Sign upLogin

Flockingbird/roost

View on GitHub
Star

Showing 60 of 76 total issues

Workflows::TagsMember assumes too much for instance variable '@form_attributes'
Open

  class TagsMember < Base
Severity: Minor
Found in test/support/workflows/tags_member.rb by reek

Classes should not assume that instance variables are set or present outside of the current class definition.

Good:

class Foo
  def initialize
    @bar = :foo
  end

  def foo?
    @bar == :foo
  end
end

Good as well:

class Foo
  def foo?
    bar == :foo
  end

  def bar
    @bar ||= :foo
  end
end

Bad:

class Foo
  def go_foo!
    @bar = :foo
  end

  def foo?
    @bar == :foo
  end
end

Example

Running Reek on:

class Dummy
  def test
    @ivar
  end
end

would report:

[1]:InstanceVariableAssumption: Dummy assumes too much for instance variable @ivar

Note that this example would trigger this smell warning as well:

class Parent
  def initialize(omg)
    @omg = omg
  end
end

class Child < Parent
  def foo
    @omg
  end
end

The way to address the smell warning is that you should create an attr_reader to use @omg in the subclass and not access @omg directly like this:

class Parent
  attr_reader :omg

  def initialize(omg)
    @omg = omg
  end
end

class Child < Parent
  def foo
    omg
  end
end

Directly accessing instance variables is considered a smell because it breaks encapsulation and makes it harder to reason about code.

If you don't want to expose those methods as public API just make them private like this:

class Parent
  def initialize(omg)
    @omg = omg
  end

  private
  attr_reader :omg
end

class Child < Parent
  def foo
    omg
  end
end

Current Support in Reek

An instance variable must:

  • be set in the constructor
  • or be accessed through a method with lazy initialization / memoization.

If not, Instance Variable Assumption will be reported.

RequestHelpers has no descriptive comment
Open

module RequestHelpers
Severity: Minor
Found in test/support/request_helpers.rb by reek

Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.

Example

Given

class Dummy
  # Do things...
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [1]:Dummy has no descriptive comment (IrresponsibleModule)

Fixing this is simple - just an explaining comment:

# The Dummy class is responsible for ...
class Dummy
  # Do things...
end

Minitest::Spec has no descriptive comment
Open

  class Spec
Severity: Minor
Found in test/test_helper.rb by reek

Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.

Example

Given

class Dummy
  # Do things...
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [1]:Dummy has no descriptive comment (IrresponsibleModule)

Fixing this is simple - just an explaining comment:

# The Dummy class is responsible for ...
class Dummy
  # Do things...
end

Minitest::WebSpec has no descriptive comment
Open

  class WebSpec < Spec
Severity: Minor
Found in test/test_helper.rb by reek

Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.

Example

Given

class Dummy
  # Do things...
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [1]:Dummy has no descriptive comment (IrresponsibleModule)

Fixing this is simple - just an explaining comment:

# The Dummy class is responsible for ...
class Dummy
  # Do things...
end

TimeHelpers#die_wende doesn't depend on instance state (maybe move it to another class?)
Open

  def die_wende
Severity: Minor
Found in test/support/time_helpers.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

EventHelpers#event_store doesn't depend on instance state (maybe move it to another class?)
Open

  def event_store
Severity: Minor
Found in test/support/event_helpers.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Reactors::InvitationMailer#subject doesn't depend on instance state (maybe move it to another class?)
Open

    def subject(inviter)
Severity: Minor
Found in app/reactors/invitation_mailer.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Workflows::TagsMember#steps doesn't depend on instance state (maybe move it to another class?)
Open

    def steps
Severity: Minor
Found in test/support/workflows/tags_member.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Aggregates::Member::Tag#== performs a nil-check
Open

        return if other.nil?
Severity: Minor
Found in app/aggregates/member/tag.rb by reek

A NilCheck is a type check. Failures of NilCheck violate the "tell, don't ask" principle.

Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.

Example

Given

class Klass
  def nil_checker(argument)
    if argument.nil?
      puts "argument isn't nil!"
    end
  end
end

Reek would emit the following warning:

test.rb -- 1 warning:
  [3]:Klass#nil_checker performs a nil-check. (NilCheck)

RequestHelpers#secret doesn't depend on instance state (maybe move it to another class?)
Open

  def secret
Severity: Minor
Found in test/support/request_helpers.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Roost::Config#database_url is a writable attribute
Open

    attr_accessor :database_url, :secret_base, :web_url
Severity: Minor
Found in config/environment.rb by reek

A class that publishes a setter for an instance variable invites client classes to become too intimate with its inner workings, and in particular with its representation of state.

The same holds to a lesser extent for getters, but Reek doesn't flag those.

Example

Given:

class Klass
  attr_accessor :dummy
end

Reek would emit the following warning:

reek test.rb

test.rb -- 1 warning:
  [2]:Klass declares the writable attribute dummy (Attribute)

Roost::Config#web_url is a writable attribute
Open

    attr_accessor :database_url, :secret_base, :web_url
Severity: Minor
Found in config/environment.rb by reek

A class that publishes a setter for an instance variable invites client classes to become too intimate with its inner workings, and in particular with its representation of state.

The same holds to a lesser extent for getters, but Reek doesn't flag those.

Example

Given:

class Klass
  attr_accessor :dummy
end

Reek would emit the following warning:

reek test.rb

test.rb -- 1 warning:
  [2]:Klass declares the writable attribute dummy (Attribute)

Reactors::InvitationMailer#from doesn't depend on instance state (maybe move it to another class?)
Open

    def from(inviter)
Severity: Minor
Found in app/reactors/invitation_mailer.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Aggregates::Member::TagList inherits from core class 'Array'
Open

    class TagList < Array
Severity: Minor
Found in app/aggregates/member/tag_list.rb by reek

Subclassing core classes in Ruby can lead to unexpected side effects.

Knowing that Ruby has a core library, which is written in C, and a standard library, which is written in Ruby, if you do not know exactly how these core classes operate at the C level, you are gonna have a bad time.

Source: http://words.steveklabnik.com/beware-subclassing-ruby-core-classes

Roost::Config#secret_base is a writable attribute
Open

    attr_accessor :database_url, :secret_base, :web_url
Severity: Minor
Found in config/environment.rb by reek

A class that publishes a setter for an instance variable invites client classes to become too intimate with its inner workings, and in particular with its representation of state.

The same holds to a lesser extent for getters, but Reek doesn't flag those.

Example

Given:

class Klass
  attr_accessor :dummy
end

Reek would emit the following warning:

reek test.rb

test.rb -- 1 warning:
  [2]:Klass declares the writable attribute dummy (Attribute)

Workflows::MemberRegisters#steps doesn't depend on instance state (maybe move it to another class?)
Open

    def steps
Severity: Minor
Found in test/support/workflows/member_registers.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

DataHelpers#fixtures doesn't depend on instance state (maybe move it to another class?)
Open

  def fixtures(file)
Severity: Minor
Found in test/support/data_helpers.rb by reek

A Utility Function is any instance method that has no dependency on the state of the instance.

Complex method Web::TagsController::post#/tags (20.5)
Open

    post '/tags' do
      requires_authorization

      Commands.handle(
        'Profile',
Severity: Minor
Found in app/web/controllers/web/tags_controller.rb by flog

Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.

You can read more about ABC metrics or the flog tool

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Severity
Category
Status
Source
Language