Sign upLogin

ManageIQ/manageiq-automation_engine

View on GitHub
Star

Showing 118 of 118 total issues

Use Hash#compare_by_identity instead of using object_id for keys.
Open

      @@id_hash[obj.object_id] = obj
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb by rubocop

Prefer using Hash#compare_by_identity rather than using object_id for hash keys.

This cop looks for hashes being keyed by objects' object_id, using one of these methods: key?, has_key?, fetch, [] and []=.

Safety:

This cop is unsafe. Although unlikely, the hash could store both object ids and other values that need be compared by value, and thus could be a false positive.

Furthermore, this cop cannot guarantee that the receiver of one of the methods (key?, etc.) is actually a hash.

Example:

# bad
hash = {}
hash[foo.object_id] = :bar
hash.key?(baz.object_id)

# good
hash = {}.compare_by_identity
hash[foo] = :bar
hash.key?(baz)

Use :@object instead of "@object".
Open

      svc.instance_variable_get("@object")
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service_converter.rb by rubocop

Use :@object instead of "@object".
Open

        @object.evm_owner = owner && owner.instance_variable_get("@object")
Severity: Minor
Found in lib/miq_automation_engine/service_models/miq_ae_service_vm_or_template.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

    data = YAML.load(data) if export_hash['output_filename'].ends_with?('.yaml')
Severity: Minor
Found in app/models/miq_ae_yaml_export_consolidated.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Remove redundant sort.
Open

    Dir.glob(File.join(@options['import_dir'], domain, DOMAIN_YAML_FILENAME)).sort
Severity: Minor
Found in app/models/miq_ae_yaml_import_fs.rb by rubocop

Sort globbed results by default in Ruby 3.0. This cop checks for redundant sort method to Dir.glob and Dir[].

Safety:

This cop is unsafe, in case of having a file and a directory with identical names, since directory will be loaded before the file, which will break exe/files.rb that rely on exe.rb file.

Example:

# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end

Dir['./lib/**/*.rb'].sort.each do |file|
end

# good
Dir.glob('./lib/**/*.rb').each do |file|
end

Dir['./lib/**/*.rb'].each do |file|
end

Duplicate branch body detected.
Open

        when 'vm_retire'                  then %w[VM            Lifecycle Retirement]
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb by rubocop

Checks that there are no repeated bodies within if/unless, case-when, case-in and rescue constructs.

With IgnoreLiteralBranches: true, branches are not registered as offenses if they return a basic literal value (string, symbol, integer, float, rational, complex, true, false, or nil), or return an array, hash, regexp or range that only contains one of the above basic literal values.

With IgnoreConstantBranches: true, branches are not registered as offenses if they return a constant value.

Example:

# bad
if foo
  do_foo
  do_something_else
elsif bar
  do_foo
  do_something_else
end

# good
if foo || bar
  do_foo
  do_something_else
end

# bad
case x
when foo
  do_foo
when bar
  do_foo
else
  do_something_else
end

# good
case x
when foo, bar
  do_foo
else
  do_something_else
end

# bad
begin
  do_something
rescue FooError
  handle_error
rescue BarError
  handle_error
end

# good
begin
  do_something
rescue FooError, BarError
  handle_error
end

Example: IgnoreLiteralBranches: true

# good
case size
when "small" then 100
when "medium" then 250
when "large" then 1000
else 250
end

Example: IgnoreConstantBranches: true

# good
case size
when "small" then SMALL_SIZE
when "medium" then MEDIUM_SIZE
when "large" then LARGE_SIZE
else MEDIUM_SIZE
end

Use filter_map instead.
Open

      states = fields(message).collect { |f| f['name'] if f['aetype'] == 'state' }.compact
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_state_machine.rb by rubocop

metadata['rubygems_mfa_required'] must be set to 'true'.
Open

Gem::Specification.new do |spec|
  spec.name          = "manageiq-automation_engine"
  spec.version       = ManageIQ::AutomationEngine::VERSION
  spec.authors       = ["ManageIQ Authors"]
Severity: Minor
Found in manageiq-automation_engine.gemspec by rubocop

Requires a gemspec to have rubygems_mfa_required metadata set.

This setting tells RubyGems that MFA (Multi-Factor Authentication) is required for accounts to be able perform privileged operations, such as (see RubyGems' documentation for the full list of privileged operations):

  • gem push
  • gem yank
  • gem owner --add/remove
  • adding or removing owners using gem ownership page

This helps make your gem more secure, as users can be more confident that gem updates were pushed by maintainers.

