Sign upLogin

ManageIQ/manageiq-content

View on GitHub
Star

Showing 175 of 175 total issues

Use sort_by! { |a| a[:percent] } instead of sort! { |a, b| a[:percent] <=> b[:percent] }.
Open

  host_all.sort! { |a, b| a[:percent] <=> b[:percent] }
Severity: Minor
Found in content/automate/ManageIQ/Infrastructure/Cluster/Operations/Methods.class/__methods__/cluster_workload_management.rb by rubocop

This cop identifies places where sort { |a, b| a.foo <=> b.foo } can be replaced by sort_by(&:foo). This cop also checks max and min methods.

Example:

# bad
array.sort { |a, b| a.foo <=> b.foo }
array.max { |a, b| a.foo <=> b.foo }
array.min { |a, b| a.foo <=> b.foo }
array.sort { |a, b| a[:foo] <=> b[:foo] }

# good
array.sort_by(&:foo)
array.sort_by { |v| v.foo }
array.sort_by do |var|
  var.foo
end
array.max_by(&:foo)
array.min_by(&:foo)
array.sort_by { |a| a[:foo] }

Interpolation in single quoted string detected. Use double quoted strings if you need interpolation.
Open

    dialog_name = 'vm_migrate_dialogs-deploy-#{tag}'
Severity: Minor
Found in content/automate/ManageIQ/Infrastructure/VM/Migrate/Profile.class/__methods__/get_deploy_dialog.rb by rubocop

Checks for interpolation in a single quoted string.

Safety:

This cop's autocorrection is unsafe because although it always replaces single quotes as if it were miswritten double quotes, it is not always the case. For example, '#{foo} bar' would be replaced by "#{foo} bar", so the replaced code would evaluate the expression foo.

Example:

# bad

foo = 'something with #{interpolation} inside'

Example:

# good

foo = "something with #{interpolation} inside"

Use sum instead of inject(&:+), unless calling inject(&:+) on an empty array.
Open

  array.collect(&:to_i).inject(&:+).to_i
Severity: Minor
Found in content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/requested.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

    yaml_content = YAML.load(content).to_yaml
Severity: Minor
Found in lib/tasks_private/clean_yaml_files.rake by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

  @task.get_option(option).nil? ? nil : YAML.load(@task.get_option(option))
Severity: Minor
Found in content/automate/ManageIQ/Service/Provisioning/StateMachines/Methods.class/__methods__/catalogiteminitialization.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

  root_obj_value.nil? ? YAML.load($evm.root[yaml_load_name]) : root_obj_value
Severity: Minor
Found in content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/validate_quota.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Use #key? instead of #keys.include?.
Open

      if options.keys.include?(:number_of_sockets) || options.keys.include?(:cores_per_socket)
Severity: Minor
Found in content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/requested.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

  return YAML.load(bundle_task.get_option(:parsed_dialog_options) || "{}"),
Severity: Minor
Found in content/automate/ManageIQ/Service/Provisioning/StateMachines/Methods.class/__methods__/dialog_parser.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Use sort_by(&:free_space) instead of sort { |a, b| a.free_space <=> b.free_space }.
Open

    s = storages.sort { |a, b| a.free_space <=> b.free_space }.last
Severity: Minor
Found in content/automate/ManageIQ/Infrastructure/VM/Provisioning/Placement.class/__methods__/vmware_best_fit_with_tags.rb by rubocop

This cop identifies places where sort { |a, b| a.foo <=> b.foo } can be replaced by sort_by(&:foo). This cop also checks max and min methods.

Example:

# bad
array.sort { |a, b| a.foo <=> b.foo }
array.max { |a, b| a.foo <=> b.foo }
array.min { |a, b| a.foo <=> b.foo }
array.sort { |a, b| a[:foo] <=> b[:foo] }

# good
array.sort_by(&:foo)
array.sort_by { |v| v.foo }
array.sort_by do |var|
  var.foo
end
array.max_by(&:foo)
array.min_by(&:foo)
array.sort_by { |a| a[:foo] }

Prefer using YAML.safe_load over YAML.load.
Open

  @task.get_option(option).nil? ? nil : YAML.load(@task.get_option(option))
Severity: Minor
Found in content/automate/ManageIQ/Service/Provisioning/StateMachines/Methods.class/__methods__/catalogbundleinitialization.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Use #key? instead of #keys.include?.
Open

              raise "Invalid notify level #{notify_level}" unless NOTIFY_LEVEL_TO_LOG_LEVEL.keys.include?(notify_level.downcase.to_s)
Severity: Minor
Found in content/automate/ManageIQ/System/CommonMethods/Utils.class/__methods__/log_object.rb by rubocop

Prefer using YAML.safe_load over YAML.load.
Open

         YAML.load(bundle_task.get_option(:parsed_dialog_tags) || "{}")
Severity: Minor
Found in content/automate/ManageIQ/Service/Provisioning/StateMachines/Methods.class/__methods__/dialog_parser.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Use :strftime instead of 'strftime'.
Open

              if vm['retires_on'].respond_to?('strftime')
Severity: Minor
Found in content/automate/ManageIQ/System/Notification/Email.class/__methods__/miq_provision_template_customize_body.rb by rubocop

Use :strftime instead of 'strftime'.
Open

              if vm['retires_on'].respond_to?('strftime')
Severity: Minor
Found in content/automate/ManageIQ/System/Notification/Email.class/__methods__/miq_provision_customize_body.rb by rubocop

Use #key? instead of #keys.include?.
Open

      if options.keys.include?(:number_of_sockets) || options.keys.include?(:cores_per_socket)
Severity: Minor
Found in content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/requested.rb by rubocop
Severity
Category
Status
Source
Language