SpeciesFileGroup/taxonworks

View on GitHub
app/controllers/sources_controller.rb

Summary

Maintainability
C
1 day
Test Coverage

Unsafe reflection method safe_constantize called with model attribute
Open

        @source = @source.becomes!(@source.type.safe_constantize)

Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.

The obvious form of this is the use of eval with user input.

However, Brakeman also reports on dangerous uses of send, constantize, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.

Method has too many lines. [43/25]
Open

  def filter_params
    params[:project_id] = sessions_current_project_id
    params.permit(
      :author,
      :ancestor_id,

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class SourcesController has 30 methods (exceeds 20 allowed). Consider refactoring.
Open

class SourcesController < ApplicationController
  include DataControllerConfiguration::SharedDataControllerConfiguration

  before_action :set_source, only: [:show, :edit, :update, :destroy, :clone, :api_show]
  after_action -> { set_pagination_headers(:sources) }, only: [:index, :api_index ], if: :json_request?
Severity: Minor
Found in app/controllers/sources_controller.rb - About 3 hrs to fix

    Method has too many lines. [42/25]
    Open

      def api_params
        params[:project_id] = sessions_current_project_id
        params.permit(
          :ancestor_id,
          :author,

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    File sources_controller.rb has 315 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class SourcesController < ApplicationController
      include DataControllerConfiguration::SharedDataControllerConfiguration
    
      before_action :set_source, only: [:show, :edit, :update, :destroy, :clone, :api_show]
      after_action -> { set_pagination_headers(:sources) }, only: [:index, :api_index ], if: :json_request?
    Severity: Minor
    Found in app/controllers/sources_controller.rb - About 3 hrs to fix

      Method filter_params has 43 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def filter_params
          params[:project_id] = sessions_current_project_id
          params.permit(
            :author,
            :ancestor_id,
      Severity: Minor
      Found in app/controllers/sources_controller.rb - About 1 hr to fix

        Method api_params has 42 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def api_params
            params[:project_id] = sessions_current_project_id
            params.permit(
              :ancestor_id,
              :author,
        Severity: Minor
        Found in app/controllers/sources_controller.rb - About 1 hr to fix

          Method create_bibtex_batch_load has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

            def create_bibtex_batch_load
              file = params.require(:file)
              redirect_to batch_load_sources_path, notice: 'no file has been selected' and return if file.blank?
              sha256 = Digest::SHA256.file(file.tempfile)
              if cookies[:batch_sources_md5] == sha256.hexdigest
          Severity: Minor
          Found in app/controllers/sources_controller.rb - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method preview_bibtex_batch_load has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
          Open

            def preview_bibtex_batch_load
              file = params.require(:file)
              redirect_to batch_load_sources_path, notice: 'No file has been selected.' and return if file.blank?
              file_ok, mimetype = Utilities::Files.recognized_batch_file_type?(file.tempfile)
              if !file_ok
          Severity: Minor
          Found in app/controllers/sources_controller.rb - About 35 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          TODO found
          Open

                  # TODO - handle count and download
          Severity: Minor
          Found in app/controllers/sources_controller.rb by fixme

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

            def attributes
              render json: ::Source.columns.select{
                |a| Queries::Source::Filter::ATTRIBUTES.include?(
                  a.name)
              }.collect{|b| {'name' => b.name, 'type' => b.type } }
          Severity: Minor
          Found in app/controllers/sources_controller.rb and 1 other location - About 20 mins to fix
          app/controllers/collecting_events_controller.rb on lines 105..110

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 27.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Prefer single-quoted strings when you don't need string interpolation or special symbols.
          Open

              redirect_to new_source_task_path, notice: "Redirected to new interface."

          Checks if uses of quotes match the configured preference.

          Example: EnforcedStyle: single_quotes (default)

          # bad
          "No special symbols"
          "No string interpolation"
          "Just text"
          
          # good
          'No special symbols'
          'No string interpolation'
          'Just text'
          "Wait! What's #{this}!"

          Example: EnforcedStyle: double_quotes

          # bad
          'Just some text'
          'No special chars or interpolation'
          
          # good
          "Just some text"
          "No special chars or interpolation"
          "Every string in #{project} uses double_quotes"

          Prefer symbols instead of strings as hash keys.
          Open

              }.collect{|b| {'name' => b.name, 'type' => b.type } }

          This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

          Example:

          # bad
          { 'one' => 1, 'two' => 2, 'three' => 3 }
          
          # good
          { one: 1, two: 2, three: 3 }

          Prefer symbols instead of strings as hash keys.
          Open

              }.collect{|b| {'name' => b.name, 'type' => b.type } }

          This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

          Example:

          # bad
          { 'one' => 1, 'two' => 2, 'three' => 3 }
          
          # good
          { one: 1, two: 2, three: 3 }

          There are no issues that match your filters.

          Category
          Status