Mass assignment is not restricted using attr_accessible Open
class AuthenticationProvider < ApplicationRecord
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
AuthenticationProvider#allowed_state_transitions refers to 'transition' more than self (maybe move it to another class?) Open
[I18n.t(transition.to_name, scope: [:authentication_provider, :state]), transition.event]
- Read upRead up
- Exclude checks
Feature Envy occurs when a code fragment references another object more often than it references itself, or when several clients do the same series of manipulations on a particular type of object.
Feature Envy reduces the code's ability to communicate intent: code that "belongs" on one class but which is located in another can be hard to find, and may upset the "System of Names" in the host class.
Feature Envy also affects the design's flexibility: A code fragment that is in the wrong class creates couplings that may not be natural within the application's domain, and creates a loss of cohesion in the unwilling host class.
Feature Envy often arises because it must manipulate other objects (usually its arguments) to get them into a useful form, and one force preventing them (the arguments) doing this themselves is that the common knowledge lives outside the arguments, or the arguments are of too basic a type to justify extending that type. Therefore there must be something which 'knows' about the contents or purposes of the arguments. That thing would have to be more than just a basic type, because the basic types are either containers which don't know about their contents, or they are single objects which can't capture their relationship with their fellows of the same type. So, this thing with the extra knowledge should be reified into a class, and the utility method will most likely belong there.
Example
Running Reek on:
class Warehouse
def sale_price(item)
(item.price - item.rebate) * @vat
end
end
would report:
Warehouse#total_price refers to item more than self (FeatureEnvy)
since this:
(item.price - item.rebate)
belongs to the Item class, not the Warehouse.
AuthenticationProvider#authorization_scope has unused parameter 'action' Open
def authorization_scope(action = nil)
- Read upRead up
- Exclude checks
Unused Parameter
refers to methods with parameters that are unused in scope of the method.
Having unused parameters in a method is code smell because leaving dead code in a method can never improve the method and it makes the code confusing to read.
Example
Given:
class Klass
def unused_parameters(x,y,z)
puts x,y # but not z
end
end
Reek would emit the following warning:
[2]:Klass#unused_parameters has unused parameter 'z' (UnusedParameters)