Showing 591 of 591 total issues

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

test_mode = ENV['RAILS_ENV'] == 'test' || ENV['RAILS_ENV'] == 'development'
Severity: Minor
Found in config/puma.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Space missing inside }.
Open

  before_action ->{authorize attachment}, only: [:destroy]

Checks that block braces have or don't have surrounding space inside them on configuration. For blocks taking parameters, it checks that the left brace has or doesn't have trailing space depending on configuration.

Example: EnforcedStyle: space (default)

# The `space` style enforces that block braces have
# surrounding space.

# bad
some_array.each {puts e}

# good
some_array.each { puts e }

Example: EnforcedStyle: no_space

# The `no_space` style enforces that block braces don't
# have surrounding space.

# bad
some_array.each { puts e }

# good
some_array.each {puts e}

Example: EnforcedStyleForEmptyBraces: no_space (default)

# The `no_space` EnforcedStyleForEmptyBraces style enforces that
# block braces don't have a space in between when empty.

# bad
some_array.each {   }
some_array.each {  }
some_array.each { }

# good
some_array.each {}

Example: EnforcedStyleForEmptyBraces: space

# The `space` EnforcedStyleForEmptyBraces style enforces that
# block braces have at least a spece in between when empty.

# bad
some_array.each {}

# good
some_array.each { }
some_array.each {  }
some_array.each {   }

Example: SpaceBeforeBlockParameters: true (default)

# The SpaceBeforeBlockParameters style set to `true` enforces that
# there is a space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.

# bad
[1, 2, 3].each {|n| n * 2 }

# good
[1, 2, 3].each { |n| n * 2 }

Example: SpaceBeforeBlockParameters: true

# The SpaceBeforeBlockParameters style set to `false` enforces that
# there is no space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.

# bad
[1, 2, 3].each { |n| n * 2 }

# good
[1, 2, 3].each {|n| n * 2 }

Tagging a string as html safe may be a security risk.
Open

    decorated_version.to_html.html_safe
Severity: Minor
Found in app/presenters/history_event.rb by rubocop

This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"

#{user_content}

".html_safe # => ActiveSupport::SafeBuffer "

hi

" # good content_tag(:p, user_content) # => ActiveSupport::SafeBuffer "

<b>hi</b>

" # bad out = "" out << "
  • #{user_content}
  • " out << "
  • #{user_content}
  • " out.html_safe # => ActiveSupport::SafeBuffer "
  • hi
  • hi
  • " # good out = [] out << content_tag(:li, user_content) out << content_tag(:li, user_content) safe_join(out) # => ActiveSupport::SafeBuffer # "
  • <b>hi</b>
  • <b>hi</b>
  • " # bad out = "

    trusted content

    ".html_safe out.safe_concat(user_content) # => ActiveSupport::SafeBuffer "

    trusted_content

    hi" # good out = "

    trusted content

    ".html_safe out.concat(user_content) # => ActiveSupport::SafeBuffer # "

    trusted_content

    <b>hi</b>" # safe, though maybe not good style out = "trusted content" result = out.concat(user_content) # => String "trusted contenthi" # because when rendered in ERB the String will be escaped: # <%= result %> # => trusted content<b>hi</b> # bad (user_content + " " + content_tag(:span, user_content)).html_safe # => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>" # good safe_join([user_content, " ", content_tag(:span, user_content)]) # => ActiveSupport::SafeBuffer # "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Use each_value instead of values.each.
    Open

        @subtotals.values.each { |subtotal| total += subtotal }
    Severity: Minor
    Found in app/presenters/client_summary.rb by rubocop

    This cop checks for uses of each_key and each_value Hash methods.

    Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.

    Example:

    # bad
    hash.keys.each { |k| p k }
    hash.values.each { |v| p v }
    hash.each { |k, _v| p k }
    hash.each { |_k, v| p v }
    
    # good
    hash.each_key { |k| p k }
    hash.each_value { |v| p v }

    Freeze mutable objects assigned to constants.
    Open

        CONFIG_FILE_PATH = "#{Rails.root}/config/tables/"

    This cop checks whether some constant value isn't a mutable literal (e.g. array or hash).

