Showing 118 of 118 total issues
Use filter_map
instead. Open
nvms = h.vms.collect { |v| v if v.power_state == "on" }.compact.length
- Create a ticketCreate a ticket
- Exclude checks
Use squeeze!
instead of gsub!
. Open
uri.gsub!(%r{/+}, '/')
- Create a ticketCreate a ticket
- Exclude checks
Use filter_map
instead. Open
ar_method { wrap_results @object.miq_approvals.collect { |a| a.approver.kind_of?(User) ? a.approver : nil }.compact }
- Create a ticketCreate a ticket
- Exclude checks
Use filter_map
instead. Open
result = objs.collect { |obj| to_hash(obj) }.compact
- Create a ticketCreate a ticket
- Exclude checks
Call super
to invoke callback defined in the parent class. Open
def self.inherited(subclass)
# Skip for anonymous classes
return unless subclass.name
expose_class_attributes(subclass)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the presence of constructors and lifecycle callbacks
without calls to super
.
This cop does not consider method_missing
(and respond_to_missing?
)
because in some cases it makes sense to overtake what is considered a
missing method. In other cases, the theoretical ideal handling could be
challenging or verbose for no actual gain.
Autocorrection is not supported because the position of super
cannot be
determined automatically.
Object
and BasicObject
are allowed by this cop because of their
stateless nature. However, sometimes you might want to allow other parent
classes from this cop, for example in the case of an abstract class that is
not meant to be called with super
. In those cases, you can use the
AllowedParentClasses
option to specify which classes should be allowed
in addition to Object
and BasicObject
.
Example:
# bad
class Employee < Person
def initialize(name, salary)
@salary = salary
end
end
# good
class Employee < Person
def initialize(name, salary)
super(name)
@salary = salary
end
end
# bad
Employee = Class.new(Person) do
def initialize(name, salary)
@salary = salary
end
end
# good
Employee = Class.new(Person) do
def initialize(name, salary)
super(name)
@salary = salary
end
end
# bad
class Parent
def self.inherited(base)
do_something
end
end
# good
class Parent
def self.inherited(base)
super
do_something
end
end
# good
class ClassWithNoParent
def initialize
do_something
end
end
Example: AllowedParentClasses: [MyAbstractClass]
# good
class MyConcreteClass < MyAbstractClass
def initialize
do_something
end
end
Duplicate branch body detected. Open
when 0 then []
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that there are no repeated bodies
within if/unless
, case-when
, case-in
and rescue
constructs.
With IgnoreLiteralBranches: true
, branches are not registered
as offenses if they return a basic literal value (string, symbol,
integer, float, rational, complex, true
, false
, or nil
), or
return an array, hash, regexp or range that only contains one of
the above basic literal values.
With IgnoreConstantBranches: true
, branches are not registered
as offenses if they return a constant value.
Example:
# bad
if foo
do_foo
do_something_else
elsif bar
do_foo
do_something_else
end
# good
if foo || bar
do_foo
do_something_else
end
# bad
case x
when foo
do_foo
when bar
do_foo
else
do_something_else
end
# good
case x
when foo, bar
do_foo
else
do_something_else
end
# bad
begin
do_something
rescue FooError
handle_error
rescue BarError
handle_error
end
# good
begin
do_something
rescue FooError, BarError
handle_error
end
Example: IgnoreLiteralBranches: true
# good
case size
when "small" then 100
when "medium" then 250
when "large" then 1000
else 250
end
Example: IgnoreConstantBranches: true
# good
case size
when "small" then SMALL_SIZE
when "medium" then MEDIUM_SIZE
when "large" then LARGE_SIZE
else MEDIUM_SIZE
end
Use :@object
instead of "@object"
. Open
@object.miq_group = group && group.instance_variable_get("@object")
- Create a ticketCreate a ticket
- Exclude checks
Remove redundant sort
. Open
Dir.glob(File.join(class_folder, '*.yaml')).sort
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Sort globbed results by default in Ruby 3.0.
This cop checks for redundant sort
method to Dir.glob
and Dir[]
.
Safety:
This cop is unsafe, in case of having a file and a directory with
identical names, since directory will be loaded before the file, which
will break exe/files.rb
that rely on exe.rb
file.
Example:
# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end
Dir['./lib/**/*.rb'].sort.each do |file|
end
# good
Dir.glob('./lib/**/*.rb').each do |file|
end
Dir['./lib/**/*.rb'].each do |file|
end
Prefer using YAML.safe_load
over YAML.load
. Open
YAML.load(@zip.file.read(file))
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Extract this regexp into a constant, memoize it, or append an /o
option to its options. Open
workspace.persist_state_hash.delete_if { |key, _| key.to_s.match(/#{METHOD_KEY_SUFFIX}$/) }
- Create a ticketCreate a ticket
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
@current_state_info = YAML.load(yaml)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
%w[on_entry on_exit on_error max_retries max_time].each do |k|
- Create a ticketCreate a ticket
- Exclude checks
The use of eval
is a serious security risk. Open
assertion_result = eval(assertion)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of Kernel#eval
and Binding#eval
.
Example:
# bad
eval(something)
binding.eval(something)
Use String#include?
instead of a regex match with literal-only pattern. Open
elsif /MiqAePassword/.match?(value.class.to_s)
- Create a ticketCreate a ticket
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
@persist_state_hash.merge!(YAML.load(ae_state_data))
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Remove redundant sort
. Open
Dir.glob(File.join(parent_folder, "*", NAMESPACE_YAML_FILENAME)).sort
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Sort globbed results by default in Ruby 3.0.
This cop checks for redundant sort
method to Dir.glob
and Dir[]
.
Safety:
This cop is unsafe, in case of having a file and a directory with
identical names, since directory will be loaded before the file, which
will break exe/files.rb
that rely on exe.rb
file.
Example:
# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end
Dir['./lib/**/*.rb'].sort.each do |file|
end
# good
Dir.glob('./lib/**/*.rb').each do |file|
end
Dir['./lib/**/*.rb'].each do |file|
end
Prefer using YAML.safe_load
over YAML.load
. Open
YAML.load(@gwt.read_file(file))
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
elsif ["\"", "\'"].include?(left[0, 1])
- Create a ticketCreate a ticket
- Exclude checks