicolons.

Examples of incorrect code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;;

function foo() {
    // code
};

Examples of correct code for this rule:

/*eslint no-extra-semi: "error"*/

var x = 5;

var foo = function() {
    // code
};

When Not To Use It

If you intentionally use extra semicolons then you can disable this rule.

Related Rules

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-1819

URL: https://github.com/sparklemotion/nokogiri/issues/1374

Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

'document' is not defined.
Open

                $tip.remove().css({top: 0, left: 0, visibility: 'hidden', display: 'block'}).prependTo(document.body);
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

Disallow Undeclared Variables (no-undef)

This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var keyword in a for loop initializer).

Rule Details

Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/ comment.

Examples of incorrect code for this rule:

/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

Examples of correct code for this rule with global declaration:

/*global someFunction b:true*/
/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

The b:true syntax in /*global */ indicates that assignment to b is correct.

Examples of incorrect code for this rule with global declaration:

/*global b*/
/*eslint no-undef: "error"*/

b = 10;

By default, variables declared in /*global */ are read-only, therefore assignment is incorrect.

Options

  • typeof set to true will warn for variables used inside typeof check (Default false).

typeof

Examples of correct code for the default { "typeof": false } option:

/*eslint no-undef: "error"*/

if (typeof UndefinedIdentifier === "undefined") {
    // do something ...
}

You can use this option if you want to prevent typeof check on a variable which has not been declared.

Examples of incorrect code for the { "typeof": true } option:

/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Examples of correct code for the { "typeof": true } option with global declaration:

/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Environments

For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.

browser

Examples of correct code for this rule with browser environment:

/*eslint no-undef: "error"*/
/*eslint-env browser*/

setTimeout(function() {
    alert("Hello");
});

node

Examples of correct code for this rule with node environment:

/*eslint no-undef: "error"*/
/*eslint-env node*/

var fs = require("fs");
module.exports = function() {
    console.log(fs);
};

When Not To Use It

If explicit declaration of global variables is not to your taste.

Compatibility

This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/

'document' is not defined.
Open

            if ($(window).width() + $(document).scrollLeft() - $this.offset().left < margin) dir.ew = 'e';
Severity: Minor
Found in app/assets/javascripts/jquery.tipsy.js by eslint

Disallow Undeclared Variables (no-undef)

This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var keyword in a for loop initializer).

Rule Details

Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/ comment.

Examples of incorrect code for this rule:

/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

Examples of correct code for this rule with global declaration:

/*global someFunction b:true*/
/*eslint no-undef: "error"*/

var a = someFunction();
b = 10;

The b:true syntax in /*global */ indicates that assignment to b is correct.

Examples of incorrect code for this rule with global declaration:

/*global b*/
/*eslint no-undef: "error"*/

b = 10;

By default, variables declared in /*global */ are read-only, therefore assignment is incorrect.

Options

  • typeof set to true will warn for variables used inside typeof check (Default false).

typeof

Examples of correct code for the default { "typeof": false } option:

/*eslint no-undef: "error"*/

if (typeof UndefinedIdentifier === "undefined") {
    // do something ...
}

You can use this option if you want to prevent typeof check on a variable which has not been declared.

Examples of incorrect code for the { "typeof": true } option:

/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Examples of correct code for the { "typeof": true } option with global declaration:

/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */

if(typeof a === "string"){}

Environments

For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.

browser

Examples of correct code for this rule with browser environment:

/*eslint no-undef: "error"*/
/*eslint-env browser*/

setTimeout(function() {
    alert("Hello");
});

node

Examples of correct code for this rule with node environment:

/*eslint no-undef: "error"*/
/*eslint-env node*/

var fs = require("fs");
module.exports = function() {
    console.log(fs);
};

When Not To Use It

If explicit declaration of global variables is not to your taste.

Compatibility

This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/

Severity
Category
Status
Source
Language