Sign upLogin

voxable-labs/hg

View on GitHub
Star

Showing 436 of 436 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Loofah XSS Vulnerability
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Denial of service in sidekiq
Open

    sidekiq (5.1.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

Method has too many lines. [57/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Assignment Branch Condition size for perform is too high. [57.39/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method perform has a Cognitive Complexity of 34 (exceeds 5 allowed). Consider refactoring.
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Assignment Branch Condition size for initialize_message_handlers is too high. [43.21/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

        def initialize_message_handlers
          ::Facebook::Messenger::Bot.on :postback do |postback|
            begin
              # Show a typing indicator to the user
              show_typing(postback.sender['id'])
Severity: Minor
Found in lib/hg/messenger/bot.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method has too many lines. [37/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def query(message, context_name: nil)
      # TODO: which logger?
      retry_counter = 0

      begin
Severity: Minor
Found in lib/hg/api_ai_client.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method has too many lines. [30/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

        def initialize_message_handlers
          ::Facebook::Messenger::Bot.on :postback do |postback|
            begin
              # Show a typing indicator to the user
              show_typing(postback.sender['id'])
Severity: Minor
Found in lib/hg/messenger/bot.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Assignment Branch Condition size for query is too high. [34.06/15] (http://c2.com/cgi/wiki?AbcMetric)
Open

    def query(message, context_name: nil)
      # TODO: which logger?
      retry_counter = 0

      begin
Severity: Minor
Found in lib/hg/api_ai_client.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

File chunk.rb has 317 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Hg
  module Chunk
    def self.included(base)
      base.extend ClassMethods
      base.prepend Initializer
Severity: Minor
Found in lib/hg/chunk.rb - About 3 hrs to fix

Method has too many lines. [21/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods)
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest postback for this user
      raw_postback = pop_raw_postback(user_id, redis_namespace)

      # Do nothing if no postback available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/postback_worker.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Perceived complexity for perform is too high. [18/7]
Open

    def perform(user_id, redis_namespace, bot_class_name)
      # Retrieve the latest message for this user.
      raw_message = pop_raw_message(user_id, redis_namespace)

      # Do nothing if no message available. This could be due to multiple
Severity: Minor
Found in app/workers/hg/message_worker.rb by rubocop

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points
Severity
Category
Status
Source
Language