Sign upLogin

ManageIQ/manageiq-automation_engine

View on GitHub
Star

Showing 118 of 118 total issues

Use filter_map instead.
Open

        nvms = h.vms.collect { |v| v if v.power_state == "on" }.compact.length
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_builtin_method.rb by rubocop

Use squeeze! instead of gsub!.
Open

      uri.gsub!(%r{/+}, '/')
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_uri.rb by rubocop

Use filter_map instead.
Open

      ar_method { wrap_results @object.miq_approvals.collect { |a| a.approver.kind_of?(User) ? a.approver : nil }.compact }
Severity: Minor
Found in lib/miq_automation_engine/service_models/miq_ae_service_miq_request.rb by rubocop

Use filter_map instead.
Open

      result = objs.collect { |obj| to_hash(obj) }.compact
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_workspace_runtime.rb by rubocop

Call super to invoke callback defined in the parent class.
Open

    def self.inherited(subclass)
      # Skip for anonymous classes
      return unless subclass.name

      expose_class_attributes(subclass)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service_model_base.rb by rubocop

Checks for the presence of constructors and lifecycle callbacks without calls to super.

This cop does not consider method_missing (and respond_to_missing?) because in some cases it makes sense to overtake what is considered a missing method. In other cases, the theoretical ideal handling could be challenging or verbose for no actual gain.

Autocorrection is not supported because the position of super cannot be determined automatically.

Object and BasicObject are allowed by this cop because of their stateless nature. However, sometimes you might want to allow other parent classes from this cop, for example in the case of an abstract class that is not meant to be called with super. In those cases, you can use the AllowedParentClasses option to specify which classes should be allowed in addition to Object and BasicObject.

Example:

# bad
class Employee < Person
  def initialize(name, salary)
    @salary = salary
  end
end

# good
class Employee < Person
  def initialize(name, salary)
    super(name)
    @salary = salary
  end
end

# bad
Employee = Class.new(Person) do
  def initialize(name, salary)
    @salary = salary
  end
end

# good
Employee = Class.new(Person) do
  def initialize(name, salary)
    super(name)
    @salary = salary
  end
end

# bad
class Parent
  def self.inherited(base)
    do_something
  end
end

# good
class Parent
  def self.inherited(base)
    super
    do_something
  end
end

# good
class ClassWithNoParent
  def initialize
    do_something
  end
end

Example: AllowedParentClasses: [MyAbstractClass]

# good
class MyConcreteClass < MyAbstractClass
  def initialize
    do_something
  end
end

Duplicate branch body detected.
Open

    when 0 then []
Severity: Minor
Found in app/models/miq_ae_browser.rb by rubocop

Checks that there are no repeated bodies within if/unless, case-when, case-in and rescue constructs.

With IgnoreLiteralBranches: true, branches are not registered as offenses if they return a basic literal value (string, symbol, integer, float, rational, complex, true, false, or nil), or return an array, hash, regexp or range that only contains one of the above basic literal values.

With IgnoreConstantBranches: true, branches are not registered as offenses if they return a constant value.

Example:

# bad
if foo
  do_foo
  do_something_else
elsif bar
  do_foo
  do_something_else
end

# good
if foo || bar
  do_foo
  do_something_else
end

# bad
case x
when foo
  do_foo
when bar
  do_foo
else
  do_something_else
end

# good
case x
when foo, bar
  do_foo
else
  do_something_else
end

# bad
begin
  do_something
rescue FooError
  handle_error
rescue BarError
  handle_error
end

# good
begin
  do_something
rescue FooError, BarError
  handle_error
end

Example: IgnoreLiteralBranches: true

# good
case size
when "small" then 100
when "medium" then 250
when "large" then 1000
else 250
end

Example: IgnoreConstantBranches: true

# good
case size
when "small" then SMALL_SIZE
when "medium" then MEDIUM_SIZE
when "large" then LARGE_SIZE
else MEDIUM_SIZE
end

Use :@object instead of "@object".
Open

        @object.miq_group = group && group.instance_variable_get("@object")
Severity: Minor
Found in lib/miq_automation_engine/service_models/miq_ae_service_vm_or_template.rb by rubocop

Remove redundant sort.
Open

    Dir.glob(File.join(class_folder, '*.yaml')).sort
Severity: Minor
Found in app/models/miq_ae_yaml_import_fs.rb by rubocop

Sort globbed results by default in Ruby 3.0. This cop checks for redundant sort method to Dir.glob and Dir[].

Safety:

This cop is unsafe, in case of having a file and a directory with identical names, since directory will be loaded before the file, which will break exe/files.rb that rely on exe.rb file.

Example:

# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end

Dir['./lib/**/*.rb'].sort.each do |file|
end

# good
Dir.glob('./lib/**/*.rb').each do |file|
end

Dir['./lib/**/*.rb'].each do |file|
end

Prefer using YAML.safe_load over YAML.load.
Open

    YAML.load(@zip.file.read(file))
Severity: Minor
Found in app/models/miq_ae_yaml_import_zipfs.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Extract this regexp into a constant, memoize it, or append an /o option to its options.
Open

      workspace.persist_state_hash.delete_if { |key, _| key.to_s.match(/#{METHOD_KEY_SUFFIX}$/) }
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_ansible_method_base.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

      @current_state_info = YAML.load(yaml)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_state_info.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant.
Open

          %w[on_entry on_exit on_error max_retries max_time].each do |k|
Severity: Minor
Found in app/models/miq_ae_datastore/xml_import.rb by rubocop

The use of eval is a serious security risk.
Open

          assertion_result = eval(assertion)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb by rubocop

Checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

Use String#include? instead of a regex match with literal-only pattern.
Open

      elsif /MiqAePassword/.match?(value.class.to_s)
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

        @persist_state_hash.merge!(YAML.load(ae_state_data))
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_workspace_runtime.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Remove redundant sort.
Open

    Dir.glob(File.join(parent_folder, "*", NAMESPACE_YAML_FILENAME)).sort
Severity: Minor
Found in app/models/miq_ae_yaml_import_fs.rb by rubocop

Sort globbed results by default in Ruby 3.0. This cop checks for redundant sort method to Dir.glob and Dir[].

Safety:

This cop is unsafe, in case of having a file and a directory with identical names, since directory will be loaded before the file, which will break exe/files.rb that rely on exe.rb file.

Example:

# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end

Dir['./lib/**/*.rb'].sort.each do |file|
end

# good
Dir.glob('./lib/**/*.rb').each do |file|
end

Dir['./lib/**/*.rb'].each do |file|
end

Prefer using YAML.safe_load over YAML.load.
Open

    YAML.load(@gwt.read_file(file))
Severity: Minor
Found in app/models/miq_ae_yaml_import_gitfs.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant.
Open

        elsif ["\"", "\'"].include?(left[0, 1])
Severity: Minor
Found in lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb by rubocop
Severity
Category
Status
Source
Language