Sign upLogin

voxable-labs/hg

View on GitHub
Star

Showing 436 of 436 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Loofah XSS Vulnerability
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Cross-site Scripting in Sidekiq
Open

    sidekiq (5.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30151

Criticality: Medium

URL: https://github.com/advisories/GHSA-grh7-935j-hg6w

Solution: upgrade to ~> 5.2.0, >= 6.2.1

Method has too many lines. [57/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Assignment Branch Condition size for perform is too high. [57.39/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method perform has a Cognitive Complexity of 34 (exceeds 5 allowed). Consider refactoring.
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Assignment Branch Condition size for initialize_message_handlers is too high. [43.21/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

        def initialize_message_handlers
          ::Facebook::Messenger::Bot.on :postback do |postback|
            begin
              # Show a typing indicator to the user
              show_typing(postback.sender['id'])
Severity: Minor
Found in lib/hg/messenger/bot.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method has too many lines. [37/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def query(message, context_name: nil)
      # TODO: which logger?
      retry_counter = 0

      begin
Severity: Minor
Found in lib/hg/api_ai_client.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method has too many lines. [30/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

        def initialize_message_handlers
          ::Facebook::Messenger::Bot.on :postback do |postback|
            begin
              # Show a typing indicator to the user
              show_typing(postback.sender['id'])
Severity: Minor
Found in lib/hg/messenger/bot.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Assignment Branch Condition size for query is too high. [34.06/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

    def query(message, context_name: nil)
      # TODO: which logger?
      retry_counter = 0

      begin
Severity: Minor
Found in lib/hg/api_ai_client.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

File chunk.rb has 317 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Hg
  module Chunk
    def self.included(base)
      base.extend ClassMethods
      base.prepend Initializer
Severity: Minor
Found in lib/hg/chunk.rb - About 3 hrs to fix

Perceived complexity for perform is too high. [18/7]
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Method has too many lines. [21/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest postback for this user
      raw_postback = pop_raw_postback(user_id, redis_namespace)

      # Do nothing if no postback available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/postback_worker.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Severity
Category
Status
Source
Language