Mass assignment is not restricted using attr_accessible Open
class Membership < ActiveRecord::Base
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Class has too many lines. [107/100] Open
class Membership < ActiveRecord::Base
include Commerce::Purchasable
include Commerce::Subscribable
delegate :url_helpers, to: 'Rails.application.routes'
- Read upRead up
- Exclude checks
Checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
You can set literals you want to fold with CountAsOne
.
Available are: 'array', 'hash', and 'heredoc'. Each literal
will be counted as one line regardless of its actual size.
Example: CountAsOne: ['array', 'heredoc']
class Foo
ARRAY = [ # +1
1,
2
]
HASH = { # +3
key: 'value'
}
MSG = <<~HEREDOC # +1
Heredoc
content.
HEREDOC
end # 5 points
NOTE: This cop also applies for Struct
definitions.
Class Membership
has 21 methods (exceeds 20 allowed). Consider refactoring. Open
class Membership < ActiveRecord::Base
include Commerce::Purchasable
include Commerce::Subscribable
delegate :url_helpers, to: 'Rails.application.routes'
Use if override.blank?
instead of unless override.present?
. Open
return nil unless override.present?
- Read upRead up
- Exclude checks
This cop checks for code that can be written with simpler conditionals
using Object#blank?
defined by Active Support.
Interaction with Style/UnlessElse
:
The configuration of NotPresent
will not produce an offense in the
context of unless else
if Style/UnlessElse
is inabled. This is
to prevent interference between the auto-correction of the two cops.
Example: NilOrEmpty: true (default)
# Converts usages of `nil? || empty?` to `blank?`
# bad
foo.nil? || foo.empty?
foo == nil || foo.empty?
# good
foo.blank?
Example: NotPresent: true (default)
# Converts usages of `!present?` to `blank?`
# bad
!foo.present?
# good
foo.blank?
Example: UnlessPresent: true (default)
# Converts usages of `unless present?` to `if blank?`
# bad
something unless foo.present?
# good
something if foo.blank?
# bad
unless foo.present?
something
end
# good
if foo.blank?
something
end
# good
def blank?
!present?
end
Uniqueness validation should have a unique index on the database column. Open
validates :year, presence: true,
inclusion: {
in: ->(_) { (Date.current.year..Date.current.year + 1) }
},
uniqueness: {
- Exclude checks
Models should subclass ApplicationRecord
. Open
class Membership < ActiveRecord::Base
- Read upRead up
- Exclude checks
This cop checks that models subclass ApplicationRecord with Rails 5.0.
Example:
# good class Rails5Model < ApplicationRecord # ... end
# bad class Rails4Model < ActiveRecord::Base # ... end
Move locale texts to the locale files in the config/locales
directory. (https://rails.rubystyle.guide/#locale-texts) Open
validates :type, presence: true, inclusion: { in: TYPES, message: 'is not valid' }
- Exclude checks
Add empty line after guard clause. Open
return nil unless override.present?
- Read upRead up
- Exclude checks
Enforces empty line after guard clause
Example:
# bad
def foo
return if need_return?
bar
end
# good
def foo
return if need_return?
bar
end
# good
def foo
return if something?
return if something_different?
bar
end
# also good
def foo
if something?
do_something
return if need_return?
end
end
Align parts of a string concatenated with backslash. Open
"(<#{url_helpers.user_url(user)}|@#{user.username}>):\n" \
- Read upRead up
- Exclude checks
Checks the indentation of the next line after a line that ends with a string literal and a backslash.
If EnforcedStyle: aligned
is set, the concatenated string parts shall be aligned with the
first part. There are some exceptions, such as implicit return values, where the
concatenated string parts shall be indented regardless of EnforcedStyle
configuration.
If EnforcedStyle: indented
is set, it's the second line that shall be indented one step
more than the first line. Lines 3 and forward shall be aligned with line 2.
Example:
# bad
def some_method
'x' \
'y' \
'z'
end
my_hash = {
first: 'a message' \
'in two parts'
}
# good
def some_method
'x' \
'y' \
'z'
end
Example: EnforcedStyle: aligned (default)
# bad
puts 'x' \
'y'
my_hash = {
first: 'a message' \
'in two parts'
}
# good
puts 'x' \
'y'
my_hash = {
first: 'a message' \
'in two parts'
}
Example: EnforcedStyle: indented
# bad
result = 'x' \
'y'
my_hash = {
first: 'a message' \
'in two parts'
}
# good
result = 'x' \
'y'
my_hash = {
first: 'a message' \
'in two parts'
}
%w
-literals should be delimited by [
and ]
. (https://rubystyle.guide#percent-literal-braces) Open
%w(Individual Family Relative).map { |type| "#{type}: #{breakdown[[season, type]] || 0}" }.join(' | ')
- Read upRead up
- Exclude checks
Enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Redundant self
detected. (https://rubystyle.guide#no-self-unless-required) Open
COSTS[self.to_s.to_sym]
- Read upRead up
- Exclude checks
Checks for redundant uses of self
.
The usage of self
is only needed when:
Sending a message to same object with zero arguments in presence of a method name clash with an argument or a local variable.
Calling an attribute writer to prevent a local variable assignment.
Note, with using explicit self you can only send messages with public or protected scope, you cannot send private messages this way.
Note we allow uses of self
with operators because it would be awkward
otherwise.
