Sign upLogin

18F/C2

View on GitHub
Star

Showing 591 of 591 total issues

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

test_mode = ENV['RAILS_ENV'] == 'test' || ENV['RAILS_ENV'] == 'development'
Severity: Minor
Found in config/puma.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Space missing inside }.
Open

  before_action ->{authorize attachment}, only: [:destroy]
Severity: Minor
Found in app/controllers/attachments_controller.rb by rubocop

Checks that block braces have or don't have surrounding space inside them on configuration. For blocks taking parameters, it checks that the left brace has or doesn't have trailing space depending on configuration.

Example: EnforcedStyle: space (default)

# The `space` style enforces that block braces have
# surrounding space.

# bad
some_array.each {puts e}

# good
some_array.each { puts e }

Example: EnforcedStyle: no_space

# The `no_space` style enforces that block braces don't
# have surrounding space.

# bad
some_array.each { puts e }

# good
some_array.each {puts e}

Example: EnforcedStyleForEmptyBraces: no_space (default)

# The `no_space` EnforcedStyleForEmptyBraces style enforces that
# block braces don't have a space in between when empty.

# bad
some_array.each {   }
some_array.each {  }
some_array.each { }

# good
some_array.each {}

Example: EnforcedStyleForEmptyBraces: space

# The `space` EnforcedStyleForEmptyBraces style enforces that
# block braces have at least a spece in between when empty.

# bad
some_array.each {}

# good
some_array.each { }
some_array.each {  }
some_array.each {   }

Example: SpaceBeforeBlockParameters: true (default)

# The SpaceBeforeBlockParameters style set to `true` enforces that
# there is a space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.

# bad
[1, 2, 3].each {|n| n * 2 }

# good
[1, 2, 3].each { |n| n * 2 }

Example: SpaceBeforeBlockParameters: true

# The SpaceBeforeBlockParameters style set to `false` enforces that
# there is no space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.

# bad
[1, 2, 3].each { |n| n * 2 }

# good
[1, 2, 3].each {|n| n * 2 }

Tagging a string as html safe may be a security risk.
Open

    decorated_version.to_html.html_safe
Severity: Minor
Found in app/presenters/history_event.rb by rubocop

This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"
#{user_content}
".html_safe
# => ActiveSupport::SafeBuffer "
hi
"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
<b>hi</b>
"

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Use each_value instead of values.each.
    Open

        @subtotals.values.each { |subtotal| total += subtotal }
    Severity: Minor
    Found in app/presenters/client_summary.rb by rubocop

    This cop checks for uses of each_key and each_value Hash methods.

    Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.

    Example:

    # bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }

# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }

    Freeze mutable objects assigned to constants.
    Open

        CONFIG_FILE_PATH = "#{Rails.root}/config/tables/"
    Severity: Minor
    Found in app/presenters/tabular_data/container_config.rb by rubocop

    This cop checks whether some constant value isn't a mutable literal (e.g. array or hash).

    Example:

    # bad
CONST = [1, 2, 3]

# good
CONST = [1, 2, 3].freeze

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

          ENV['AWS_REGION'] || 'us-east-1'
    Severity: Minor
    Found in app/credentials/aws_credentials.rb by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Re-enable Metrics/MethodLength cop with # rubocop:enable after disabling it.
    Open

      # rubocop:disable Metrics/MethodLength
    Severity: Minor
    Found in app/mailers/cancelation_mailer.rb by rubocop

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

    require File.expand_path('../config/application', __FILE__)
    Severity: Minor
    Found in Rakefile by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Favor unless over if for negative conditions.
    Open

        if !ENV['CLIENT'].nil?
      update[:client_slug] = ENV['CLIENT']
    end
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks for uses of if with a negated condition. Only ifs without else are considered. There are three different styles:

    - both
- prefix
- postfix

    Example: EnforcedStyle: both (default)

    # enforces `unless` for `prefix` and `postfix` conditionals

# bad

if !foo
  bar
end

# good

unless foo
  bar
end

# bad

bar if !foo

# good

bar unless foo

    Example: EnforcedStyle: prefix

    # enforces `unless` for just `prefix` conditionals

# bad

if !foo
  bar
end

# good

unless foo
  bar
end

# good

bar if !foo

    Example: EnforcedStyle: postfix

    # enforces `unless` for just `postfix` conditionals

# bad

bar if !foo

# good

bar unless foo

# good

if !foo
  bar
end

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

          raise 'CLIENT must be specified. e.g. rake import_users:csv FILE=/path/to.csv CLIENT=gsa18f'
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Use %i or %I for an array of symbols.
    Open

      before_action ->{authorize proposal, :can_show!}, only: [:create, :show]
    Severity: Minor
    Found in app/controllers/attachments_controller.rb by rubocop

    This cop can check for array literals made up of symbols that are not using the %i() syntax.

    Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

    Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

    Example: EnforcedStyle: percent (default)

    # good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

    Example: EnforcedStyle: brackets

    # good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

    Use safe navigation (&.) instead of checking if an object exists before calling the method.
    Open

        return_to_struct[:path] if return_to_struct && return_to_struct.key?("path")
    Severity: Minor
    Found in app/controllers/auth_controller.rb by rubocop

    This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

    Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

    Example:

    # bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo

foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?

foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }

# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }

foo.nil? || foo.bar
!foo || foo.bar

# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo

    Use the return of the conditional for variable assignment and comparison.
    Open

            if config == true
          query = join_table(query, klass, table_name)
        else
          query = query.joins(config)
        end
    Severity: Minor
    Found in app/presenters/tabular_data/container.rb by rubocop

    Align .select with .pending on line 50.
    Open

            .select { |p| p.individual_steps.pluck(:status).last == "actionable" }
    Severity: Minor
    Found in app/services/ncr/reporter.rb by rubocop

    This cop checks the indentation of the method name part in method calls that span more than one line.

    Example: EnforcedStyle: aligned

    # bad
while myvariable
.b
  # do something
end

# good
while myvariable
      .b
  # do something
end

# good
Thing.a
     .b
     .c

    Example: EnforcedStyle: indented

    # good
while myvariable
  .b

  # do something
end

    Example: EnforcedStyle: indentedrelativeto_receiver

    # good
while myvariable
        .a
        .b

  # do something
end

# good
myvariable = Thing
               .a
               .b
               .c

    Inherit from RuntimeError instead of Exception.
    Open

    class SearchBadQuery < Exception
    Severity: Minor
    Found in app/exceptions/search_bad_query.rb by rubocop

    This cop looks for error classes inheriting from Exception and its standard library subclasses, excluding subclasses of StandardError. It is configurable to suggest using either RuntimeError (default) or StandardError instead.

    Example: EnforcedStyle: runtime_error (default)

    # bad

class C < Exception; end

# good

class C < RuntimeError; end

    Example: EnforcedStyle: standard_error

    # bad

class C < Exception; end

# good

class C < StandardError; end

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

    task default: 'konacha:run'
    Severity: Minor
    Found in Rakefile by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

        if !ENV['FIRST'].nil?
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Unused method argument - exception. If it's necessary, use _ or _exception as an argument name to indicate that it won't be used. You can also write as auth_errors(*) if you want the method to accept any arguments but don't care about them.
    Open

      def auth_errors(exception)
    Severity: Minor
    Found in app/controllers/attachments_controller.rb by rubocop

    This cop checks for unused method arguments.

    Example:

    # bad

def some_method(used, unused, _unused_but_allowed)
  puts used
end

    Example:

    # good

def some_method(used, _unused, _unused_but_allowed)
  puts used
end

    Use %i or %I for an array of symbols.
    Open

      skip_before_action :authenticate_user!, only: [:oauth_callback, :failure]
    Severity: Minor
    Found in app/controllers/auth_controller.rb by rubocop

    This cop can check for array literals made up of symbols that are not using the %i() syntax.

    Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

    Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

    Example: EnforcedStyle: percent (default)

    # good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

    Example: EnforcedStyle: brackets

    # good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

    %w-literals should be delimited by [ and ].
    Open

        if %w(cancel cancel_form).include?(params[:action])
    Severity: Minor
    Found in app/controllers/proposals_controller.rb by rubocop

    This cop enforces the consistent usage of %-literal delimiters.

    Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.

    Example:

    # Style/PercentLiteralDelimiters:
#   PreferredDelimiters:
#     default: '[]'
#     '%i':    '()'

# good
%w[alpha beta] + %i(gamma delta)

# bad
%W(alpha #{beta})

# bad
%I(alpha beta)
    Severity
    Category
    Status
    Source
    Language