Showing 208 of 212 total issues
Color literals like #fff
should only be used in variable declarations; they should be referred to via variable everywhere else. Open
background-color: #fff;
- Exclude checks
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Rename has_formula?
to formula?
. Open
def has_formula?
- Read upRead up
- Exclude checks
This cop makes sure that predicates are named properly.
Example:
# bad
def is_even?(value)
end
# good
def even?(value)
end
# bad
def has_value?
end
# good
def value?
end
Use each_value
instead of each
. Open
variable.spec['formulas'].each do |_d, formula|
- Read upRead up
- Exclude checks
This cop checks for uses of each_key
and each_value
Hash methods.
Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.
Example:
# bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }
# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }
Properties should be ordered background-color, font-size, padding Open
padding: 10px;
- Exclude checks
Avoid using id selectors Open
#error_explanation {
- Exclude checks
0.1875
should be written without a leading zero as .1875
Open
$border-radius: 0.1875rem;
- Exclude checks
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.2.4.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
Use each_key
instead of keys.each
. Open
json_response.keys.each do |name|
- Read upRead up
- Exclude checks
This cop checks for uses of each_key
and each_value
Hash methods.
Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.
Example:
# bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }
# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }
0.5
should be written without a leading zero as .5
Open
padding: 0.2rem 0.5rem;
- Exclude checks
Color literals like #333
should only be used in variable declarations; they should be referred to via variable everywhere else. Open
color: #333;
- Exclude checks
Color literals like #fff
should only be used in variable declarations; they should be referred to via variable everywhere else. Open
color: #fff;
- Exclude checks
Color red
should be written in hexadecimal form as #ff0000
Open
background-color: red;
- Exclude checks
Color literals like red
should only be used in variable declarations; they should be referred to via variable everywhere else. Open
border: 2px solid red;
- Exclude checks
Prefer using YAML.safe_load
over YAML.load
. Open
scenarios_list = YAML.load(File.read(filename))
- Read upRead up
- Exclude checks
This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
Example:
# bad
YAML.load("--- foo")
# good
YAML.safe_load("--- foo")
YAML.dump("foo")
0.125
should be written without a leading zero as .125
Open
box-shadow: 0 0.125rem 0.3125rem rgba(darken($grey, 10%), 0.8);
- Exclude checks
0.3125
should be written without a leading zero as .3125
Open
margin-right: 0.3125rem;
- Exclude checks
Color green
should be written in hexadecimal form as #008000
Open
color: green;
- Exclude checks
0.9
should be written without a leading zero as .9
Open
box-shadow: 0 0.125rem 0.3125rem rgba(darken($grey, 10%), 0.9);
- Exclude checks
Potential XSS vulnerability in Action View Open
actionview (5.2.4.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3