Sign upLogin

NMandapaty/ArcticVoice

View on GitHub
Star
app/controllers/posts_controller.rb

Summary

Maintainability
A
0 mins
Test Coverage

Possible unprotected redirect
Open

          redirect_to @post
Severity: Minor
Found in app/controllers/posts_controller.rb by brakeman

Unvalidated redirects and forwards are #10 on the OWASP Top Ten.

Redirects which rely on user-supplied values can be used to "spoof" websites or hide malicious links in otherwise harmless-looking URLs. They can also allow access to restricted areas of a site if the destination is not validated.

Brakeman will raise warnings whenever redirect_to appears to be used with a user-supplied value that may allow them to change the :host option.

For example,

redirect_to params.merge(:action => :home)

will create a warning like

Possible unprotected redirect near line 46: redirect_to(params)

This is because params could contain :host => 'evilsite.com' which would redirect away from your site and to a malicious site.

If the first argument to redirect_to is a hash, then adding :only_path => true will limit the redirect to the current host. Another option is to specify the host explicitly.

redirect_to params.merge(:only_path => true)

redirect_to params.merge(:host => 'myhost.com')

If the first argument is a string, then it is possible to parse the string and extract the path:

redirect_to URI.parse(some_url).path

If the URL does not contain a protocol (e.g., http://), then you will probably get unexpected results, as redirect_to will prepend the current host name and a protocol.

Useless assignment to variable - e.
Open

      rescue ActiveRecord::RecordNotFound => e
Severity: Minor
Found in app/controllers/posts_controller.rb by rubocop

This cop checks for every useless assignment to local variable in every scope. The basic idea for this cop was from the warning of ruby -cw:

assigned but unused variable - foo

Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.

Example:

# bad

def some_method
  some_var = 1
  do_something
end

Example:

# good

def some_method
  some_var = 1
  do_something(some_var)
end

end at 7, 3 is not aligned with def at 5, 1.
Open

      end
Severity: Minor
Found in app/controllers/posts_controller.rb by rubocop

This cop checks whether the end keywords of method definitions are aligned properly.

Two modes are supported through the EnforcedStyleAlignWith configuration parameter. If it's set to start_of_line (which is the default), the end shall be aligned with the start of the line where the def keyword is. If it's set to def, the end shall be aligned with the def keyword.

Example: EnforcedStyleAlignWith: startofline (default)

# bad

private def foo
            end

# good

private def foo
end

Example: EnforcedStyleAlignWith: def

# bad

private def foo
            end

# good

private def foo
        end

There are no issues that match your filters.

Category
Status