Mass assignment is not restricted using attr_accessible Open
class CollectionMatrix < ApplicationRecord
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Class has too many lines. [199/100] Open
class CollectionMatrix < ApplicationRecord
### Download Helpers #########################################################
# Get the base URL for remote matrix downloads
def self.get_base_url
- Read upRead up
- Exclude checks
Checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
You can set literals you want to fold with CountAsOne
.
Available are: 'array', 'hash', and 'heredoc'. Each literal
will be counted as one line regardless of its actual size.
Example: CountAsOne: ['array', 'heredoc']
class Foo
ARRAY = [ # +1
1,
2
]
HASH = { # +3
key: 'value'
}
MSG = <<~HEREDOC # +1
Heredoc
content.
HEREDOC
end # 5 points
NOTE: This cop also applies for Struct
definitions.
Method has too many lines. [18/10] Open
def self.options_for_sorted_by
[
['ID (High to Low)', 'id_desc'],
['ID (Low to High)', 'id_asc'],
['Group (A to Z)', 'group_asc'],
- Read upRead up
- Exclude checks
Checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
You can set literals you want to fold with CountAsOne
.
Available are: 'array', 'hash', and 'heredoc'. Each literal
will be counted as one line regardless of its actual size.
NOTE: The ExcludedMethods
configuration is deprecated and only kept
for backwards compatibility. Please use IgnoredMethods
instead.
Example: CountAsOne: ['array', 'heredoc']
def m
array = [ # +1
1,
2
]
hash = { # +3
key: 'value'
}
<<~HEREDOC # +1
Heredoc
content.
HEREDOC
end # 5 points
Method has too many lines. [13/10] Open
def get_url(file_format)
base_url = CollectionMatrix.get_base_url
case file_format
when :matlab
"#{base_url}mat/#{group}/#{name}.mat"
- Read upRead up
- Exclude checks
Checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
You can set literals you want to fold with CountAsOne
.
Available are: 'array', 'hash', and 'heredoc'. Each literal
will be counted as one line regardless of its actual size.
NOTE: The ExcludedMethods
configuration is deprecated and only kept
for backwards compatibility. Please use IgnoredMethods
instead.
Example: CountAsOne: ['array', 'heredoc']
def m
array = [ # +1
1,
2
]
hash = { # +3
key: 'value'
}
<<~HEREDOC # +1
Heredoc
content.
HEREDOC
end # 5 points
Do not prefix reader method names with get_
. Open
def self.get_base_url
- Read upRead up
- Exclude checks
Makes sure that accessor methods are named properly. Applies to both instance and class methods.
NOTE: Offenses are only registered for methods with the expected
arity. Getters (get_attribute
) must have no arguments to be
registered, and setters (set_attribute(value)
) must have exactly
one.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
# accepted, incorrect arity for getter
def get_value(attr)
end
# accepted, incorrect arity for setter
def set_value
end
Missing top-level documentation comment for class CollectionMatrix
. Open
class CollectionMatrix < ApplicationRecord
- Read upRead up
- Exclude checks
Checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, constant definitions or constant visibility declarations.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
module Math
end
# good
# Description/Explanation of Person class
class Person
# ...
end
# allowed
# Class without body
class Person
end
# Namespace - A namespace can be a class or a module
# Containing a class
module Namespace
# Description/Explanation of Person class
class Person
# ...
end
end
# Containing constant visibility declaration
module Namespace
class Private
end
private_constant :Private
end
# Containing constant definition
module Namespace
Public = Class.new
end
# Macro calls
module Namespace
extend Foo
end
Example: AllowedConstants: ['ClassMethods']
# good
module A
module ClassMethods
# ...
end
end