Sign upLogin

SpeciesFileGroup/taxonworks

View on GitHub
Star

Showing 12,636 of 12,636 total issues

Do not use instance variables in helpers.
Open

        unless @selected_column_names[column_type.to_sym][:im].keys.empty?
Severity: Minor
Found in app/helpers/tasks/gis/report_helper.rb by rubocop

Tagging a string as html safe may be a security risk.
Open

    object.documentation.where('documentation.project_id = ?', sessions_current_project_id).collect{ |o| document_viewer_button(o.document)}.join(" | ")&.html_safe
Severity: Minor
Found in app/helpers/documentation_helper.rb by rubocop

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"
#{user_content}
".html_safe
# => ActiveSupport::SafeBuffer "
hi
"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
<b>hi</b>
"

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Use 2 (not 1) spaces for indentation.
    Open

       a = extract.old_objects.collect{|o| label_for(o)}
    Severity: Minor
    Found in app/helpers/extracts_helper.rb by rubocop

    This cop checks for indentation that doesn't use the specified number of spaces.

    See also the IndentationConsistency cop which is the companion to this one.

    Example:

    # bad
class A
 def test
  puts 'hello'
 end
end

# good
class A
  def test
    puts 'hello'
  end
end

    Example: IgnoredPatterns: ['^\s*module']

    # bad
module A
class B
  def test
  puts 'hello'
  end
end
end

# good
module A
class B
  def test
    puts 'hello'
  end
end
end

    Tagging a string as html safe may be a security risk.
    Open

        links.join(', ').html_safe
    Severity: Minor
    Found in app/helpers/geographic_items_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    unexpected token tCOMMA (Using Ruby 2.4 parser; configure using TargetRubyVersion parameter, under AllCops)
    Open

          taxon_name_graph(o.taxon_name, graph: g, target: o, synonymy:, parents: true)
    Severity: Minor
    Found in app/helpers/graph_helper.rb by rubocop

    This is not actually a cop. It does not inspect anything. It just provides methods to repack Parser's diagnostics/errors into RuboCop's offenses.

    unexpected token tRPAREN (Using Ruby 2.4 parser; configure using TargetRubyVersion parameter, under AllCops)
    Open

          taxon_name_graph(t.parent, graph: g, target: t, parents:)
    Severity: Minor
    Found in app/helpers/graph_helper.rb by rubocop

    This is not actually a cop. It does not inspect anything. It just provides methods to repack Parser's diagnostics/errors into RuboCop's offenses.

    Prefer symbols instead of strings as hash keys.
    Open

              xml.meta(a.namespace.name, 'xsi:type' => 'LiteralMeta', 'property' => 'dwc:collectionID')
    Severity: Minor
    Found in app/helpers/observation_matrices/export/nexml_helper.rb by rubocop

    This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

    Example:

    # bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

    Prefer symbols instead of strings as hash keys.
    Open

              xml.meta(a.namespace.name, 'xsi:type' => 'LiteralMeta', 'property' => 'dwc:collectionID')
    Severity: Minor
    Found in app/helpers/observation_matrices/export/nexml_helper.rb by rubocop

    This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

    Example:

    # bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

    Prefer single-quoted strings when you don't need string interpolation or special symbols.
    Open

                    state = "ERROR"
    Severity: Minor
    Found in app/helpers/observation_matrices/export/nexml_helper.rb by rubocop

    Checks if uses of quotes match the configured preference.

    Example: EnforcedStyle: single_quotes (default)

    # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

    Example: EnforcedStyle: double_quotes

    # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

    Prefer symbols instead of strings as hash keys.
    Open

        '30' => 'V',
    Severity: Minor
    Found in app/helpers/observation_matrices_helper.rb by rubocop

    This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

    Example:

    # bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

    unexpected token tRPAREN (Using Ruby 2.4 parser; configure using TargetRubyVersion parameter, under AllCops)
    Open

                ) unless similar_otus.include?(o.id)
    Severity: Minor
    Found in app/helpers/otus/catalog_helper.rb by rubocop

    This is not actually a cop. It does not inspect anything. It just provides methods to repack Parser's diagnostics/errors into RuboCop's offenses.

    Tagging a string as html safe may be a security risk.
    Open

          object.editors.collect{|a| content_tag(:li, author_annotation_tag(a)) }.join.html_safe
    Severity: Minor
    Found in app/helpers/people_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Prefer symbols instead of strings as hash keys.
    Open

          'added_strings_indices' => added_strings_indices,
    Severity: Minor
    Found in app/helpers/plugins/papertrail_helper.rb by rubocop

    This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

    Example:

    # bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

    Prefer symbols instead of strings as hash keys.
    Open

          'deleted_strings' => deleted_strings,
    Severity: Minor
    Found in app/helpers/plugins/papertrail_helper.rb by rubocop

    This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

    Example:

    # bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

    Tagging a string as html safe may be a security risk.
    Open

          s += ' ' + ( c > 0 ? tag.span("#{c.to_s}&nbsp;#{'citations'.pluralize(c)}".html_safe, class: [:feedback, 'feedback-secondary', 'feedback-thin']) : '' )
    Severity: Minor
    Found in app/helpers/sources_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Tagging a string as html safe may be a security risk.
    Open

        selector_row.html_safe
    Severity: Minor
    Found in app/helpers/tasks/collecting_events/parse/stepwise/dates_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Do not use instance variables in helpers.
    Open

          page_entries_info(@collection_objects)
    Severity: Minor
    Found in app/helpers/tasks/collection_objects/area_and_date/area_and_date_helper.rb by rubocop

    Do not use instance variables in helpers.
    Open

                stage       = @selected_column_names[col_type.to_sym][sub_type.to_sym][item]
    Severity: Minor
    Found in app/helpers/tasks/gis/report_helper.rb by rubocop

    Tagging a string as html safe may be a security risk.
    Open

        object.documentation.where('documentation.project_id = ?', sessions_current_project_id).collect{ |o| documentation_download_link(o)}.join("&nbsp;|&nbsp;")&.html_safe
    Severity: Minor
    Found in app/helpers/documentation_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Tagging a string as html safe may be a security risk.
    Open

        tag.table(r.join.html_safe)
    Severity: Minor
    Found in app/helpers/dwc_occurrences_helper.rb by rubocop

    This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"
    Severity
    Category
    Status
    Source
    Language