Showing 154 of 154 total issues
Denial of Service Vulnerability in Action View Open
actionview (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Denial of service or RCE from libxml2 and libxslt Open
nokogiri (1.6.6.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-8806
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1473
Solution: upgrade to >= 1.6.8
Possible XSS vulnerability in Rack Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
Possible XSS Vulnerability in Action View Open
actionview (4.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6316
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1
Possible XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7578
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Solution: upgrade to >= 1.0.3
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
uglifier incorrectly handles non-boolean comparisons during minification Open
uglifier (2.7.1)
- Read upRead up
- Exclude checks
Advisory: OSVDB-126747
URL: https://github.com/mishoo/UglifyJS2/issues/751
Solution: upgrade to >= 2.7.2
Method perform
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def perform(region, summoner_id)
player = Player.find_by(region: region, summoner_id: summoner_id)
if player
player.touch
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method create_or_update
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def self.create_or_update(player, attributes, region, league)
attributes['league_id'] = league.id
attributes = prepare_attributes(attributes)
begin
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method handle_response
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def handle_response(response)
if !response.nil?
if response.response_code == 200
JSON.parse(response.body_str)
elsif response.response_code == 404
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Do not suppress exceptions. Open
rescue LoadError
- Read upRead up
- Exclude checks
This cop checks for rescue blocks with no body.
Example:
# bad
def some_method
do_something
rescue
# do nothing
end
Example:
# bad
begin
do_something
rescue
# do nothing
end
Example:
# good
def some_method
do_something
rescue
handle_exception
end
Example:
# good
begin
do_something
rescue
handle_exception
end
'title' is already defined. Open
var title, o = this.options;
- Read upRead up
- Exclude checks
disallow variable redeclaration (no-redeclare)
In JavaScript, it's possible to redeclare the same variable name using var
. This can lead to confusion as to where the variable is actually declared and initialized.
Rule Details
This rule is aimed at eliminating variables that have multiple declarations in the same scope.
Examples of incorrect code for this rule:
/*eslint no-redeclare: "error"*/
var a = 3;
var a = 10;
Examples of correct code for this rule:
/*eslint no-redeclare: "error"*/
var a = 3;
// ...
a = 10;
Options
This rule takes one optional argument, an object with a boolean property "builtinGlobals"
. It defaults to false
.
If set to true
, this rule also checks redeclaration of built-in globals, such as Object
, Array
, Number
...
builtinGlobals
Examples of incorrect code for the { "builtinGlobals": true }
option:
/*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/
var Object = 0;
Examples of incorrect code for the { "builtinGlobals": true }
option and the browser
environment:
/*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/
/*eslint-env browser*/
var top = 0;
The browser
environment has many built-in global variables (for example, top
). Some of built-in global variables cannot be redeclared.
Source: http://eslint.org/docs/rules/
'document' is not defined. Open
boundLeft = $(document).scrollLeft() + margin,
- Read upRead up
- Exclude checks
Disallow Undeclared Variables (no-undef)
This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var
keyword in a for
loop initializer).
Rule Details
Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/
comment.
Examples of incorrect code for this rule:
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
Examples of correct code for this rule with global
declaration:
/*global someFunction b:true*/
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
The b:true
syntax in /*global */
indicates that assignment to b
is correct.
Examples of incorrect code for this rule with global
declaration:
/*global b*/
/*eslint no-undef: "error"*/
b = 10;
By default, variables declared in /*global */
are read-only, therefore assignment is incorrect.
Options
-
typeof
set to true will warn for variables used inside typeof check (Default false).
typeof
Examples of correct code for the default { "typeof": false }
option:
/*eslint no-undef: "error"*/
if (typeof UndefinedIdentifier === "undefined") {
// do something ...
}
You can use this option if you want to prevent typeof
check on a variable which has not been declared.
