Showing 175 of 175 total issues
Use sort_by! { |a| a[:percent] }
instead of sort! { |a, b| a[:percent] <=> b[:percent] }
. Open
host_all.sort! { |a, b| a[:percent] <=> b[:percent] }
- Read upRead up
- Exclude checks
This cop identifies places where sort { |a, b| a.foo <=> b.foo }
can be replaced by sort_by(&:foo)
.
This cop also checks max
and min
methods.
Example:
# bad
array.sort { |a, b| a.foo <=> b.foo }
array.max { |a, b| a.foo <=> b.foo }
array.min { |a, b| a.foo <=> b.foo }
array.sort { |a, b| a[:foo] <=> b[:foo] }
# good
array.sort_by(&:foo)
array.sort_by { |v| v.foo }
array.sort_by do |var|
var.foo
end
array.max_by(&:foo)
array.min_by(&:foo)
array.sort_by { |a| a[:foo] }
Interpolation in single quoted string detected. Use double quoted strings if you need interpolation. Open
dialog_name = 'vm_migrate_dialogs-deploy-#{tag}'
- Read upRead up
- Exclude checks
Checks for interpolation in a single quoted string.
Safety:
This cop's autocorrection is unsafe because although it always replaces single quotes as
if it were miswritten double quotes, it is not always the case. For example,
'#{foo} bar'
would be replaced by "#{foo} bar"
, so the replaced code would evaluate
the expression foo
.
Example:
# bad
foo = 'something with #{interpolation} inside'
Example:
# good
foo = "something with #{interpolation} inside"
Use sum
instead of inject(&:+)
, unless calling inject(&:+)
on an empty array. Open
array.collect(&:to_i).inject(&:+).to_i
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
yaml_content = YAML.load(content).to_yaml
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Prefer using YAML.safe_load
over YAML.load
. Open
@task.get_option(option).nil? ? nil : YAML.load(@task.get_option(option))
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Prefer using YAML.safe_load
over YAML.load
. Open
root_obj_value.nil? ? YAML.load($evm.root[yaml_load_name]) : root_obj_value
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Use #key?
instead of #keys.include?
. Open
if options.keys.include?(:number_of_sockets) || options.keys.include?(:cores_per_socket)
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
return YAML.load(bundle_task.get_option(:parsed_dialog_options) || "{}"),
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Use sort_by(&:free_space)
instead of sort { |a, b| a.free_space <=> b.free_space }
. Open
s = storages.sort { |a, b| a.free_space <=> b.free_space }.last
- Read upRead up
- Exclude checks
This cop identifies places where sort { |a, b| a.foo <=> b.foo }
can be replaced by sort_by(&:foo)
.
This cop also checks max
and min
methods.
Example:
# bad
array.sort { |a, b| a.foo <=> b.foo }
array.max { |a, b| a.foo <=> b.foo }
array.min { |a, b| a.foo <=> b.foo }
array.sort { |a, b| a[:foo] <=> b[:foo] }
# good
array.sort_by(&:foo)
array.sort_by { |v| v.foo }
array.sort_by do |var|
var.foo
end
array.max_by(&:foo)
array.min_by(&:foo)
array.sort_by { |a| a[:foo] }
Prefer using YAML.safe_load
over YAML.load
. Open
@task.get_option(option).nil? ? nil : YAML.load(@task.get_option(option))
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Use #key?
instead of #keys.include?
. Open
raise "Invalid notify level #{notify_level}" unless NOTIFY_LEVEL_TO_LOG_LEVEL.keys.include?(notify_level.downcase.to_s)
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
YAML.load(bundle_task.get_option(:parsed_dialog_tags) || "{}")
- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Use :strftime
instead of 'strftime'
. Open
if vm['retires_on'].respond_to?('strftime')
- Exclude checks
Use :strftime
instead of 'strftime'
. Open
if vm['retires_on'].respond_to?('strftime')
- Exclude checks
Use #key?
instead of #keys.include?
. Open
if options.keys.include?(:number_of_sockets) || options.keys.include?(:cores_per_socket)
- Exclude checks