Example:

# bad
Gem::Specification.new do |spec|
  # no `rubygems_mfa_required` metadata specified
end

# good
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'true'
  }
end

# good
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'true'
end

# bad
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'false'
  }
end

# good
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'true'
  }
end

# bad
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'false'
end

# good
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'true'
end

Use filter_map instead.
Open

    @src_instance.ae_values.collect do |v|
      attrs = v.attributes.delete_if { |k, _| DELETE_PROPERTIES.include?(k) }
      field_id = get_new_field_id(v.field_id)
      next if field_id.nil?
Severity: Minor
Found in app/models/miq_ae_instance_copy.rb by rubocop

Use filter_map instead.
Open

      objects_str.split("\x1F").collect do |element|
        if element.include?(CLASS_SEPARATOR)
          klass, str_value = element.split(CLASS_SEPARATOR)
          MiqAeObject.convert_value_based_on_datatype(str_value.strip, klass.strip)
        else
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb by rubocop

Use filter_map instead.
Open

    matches = arclass.where("lower(name) = ?", name.downcase).collect do |obj|
      get_domain_index_object(domains, obj, klass, namespace, enabled, options)
    end.compact
Severity: Minor
Found in app/models/miq_ae_datastore.rb by rubocop

Do not suppress exceptions.
Open

rescue LoadError
Severity: Minor
Found in Rakefile by rubocop

Checks for rescue blocks with no body.

Example:

# bad
def some_method
  do_something
rescue
end

# bad
begin
  do_something
rescue
end

# good
def some_method
  do_something
rescue
  handle_exception
end

# good
begin
  do_something
rescue
  handle_exception
end

Example: AllowComments: true (default)

# good
def some_method
  do_something
rescue
  # do nothing
end

# good
begin
  do_something
rescue
  # do nothing
end

Example: AllowComments: false

# bad
def some_method
  do_something
rescue
  # do nothing
end

# bad
begin
  do_something
rescue
  # do nothing
end

Example: AllowNil: true (default)

# good
def some_method
  do_something
rescue
  nil
end

# good
begin
  do_something
rescue
  # do nothing
end

# good
do_something rescue nil

Example: AllowNil: false

# bad
def some_method
  do_something
rescue
  nil
end

# bad
begin
  do_something
rescue
  nil
end

# bad
do_something rescue nil

Remove redundant sort.
Open

    Dir.glob(File.join(File.join(class_folder, METHOD_FOLDER_NAME), '*.yaml')).sort
Severity: Minor
Found in app/models/miq_ae_yaml_import_fs.rb by rubocop

Sort globbed results by default in Ruby 3.0. This cop checks for redundant sort method to Dir.glob and Dir[].

Safety:

This cop is unsafe, in case of having a file and a directory with identical names, since directory will be loaded before the file, which will break exe/files.rb that rely on exe.rb file.

Example:

# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end

Dir['./lib/**/*.rb'].sort.each do |file|
end

# good
Dir.glob('./lib/**/*.rb').each do |file|
end

Dir['./lib/**/*.rb'].each do |file|
end

Use filter_map instead.
Open

      states = fields(message).collect { |f| f['name'] if f['aetype'] == 'state' }.compact
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_state_machine.rb by rubocop

Use filter_map instead.
Open

      @fields_ordered.collect do |fname|
        @fields[fname] if message.nil? || self.class.message_matches?(message_parse(@fields[fname]['message']), message)
      end.compact
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb by rubocop

Use collect { |x| x.name.upcase } instead of collect method chain.
Open

      domains = @workspace.ae_user.current_tenant.ae_domains.collect(&:name).map(&:upcase)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb by rubocop

Use :@object instead of '@object'.
Open

        svc_obj.instance_variable_get('@object')
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

        hash = YAML.load(data)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_expression_method.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Use collect { |x| x.name.upcase } instead of collect method chain.
Open

      domains = @workspace.ae_user.current_tenant.visible_domains.collect(&:name).map(&:upcase)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb by rubocop

Use :@data instead of "@data".
Open

    instance_variable_set("@data", contents)
Severity: Minor
Found in app/models/miq_ae_method_yaml.rb by rubocop
Severity
Category
Status
Source
Language