Examples of incorrect code for the { "typeof": true }
option:
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Examples of correct code for the { "typeof": true }
option with global
declaration:
/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Environments
For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.
browser
Examples of correct code for this rule with browser
environment:
/*eslint no-undef: "error"*/
/*eslint-env browser*/
setTimeout(function() {
alert("Hello");
});
node
Examples of correct code for this rule with node
environment:
/*eslint no-undef: "error"*/
/*eslint-env node*/
var fs = require("fs");
module.exports = function() {
console.log(fs);
};
When Not To Use It
If explicit declaration of global variables is not to your taste.
Compatibility
This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/
'window' is not defined. Open
if ($(window).width() + $(document).scrollLeft() - $this.offset().left < margin) dir.ew = 'e';
- Read upRead up
- Exclude checks
Disallow Undeclared Variables (no-undef)
This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var
keyword in a for
loop initializer).
Rule Details
Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/
comment.
Examples of incorrect code for this rule:
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
Examples of correct code for this rule with global
declaration:
/*global someFunction b:true*/
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
The b:true
syntax in /*global */
indicates that assignment to b
is correct.
Examples of incorrect code for this rule with global
declaration:
/*global b*/
/*eslint no-undef: "error"*/
b = 10;
By default, variables declared in /*global */
are read-only, therefore assignment is incorrect.
Options
-
typeof
set to true will warn for variables used inside typeof check (Default false).
typeof
Examples of correct code for the default { "typeof": false }
option:
/*eslint no-undef: "error"*/
if (typeof UndefinedIdentifier === "undefined") {
// do something ...
}
You can use this option if you want to prevent typeof
check on a variable which has not been declared.
Examples of incorrect code for the { "typeof": true }
option:
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Examples of correct code for the { "typeof": true }
option with global
declaration:
/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Environments
For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.
browser
Examples of correct code for this rule with browser
environment:
/*eslint no-undef: "error"*/
/*eslint-env browser*/
setTimeout(function() {
alert("Hello");
});
node
Examples of correct code for this rule with node
environment:
/*eslint no-undef: "error"*/
/*eslint-env node*/
var fs = require("fs");
module.exports = function() {
console.log(fs);
};
When Not To Use It
If explicit declaration of global variables is not to your taste.
Compatibility
This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/
Unnecessary semicolon. Open
};
- Read upRead up
- Exclude checks
disallow unnecessary semicolons (no-extra-semi)
Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.
Rule Details
This rule disallows unnecessary semicolons.
Examples of incorrect code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;;
function foo() {
// code
};
Examples of correct code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;
var foo = function() {
// code
};
When Not To Use It
If you intentionally use extra semicolons then you can disable this rule.
Related Rules
- [semi](semi.md)
- [semi-spacing](semi-spacing.md) Source: http://eslint.org/docs/rules/
Unnecessary semicolon. Open
};
- Read upRead up
- Exclude checks
disallow unnecessary semicolons (no-extra-semi)
Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.
Rule Details
This rule disallows unnecessary semicolons.
Examples of incorrect code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;;
function foo() {
// code
};
Examples of correct code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;
var foo = function() {
// code
};
When Not To Use It
If you intentionally use extra semicolons then you can disable this rule.
Related Rules
- [semi](semi.md)
- [semi-spacing](semi-spacing.md) Source: http://eslint.org/docs/rules/
Unnecessary semicolon. Open
};
- Read upRead up
- Exclude checks
disallow unnecessary semicolons (no-extra-semi)
Typing mistakes and misunderstandings about where semicolons are required can lead to semicolons that are unnecessary. While not technically an error, extra semicolons can cause confusion when reading code.
Rule Details
This rule disallows unnecessary semicolons.
Examples of incorrect code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;;
function foo() {
// code
};
Examples of correct code for this rule:
/*eslint no-extra-semi: "error"*/
var x = 5;
var foo = function() {
// code
};
When Not To Use It
If you intentionally use extra semicolons then you can disable this rule.
