Showing 1,314 of 1,314 total issues
Avoid more than 3 levels of block nesting. Open
tags2desc[tag] = entry.nil? ? tag.titleize : entry.description
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for excessive nesting of conditional and looping constructs.
You can configure if blocks are considered using the CountBlocks
option. When set to false
(the default) blocks are not counted
towards the nesting level. Set to true
to count blocks as well.
The maximum level of nesting allowed is configurable.
Use filter_map
instead. Open
class_array = user.current_tenant.visible_domains.pluck(:name).collect do |domain|
fq_ns = domain + "/" + partial_ns
ae_ns = MiqAeNamespace.lookup_by_fqname(fq_ns)
next if ae_ns.nil?
- Create a ticketCreate a ticket
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
YAML.load(data)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load
as Psych.safe_load
by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load
is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Interpolation in single quoted string detected. Use double quoted strings if you need interpolation. Open
{:name => "ems_alarm", :description => N_("VMware Alarm"), :db => ["Vm", "Host", "EmsCluster"], :responds_to_events => 'AlarmStatusChangedEvent_#{hash_expression[:options][:ems_id]}_#{hash_expression[:options][:ems_alarm_mor]}',
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for interpolation in a single quoted string.
Safety:
This cop's autocorrection is unsafe because although it always replaces single quotes as
if it were miswritten double quotes, it is not always the case. For example,
'#{foo} bar'
would be replaced by "#{foo} bar"
, so the replaced code would evaluate
the expression foo
.
Example:
# bad
foo = 'something with #{interpolation} inside'
Example:
# good
foo = "something with #{interpolation} inside"
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
next(hh) if ["timestamp", "v_date", "v_time", "resource_name"].include?(col)
- Create a ticketCreate a ticket
- Exclude checks
Use inputs['MiqEvent::miq_event'] = event_obj.id; inputs[:miq_event_id] = event_obj.id
instead of inputs.merge!('MiqEvent::miq_event' => event_obj.id, :miq_event_id => event_obj.id)
. Open
inputs.merge!('MiqEvent::miq_event' => event_obj.id, :miq_event_id => event_obj.id)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop identifies places where Hash#merge!
can be replaced by
Hash#[]=
.
Example:
hash.merge!(a: 1)
hash.merge!({'key' => 'value'})
hash.merge!(a: 1, b: 2)
Use filter_map
instead. Open
miq_policy_contents.collect(&:miq_event_definition).compact.uniq
- Create a ticketCreate a ticket
- Exclude checks
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
sql_col = Arel::Nodes::NamedFunction.new('LOWER', [sql_col]) if [:string, :text].include?(sql_type)
- Create a ticketCreate a ticket
- Exclude checks
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
next if %w[id created_on updated_on updated_by].include?(cname) || cname.ends_with?("_id")
- Create a ticketCreate a ticket
- Exclude checks
Interpolation in single quoted string detected. Use double quoted strings if you need interpolation. Open
{:name => "event_threshold", :description => N_("Event Threshold"), :db => ["Vm"], :responds_to_events => '#{hash_expression[:options][:event_types]}',
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for interpolation in a single quoted string.
Safety:
This cop's autocorrection is unsafe because although it always replaces single quotes as
if it were miswritten double quotes, it is not always the case. For example,
'#{foo} bar'
would be replaced by "#{foo} bar"
, so the replaced code would evaluate
the expression foo
.
Example:
# bad
foo = 'something with #{interpolation} inside'
Example:
# good
foo = "something with #{interpolation} inside"
Do not suppress exceptions. Open
rescue
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for rescue
blocks with no body.
Example:
# bad
def some_method
do_something
rescue
end
# bad
begin
do_something
rescue
end
# good
def some_method
do_something
rescue
handle_exception
end
# good
begin
do_something
rescue
handle_exception
end
Example: AllowComments: true (default)
# good
def some_method
do_something
rescue
# do nothing
end
# good
begin
do_something
rescue
# do nothing
end
Example: AllowComments: false
# bad
def some_method
do_something
rescue
# do nothing
end
# bad
begin
do_something
rescue
# do nothing
end
Example: AllowNil: true (default)
# good
def some_method
do_something
rescue
nil
end
# good
begin
do_something
rescue
# do nothing
end
# good
do_something rescue nil
Example: AllowNil: false
# bad
def some_method
do_something
rescue
nil
end
# bad
begin
do_something
rescue
nil
end
# bad
do_something rescue nil
Use filter_map
instead. Open
miq_policy_contents.collect(&:miq_action).compact.uniq
- Create a ticketCreate a ticket
- Exclude checks
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
["qualifier", "success_sequence", "failure_sequence", "success_synchronous", "failure_synchronous"].each do |k|
- Create a ticketCreate a ticket
- Exclude checks
Avoid using Marshal.load
. Open
msg_data && Marshal.load(msg_data)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of Marshal class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
Example:
# bad
Marshal.load("{}")
Marshal.restore("{}")
# good
Marshal.dump("{}")
# okish - deep copy hack
Marshal.load(Marshal.dump({}))
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
unless options.values.all? { |v| [true, false].include?(v) }
- Create a ticketCreate a ticket
- Exclude checks
Use filter_map
instead. Open
Array(sorting_columns).collect do |attr|
if cols_for_report.include?(attr)
attr
else
raise ArgumentError, N_("%{attribute} is not a valid attribute for %{name}") % {:attribute => attr, :name => name}
- Create a ticketCreate a ticket
- Exclude checks
Use all?(0)
instead of block. Open
return if arr.all? { |a| a == 0 }
- Create a ticketCreate a ticket
- Exclude checks
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
if ["y", "c"].include?(group) && !sortby.nil? && save_val != d.data[sortby[0]].to_s
- Create a ticketCreate a ticket
- Exclude checks
Remove redundant sort
. Open
Dir.glob(SCRIPT_DIR.join("*")).sort.each do |f|
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Sort globbed results by default in Ruby 3.0.
This cop checks for redundant sort
method to Dir.glob
and Dir[]
.
Safety:
This cop is unsafe, in case of having a file and a directory with
identical names, since directory will be loaded before the file, which
will break exe/files.rb
that rely on exe.rb
file.
Example:
# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end
Dir['./lib/**/*.rb'].sort.each do |file|
end
# good
Dir.glob('./lib/**/*.rb').each do |file|
end
Dir['./lib/**/*.rb'].each do |file|
end
Avoid immutable Array literals in loops. It is better to extract it into a local variable or a constant. Open
next if %w[id created_on updated_on updated_by].include?(cname) || cname.ends_with?("_id")
- Create a ticketCreate a ticket
- Exclude checks