Showing 436 of 436 total issues
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (5.1.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (5.1.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.1.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.1.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Loofah XSS Vulnerability Open
loofah (2.1.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.8.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.1.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Cross-site Scripting in Sidekiq Open
sidekiq (5.1.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-30151
Criticality: Medium
URL: https://github.com/advisories/GHSA-grh7-935j-hg6w
Solution: upgrade to ~> 5.2.0, >= 6.2.1
Method has too many lines. [57/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods) Open
def perform(user_id, redis_namespace, bot_class_name)
# Retrieve the latest message for this user.
raw_message = pop_raw_message(user_id, redis_namespace)
# Do nothing if no message available. This could be due to multiple
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for perform is too high. [57.39/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def perform(user_id, redis_namespace, bot_class_name)
# Retrieve the latest message for this user.
raw_message = pop_raw_message(user_id, redis_namespace)
# Do nothing if no message available. This could be due to multiple
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method perform
has a Cognitive Complexity of 34 (exceeds 5 allowed). Consider refactoring. Open
def perform(user_id, redis_namespace, bot_class_name)
# Retrieve the latest message for this user.
raw_message = pop_raw_message(user_id, redis_namespace)
# Do nothing if no message available. This could be due to multiple
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Assignment Branch Condition size for initialize_message_handlers is too high. [43.21/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def initialize_message_handlers
::Facebook::Messenger::Bot.on :postback do |postback|
begin
# Show a typing indicator to the user
show_typing(postback.sender['id'])
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [37/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods) Open
def query(message, context_name: nil)
# TODO: which logger?
retry_counter = 0
begin
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [30/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods) Open
def initialize_message_handlers
::Facebook::Messenger::Bot.on :postback do |postback|
begin
# Show a typing indicator to the user
show_typing(postback.sender['id'])
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for query is too high. [34.06/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def query(message, context_name: nil)
# TODO: which logger?
retry_counter = 0
begin
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
File chunk.rb
has 317 lines of code (exceeds 250 allowed). Consider refactoring. Open
module Hg
module Chunk
def self.included(base)
base.extend ClassMethods
base.prepend Initializer
- Create a ticketCreate a ticket
Perceived complexity for perform is too high. [18/7] Open
def perform(user_id, redis_namespace, bot_class_name)
# Retrieve the latest message for this user.
raw_message = pop_raw_message(user_id, redis_namespace)
# Do nothing if no message available. This could be due to multiple
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Method has too many lines. [21/10] (https://github.com/voxable-labs/voxable-style-guide#short-methods) Open
def perform(user_id, redis_namespace, bot_class_name)
# Retrieve the latest postback for this user
raw_postback = pop_raw_postback(user_id, redis_namespace)
# Do nothing if no postback available. This could be due to multiple
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.