    Example:

    # bad
    CONST = [1, 2, 3]
    
    # good
    CONST = [1, 2, 3].freeze

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

          ENV['AWS_REGION'] || 'us-east-1'
    Severity: Minor
    Found in app/credentials/aws_credentials.rb by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
    "No special symbols"
    "No string interpolation"
    "Just text"
    
    # good
    'No special symbols'
    'No string interpolation'
    'Just text'
    "Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
    'Just some text'
    'No special chars or interpolation'
    
    # good
    "Just some text"
    "No special chars or interpolation"
    "Every string in #{project} uses double_quotes"

    Re-enable Metrics/MethodLength cop with # rubocop:enable after disabling it.
    Open

      # rubocop:disable Metrics/MethodLength
    Severity: Minor
    Found in app/mailers/cancelation_mailer.rb by rubocop

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

    require File.expand_path('../config/application', __FILE__)
    Severity: Minor
    Found in Rakefile by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
    "No special symbols"
    "No string interpolation"
    "Just text"
    
    # good
    'No special symbols'
    'No string interpolation'
    'Just text'
    "Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
    'Just some text'
    'No special chars or interpolation'
    
    # good
    "Just some text"
    "No special chars or interpolation"
    "Every string in #{project} uses double_quotes"

    Favor unless over if for negative conditions.
    Open

        if !ENV['CLIENT'].nil?
          update[:client_slug] = ENV['CLIENT']
        end
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks for uses of if with a negated condition. Only ifs without else are considered. There are three different styles:

    - both
    - prefix
    - postfix

    Example: EnforcedStyle: both (default)

    # enforces `unless` for `prefix` and `postfix` conditionals
    
    # bad
    
    if !foo
      bar
    end
    
    # good
    
    unless foo
      bar
    end
    
    # bad
    
    bar if !foo
    
    # good
    
    bar unless foo

    Example: EnforcedStyle: prefix

    # enforces `unless` for just `prefix` conditionals
    
    # bad
    
    if !foo
      bar
    end
    
    # good
    
    unless foo
      bar
    end
    
    # good
    
    bar if !foo

    Example: EnforcedStyle: postfix

    # enforces `unless` for just `postfix` conditionals
    
    # bad
    
    bar if !foo
    
    # good
    
    bar unless foo
    
    # good
    
    if !foo
      bar
    end

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

          raise 'CLIENT must be specified. e.g. rake import_users:csv FILE=/path/to.csv CLIENT=gsa18f'
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
    "No special symbols"
    "No string interpolation"
    "Just text"
    
    # good
    'No special symbols'
    'No string interpolation'
    'Just text'
    "Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
    'Just some text'
    'No special chars or interpolation'
    
    # good
    "Just some text"
    "No special chars or interpolation"
    "Every string in #{project} uses double_quotes"

    Use %i or %I for an array of symbols.
    Open

      before_action ->{authorize proposal, :can_show!}, only: [:create, :show]

    This cop can check for array literals made up of symbols that are not using the %i() syntax.

    Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

    Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

    Example: EnforcedStyle: percent (default)

    # good
    %i[foo bar baz]
    
    # bad
    [:foo, :bar, :baz]

    Example: EnforcedStyle: brackets

    # good
    [:foo, :bar, :baz]
    
    # bad
    %i[foo bar baz]

    Use safe navigation (&.) instead of checking if an object exists before calling the method.
    Open

        return_to_struct[:path] if return_to_struct && return_to_struct.key?("path")
    Severity: Minor
    Found in app/controllers/auth_controller.rb by rubocop

    This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

    Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

    Example:

    # bad
    foo.bar if foo
    foo.bar(param1, param2) if foo
    foo.bar { |e| e.something } if foo
    foo.bar(param) { |e| e.something } if foo
    
    foo.bar if !foo.nil?
    foo.bar unless !foo
    foo.bar unless foo.nil?
    
    foo && foo.bar
    foo && foo.bar(param1, param2)
    foo && foo.bar { |e| e.something }
    foo && foo.bar(param) { |e| e.something }
    
    # good
    foo&.bar
    foo&.bar(param1, param2)
    foo&.bar { |e| e.something }
    foo&.bar(param) { |e| e.something }
    
    foo.nil? || foo.bar
    !foo || foo.bar
    
    # Methods that `nil` will `respond_to?` should not be converted to
    # use safe navigation
    foo.to_i if foo

    Use the return of the conditional for variable assignment and comparison.
    Open

            if config == true
              query = join_table(query, klass, table_name)
            else
              query = query.joins(config)
            end

    Align .select with .pending on line 50.
    Open

            .select { |p| p.individual_steps.pluck(:status).last == "actionable" }
    Severity: Minor
    Found in app/services/ncr/reporter.rb by rubocop

    This cop checks the indentation of the method name part in method calls that span more than one line.