Example:
# bad
def foo(bar)
self.baz
end
# good
def foo(bar)
self.bar # Resolves name clash with the argument.
end
def foo
bar = 1
self.bar # Resolves name clash with the local variable.
end
def foo
%w[x y z].select do |bar|
self.bar == bar # Resolves name clash with argument of the block.
end
end
%w
-literals should be delimited by [
and ]
. (https://rubystyle.guide#percent-literal-braces) Open
TYPES = %w(Individual Family Relative).freeze
- Read upRead up
- Exclude checks
Enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
%w
-literals should be delimited by [
and ]
. (https://rubystyle.guide#percent-literal-braces) Open
PRIVILEGES = %w(admin executive_board at_large_board).freeze
- Read upRead up
- Exclude checks
Enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Do not use parentheses for method calls with no arguments. (https://rubystyle.guide#method-invocation-parens) Open
(((base + 0.3) / (1 - 0.029)) * 100).round().to_i.to_s
- Read upRead up
- Exclude checks
Checks for unwanted parentheses in parameterless method calls.
This cop can be customized allowed methods with AllowedMethods
.
By default, there are no methods to allowed.
Example:
# bad
object.some_method()
# good
object.some_method
Example: AllowedMethods: [] (default)
# bad
object.foo()
Example: AllowedMethods: [foo]
# good
object.foo()
Avoid comma after the last item of a hash. Open
Family: price_plus_stripe_fee(40),
- Read upRead up
- Exclude checks
Checks for trailing comma in hash literals. The configuration options are:
-
consistent_comma
: Requires a comma after the last item of all non-empty, multiline hash literals. -
comma
: Requires a comma after the last item in a hash, but only when each item is on its own line. -
no_comma
: Does not require a comma after the last item in a hash
Example: EnforcedStyleForMultiline: consistent_comma
# bad
a = { foo: 1, bar: 2, }
# good
a = { foo: 1, bar: 2 }
# good
a = {
foo: 1, bar: 2,
qux: 3,
}
# good
a = {
foo: 1, bar: 2, qux: 3,
}
# good
a = {
foo: 1,
bar: 2,
}
Example: EnforcedStyleForMultiline: comma
# bad
a = { foo: 1, bar: 2, }
# good
a = { foo: 1, bar: 2 }
# bad
a = {
foo: 1, bar: 2,
qux: 3,
}
# good
a = {
foo: 1, bar: 2,
qux: 3
}
# bad
a = {
foo: 1, bar: 2, qux: 3,
}
# good
a = {
foo: 1, bar: 2, qux: 3
}
# good
a = {
foo: 1,
bar: 2,
}
Example: EnforcedStyleForMultiline: no_comma (default)
# bad
a = { foo: 1, bar: 2, }
# good
a = {
foo: 1,
bar: 2
}
Omit the hash value. (https://rubystyle.guide#hash-literals) Open
scope :current, ->(year = Date.current.year) { includes(:user).where(year: year, refunded: [nil, false]).where.not(user_id: nil) }
- Read upRead up
- Exclude checks
Checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
This cop has EnforcedShorthandSyntax
option.
It can enforce either the use of the explicit hash value syntax or
the use of Ruby 3.1's hash value shorthand syntax.
The supported styles are:
- always - forces use of the 3.1 syntax (e.g. {foo:})
- never - forces use of explicit hash literal value
- either - accepts both shorthand and explicit use of hash literal value
- consistent - like "either", but will avoid mixing styles in a single hash
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Example: EnforcedShorthandSyntax: always (default)
# bad
{foo: foo, bar: bar}
# good
{foo:, bar:}
Example: EnforcedShorthandSyntax: never
# bad
{foo:, bar:}
# good
{foo: foo, bar: bar}
Example: EnforcedShorthandSyntax: either
# good
{foo: foo, bar: bar}
# good
{foo:, bar:}
Example: EnforcedShorthandSyntax: consistent
# bad
{foo: , bar: bar}
# good
{foo:, bar:}
# bad
{foo: , bar: baz}
# good
{foo: foo, bar: baz}
Add empty line after guard clause. Open
return true if is_a?(Relative) || overriding_admin.present?
- Read upRead up
- Exclude checks
Enforces empty line after guard clause
Example:
# bad
def foo
return if need_return?
bar
end
# good
def foo
return if need_return?
bar
end
# good
def foo
return if something?
return if something_different?
bar
end
# also good
def foo
if something?
do_something
return if need_return?
end
end
Add empty line after guard clause. Open
return unless privileges.changed? && user.cannot?(:grant_privileges, Membership)
- Read upRead up
- Exclude checks
Enforces empty line after guard clause
Example:
# bad
def foo
return if need_return?
bar
end
# good
def foo
return if need_return?
bar
end
# good
def foo
return if something?
return if something_different?
bar
end
# also good
def foo
if something?
do_something
return if need_return?
end
end
Omit the hash value. (https://rubystyle.guide#hash-literals) Open
year: year,
- Read upRead up
- Exclude checks
Checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
This cop has EnforcedShorthandSyntax
option.
It can enforce either the use of the explicit hash value syntax or
the use of Ruby 3.1's hash value shorthand syntax.
The supported styles are:
- always - forces use of the 3.1 syntax (e.g. {foo:})
- never - forces use of explicit hash literal value
- either - accepts both shorthand and explicit use of hash literal value
- consistent - like "either", but will avoid mixing styles in a single hash
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Example: EnforcedShorthandSyntax: always (default)
# bad
{foo: foo, bar: bar}
# good
{foo:, bar:}
Example: EnforcedShorthandSyntax: never
# bad
{foo:, bar:}
# good
{foo: foo, bar: bar}
Example: EnforcedShorthandSyntax: either
# good
{foo: foo, bar: bar}
# good
{foo:, bar:}
Example: EnforcedShorthandSyntax: consistent
# bad
{foo: , bar: bar}
# good
{foo:, bar:}
# bad
{foo: , bar: baz}
# good
{foo: foo, bar: baz}