attr_accessible is recommended over attr_protected Open
attr_protected :account_id, :invoice_id, :success, :test, :tenant_id- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Method process! has 30 lines of code (exceeds 25 allowed). Consider refactoring. Open
def process!(credit_card_auth_code, gateway, options)
unless System::Application.config.three_scale.payments.enabled
logger.info "Skipping payment transaction #process! - not in production"
return
endPaymentTransaction#to_xml has approx 17 statements Open
def to_xml(options = {})- Read upRead up
- Exclude checks
A method with Too Many Statements is any method that has a large number of lines.
Too Many Statements warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements counts +1 for every simple statement in a method and +1 for every statement within a control structure (if, else, case, when, for, while, until, begin, rescue) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
PaymentTransaction#process! has approx 22 statements Open
def process!(credit_card_auth_code, gateway, options)- Read upRead up
- Exclude checks
A method with Too Many Statements is any method that has a large number of lines.
Too Many Statements warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements counts +1 for every simple statement in a method and +1 for every statement within a control structure (if, else, case, when, for, while, until, begin, rescue) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
PaymentTransaction#self.to_xml contains iterators nested 2 deep Open
payment_transactions.each{ |pt| pt.to_xml(:builder => xml) }- Read upRead up
- Exclude checks
A Nested Iterator occurs when a block contains another block.
Example
Given
class Duck
class << self
def duck_names
%i!tick trick track!.each do |surname|
%i!duck!.each do |last_name|
puts "full name is #{surname} #{last_name}"
end
end
end
end
endReek would report the following warning:
test.rb -- 1 warning:
[5]:Duck#duck_names contains iterators nested 2 deep (NestedIterators)Method to_xml has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def to_xml(options = {})
xml = options[:builder] || ThreeScale::XML::Builder.new
xml.payment_transaction do |xml|
unless new_record?- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
PaymentTransaction#process! calls 'response.success?' 2 times Open
self.success = response.success?
self.reference = response.authorization
self.message = response.message
self.params = response.params
self.test = response.test- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
endOne quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
endA slightly different approach would be to replace all calls of double_thing by calls to @other.double_thing:
class Other
def double_thing()
thing + thing
end
endThe approach you take will depend on balancing other factors in your code.
PaymentTransaction::AmountWithCurrency#amount= manually dispatches method call Open
if value.respond_to?(:currency)- Read upRead up
- Exclude checks
Reek reports a Manual Dispatch smell if it finds source code that manually checks whether an object responds to a method before that method is called. Manual dispatch is a type of Simulated Polymorphism which leads to code that is harder to reason about, debug, and refactor.
Example
class MyManualDispatcher
attr_reader :foo
def initialize(foo)
@foo = foo
end
def call
foo.bar if foo.respond_to?(:bar)
end
endReek would emit the following warning:
test.rb -- 1 warning:
[9]: MyManualDispatcher manually dispatches method call (ManualDispatch)PaymentTransaction#process! calls 'exception.message' 2 times Open
logger.info("Processing of PaymentTransaction threw an exception: #{exception.message}")
self.success = false
self.message = exception.message- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
endOne quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
endA slightly different approach would be to replace all calls of double_thing by calls to @other.double_thing:
class Other
def double_thing()
thing + thing
end
endThe approach you take will depend on balancing other factors in your code.
Method process! has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def process!(credit_card_auth_code, gateway, options)
unless System::Application.config.three_scale.payments.enabled
logger.info "Skipping payment transaction #process! - not in production"
return
end- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
PaymentTransaction has missing safe method 'process!' Open
def process!(credit_card_auth_code, gateway, options)- Read upRead up
- Exclude checks
A candidate method for the Missing Safe Method smell are methods whose names end with an exclamation mark.
An exclamation mark in method names means (the explanation below is taken from here ):
The ! in method names that end with ! means, “This method is dangerous”—or, more precisely, this method is the “dangerous” version of an otherwise equivalent method, with the same name minus the !. “Danger” is relative; the ! doesn’t mean anything at all unless the method name it’s in corresponds to a similar but bang-less method name. So, for example, gsub! is the dangerous version of gsub. exit! is the dangerous version of exit. flatten! is the dangerous version of flatten. And so forth.
Such a method is called Missing Safe Method if and only if her non-bang version does not exist and this method is reported as a smell.
Example
Given
class C
def foo; end
def foo!; end
def bar!; end
endReek would report bar! as Missing Safe Method smell but not foo!.
Reek reports this smell only in a class context, not in a module context in order to allow perfectly legit code like this:
class Parent
def foo; end
end
module Dangerous
def foo!; end
end
class Son < Parent
include Dangerous
end
class Daughter < Parent
endIn this example, Reek would not report the Missing Safe Method smell for the method foo of the Dangerous module.
PaymentTransaction#self.to_xml has unused parameter 'options' Open
def self.to_xml(payment_transactions, options = {})- Read upRead up
- Exclude checks
Unused Parameter refers to methods with parameters that are unused in scope of the method.
Having unused parameters in a method is code smell because leaving dead code in a method can never improve the method and it makes the code confusing to read.
Example
Given:
class Klass
def unused_parameters(x,y,z)
puts x,y # but not z
end
endReek would emit the following warning:
[2]:Klass#unused_parameters has unused parameter 'z' (UnusedParameters)