Related Rules
- [semi](semi.md)
- [semi-spacing](semi-spacing.md) Source: http://eslint.org/docs/rules/
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.6.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1819
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4
'document' is not defined. Open
$tip.remove().css({top: 0, left: 0, visibility: 'hidden', display: 'block'}).prependTo(document.body);
- Read upRead up
- Exclude checks
Disallow Undeclared Variables (no-undef)
This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var
keyword in a for
loop initializer).
Rule Details
Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/
comment.
Examples of incorrect code for this rule:
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
Examples of correct code for this rule with global
declaration:
/*global someFunction b:true*/
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
The b:true
syntax in /*global */
indicates that assignment to b
is correct.
Examples of incorrect code for this rule with global
declaration:
/*global b*/
/*eslint no-undef: "error"*/
b = 10;
By default, variables declared in /*global */
are read-only, therefore assignment is incorrect.
Options
-
typeof
set to true will warn for variables used inside typeof check (Default false).
typeof
Examples of correct code for the default { "typeof": false }
option:
/*eslint no-undef: "error"*/
if (typeof UndefinedIdentifier === "undefined") {
// do something ...
}
You can use this option if you want to prevent typeof
check on a variable which has not been declared.
Examples of incorrect code for the { "typeof": true }
option:
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Examples of correct code for the { "typeof": true }
option with global
declaration:
/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Environments
For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.
browser
Examples of correct code for this rule with browser
environment:
/*eslint no-undef: "error"*/
/*eslint-env browser*/
setTimeout(function() {
alert("Hello");
});
node
Examples of correct code for this rule with node
environment:
/*eslint no-undef: "error"*/
/*eslint-env node*/
var fs = require("fs");
module.exports = function() {
console.log(fs);
};
When Not To Use It
If explicit declaration of global variables is not to your taste.
Compatibility
This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/
'document' is not defined. Open
if ($(window).width() + $(document).scrollLeft() - $this.offset().left < margin) dir.ew = 'e';
- Read upRead up
- Exclude checks
Disallow Undeclared Variables (no-undef)
This rule can help you locate potential ReferenceErrors resulting from misspellings of variable and parameter names, or accidental implicit globals (for example, from forgetting the var
keyword in a for
loop initializer).
Rule Details
Any reference to an undeclared variable causes a warning, unless the variable is explicitly mentioned in a /*global ...*/
comment.
Examples of incorrect code for this rule:
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
Examples of correct code for this rule with global
declaration:
/*global someFunction b:true*/
/*eslint no-undef: "error"*/
var a = someFunction();
b = 10;
The b:true
syntax in /*global */
indicates that assignment to b
is correct.
Examples of incorrect code for this rule with global
declaration:
/*global b*/
/*eslint no-undef: "error"*/
b = 10;
By default, variables declared in /*global */
are read-only, therefore assignment is incorrect.
Options
-
typeof
set to true will warn for variables used inside typeof check (Default false).
typeof
Examples of correct code for the default { "typeof": false }
option:
/*eslint no-undef: "error"*/
if (typeof UndefinedIdentifier === "undefined") {
// do something ...
}
You can use this option if you want to prevent typeof
check on a variable which has not been declared.
Examples of incorrect code for the { "typeof": true }
option:
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Examples of correct code for the { "typeof": true }
option with global
declaration:
/*global a*/
/*eslint no-undef: ["error", { "typeof": true }] */
if(typeof a === "string"){}
Environments
For convenience, ESLint provides shortcuts that pre-define global variables exposed by popular libraries and runtime environments. This rule supports these environments, as listed in Specifying Environments. A few examples are given below.
browser
Examples of correct code for this rule with browser
environment:
/*eslint no-undef: "error"*/
/*eslint-env browser*/
setTimeout(function() {
alert("Hello");
});
node
Examples of correct code for this rule with node
environment:
/*eslint no-undef: "error"*/
/*eslint-env node*/
var fs = require("fs");
module.exports = function() {
console.log(fs);
};
When Not To Use It
If explicit declaration of global variables is not to your taste.
Compatibility
This rule provides compatibility with treatment of global variables in JSHint and JSLint. Source: http://eslint.org/docs/rules/