    Example: EnforcedStyle: aligned

    # bad
    while myvariable
    .b
      # do something
    end
    
    # good
    while myvariable
          .b
      # do something
    end
    
    # good
    Thing.a
         .b
         .c

    Example: EnforcedStyle: indented

    # good
    while myvariable
      .b
    
      # do something
    end

    Example: EnforcedStyle: indentedrelativeto_receiver

    # good
    while myvariable
            .a
            .b
    
      # do something
    end
    
    # good
    myvariable = Thing
                   .a
                   .b
                   .c

    Inherit from RuntimeError instead of Exception.
    Open

    class SearchBadQuery < Exception
    Severity: Minor
    Found in app/exceptions/search_bad_query.rb by rubocop

    This cop looks for error classes inheriting from Exception and its standard library subclasses, excluding subclasses of StandardError. It is configurable to suggest using either RuntimeError (default) or StandardError instead.

    Example: EnforcedStyle: runtime_error (default)

    # bad
    
    class C < Exception; end
    
    # good
    
    class C < RuntimeError; end

    Example: EnforcedStyle: standard_error

    # bad
    
    class C < Exception; end
    
    # good
    
    class C < StandardError; end

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

    task default: 'konacha:run'
    Severity: Minor
    Found in Rakefile by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
    "No special symbols"
    "No string interpolation"
    "Just text"
    
    # good
    'No special symbols'
    'No string interpolation'
    'Just text'
    "Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
    'Just some text'
    'No special chars or interpolation'
    
    # good
    "Just some text"
    "No special chars or interpolation"
    "Every string in #{project} uses double_quotes"

    Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
    Open

        if !ENV['FIRST'].nil?
    Severity: Minor
    Found in lib/tasks/import_users.rake by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
    "No special symbols"
    "No string interpolation"
    "Just text"
    
    # good
    'No special symbols'
    'No string interpolation'
    'Just text'
    "Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
    'Just some text'
    'No special chars or interpolation'
    
    # good
    "Just some text"
    "No special chars or interpolation"
    "Every string in #{project} uses double_quotes"

    Unused method argument - exception. If it's necessary, use _ or _exception as an argument name to indicate that it won't be used. You can also write as auth_errors(*) if you want the method to accept any arguments but don't care about them.
    Open

      def auth_errors(exception)

    This cop checks for unused method arguments.

    Example:

    # bad
    
    def some_method(used, unused, _unused_but_allowed)
      puts used
    end

    Example:

    # good
    
    def some_method(used, _unused, _unused_but_allowed)
      puts used
    end

    Use %i or %I for an array of symbols.
    Open

      skip_before_action :authenticate_user!, only: [:oauth_callback, :failure]
    Severity: Minor
    Found in app/controllers/auth_controller.rb by rubocop

    This cop can check for array literals made up of symbols that are not using the %i() syntax.

    Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

    Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

    Example: EnforcedStyle: percent (default)

    # good
    %i[foo bar baz]
    
    # bad
    [:foo, :bar, :baz]

    Example: EnforcedStyle: brackets

    # good
    [:foo, :bar, :baz]
    
    # bad
    %i[foo bar baz]

    %w-literals should be delimited by [ and ].
    Open

        if %w(cancel cancel_form).include?(params[:action])

    This cop enforces the consistent usage of %-literal delimiters.

    Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.

    Example:

    # Style/PercentLiteralDelimiters:
    #   PreferredDelimiters:
    #     default: '[]'
    #     '%i':    '()'
    
    # good
    %w[alpha beta] + %i(gamma delta)
    
    # bad
    %W(alpha #{beta})
    
    # bad
    %I(alpha beta)
    Severity
    Category
    Status
    Source
    Language