Mass assignment is not restricted using attr_accessible Open
class RecurringTodo < ApplicationRecord
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
RecurringTodo has at least 16 methods Open
class RecurringTodo < ApplicationRecord
- Read upRead up
- Exclude checks
Too Many Methods
is a special case of LargeClass
.
Example
Given this configuration
TooManyMethods:
max_methods: 3
and this code:
class TooManyMethods
def one; end
def two; end
def three; end
def four; end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:TooManyMethods has at least 4 methods (TooManyMethods)
RecurringTodo assumes too much for instance variable '@pattern' Open
class RecurringTodo < ApplicationRecord
- Read upRead up
- Exclude checks
Classes should not assume that instance variables are set or present outside of the current class definition.
Good:
class Foo
def initialize
@bar = :foo
end
def foo?
@bar == :foo
end
end
Good as well:
class Foo
def foo?
bar == :foo
end
def bar
@bar ||= :foo
end
end
Bad:
class Foo
def go_foo!
@bar = :foo
end
def foo?
@bar == :foo
end
end
Example
Running Reek on:
class Dummy
def test
@ivar
end
end
would report:
[1]:InstanceVariableAssumption: Dummy assumes too much for instance variable @ivar
Note that this example would trigger this smell warning as well:
class Parent
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
@omg
end
end
The way to address the smell warning is that you should create an attr_reader
to use @omg
in the subclass and not access @omg
directly like this:
class Parent
attr_reader :omg
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
omg
end
end
Directly accessing instance variables is considered a smell because it breaks encapsulation and makes it harder to reason about code.
If you don't want to expose those methods as public API just make them private like this:
class Parent
def initialize(omg)
@omg = omg
end
private
attr_reader :omg
end
class Child < Parent
def foo
omg
end
end
Current Support in Reek
An instance variable must:
- be set in the constructor
- or be accessed through a method with lazy initialization / memoization.
If not, Instance Variable Assumption will be reported.
RecurringTodo has no descriptive comment Open
class RecurringTodo < ApplicationRecord
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
RecurringTodo has missing safe method 'toggle_star!' Open
def toggle_star!
- Read upRead up
- Exclude checks
A candidate method for the Missing Safe Method
smell are methods whose names end with an exclamation mark.
An exclamation mark in method names means (the explanation below is taken from here ):
The ! in method names that end with ! means, “This method is dangerous”—or, more precisely, this method is the “dangerous” version of an otherwise equivalent method, with the same name minus the !. “Danger” is relative; the ! doesn’t mean anything at all unless the method name it’s in corresponds to a similar but bang-less method name. So, for example, gsub! is the dangerous version of gsub. exit! is the dangerous version of exit. flatten! is the dangerous version of flatten. And so forth.
Such a method is called Missing Safe Method
if and only if her non-bang version does not exist and this method is reported as a smell.
Example
Given
class C
def foo; end
def foo!; end
def bar!; end
end
Reek would report bar!
as Missing Safe Method
smell but not foo!
.
Reek reports this smell only in a class context, not in a module context in order to allow perfectly legit code like this:
class Parent
def foo; end
end
module Dangerous
def foo!; end
end
class Son < Parent
include Dangerous
end
class Daughter < Parent
end
In this example, Reek would not report the Missing Safe Method
smell for the method foo
of the Dangerous
module.
RecurringTodo#clear_todos_association performs a nil-check Open
unless todos.nil?
- Read upRead up
- Exclude checks
A NilCheck
is a type check. Failures of NilCheck
violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)
RecurringTodo has missing safe method 'toggle_completion!' Open
def toggle_completion!
- Read upRead up
- Exclude checks
A candidate method for the Missing Safe Method
smell are methods whose names end with an exclamation mark.
An exclamation mark in method names means (the explanation below is taken from here ):
The ! in method names that end with ! means, “This method is dangerous”—or, more precisely, this method is the “dangerous” version of an otherwise equivalent method, with the same name minus the !. “Danger” is relative; the ! doesn’t mean anything at all unless the method name it’s in corresponds to a similar but bang-less method name. So, for example, gsub! is the dangerous version of gsub. exit! is the dangerous version of exit. flatten! is the dangerous version of flatten. And so forth.
Such a method is called Missing Safe Method
if and only if her non-bang version does not exist and this method is reported as a smell.
Example
Given
class C
def foo; end
def foo!; end
def bar!; end
end
Reek would report bar!
as Missing Safe Method
smell but not foo!
.
Reek reports this smell only in a class context, not in a module context in order to allow perfectly legit code like this:
class Parent
def foo; end
end
module Dangerous
def foo!; end
end
class Son < Parent
include Dangerous
end
class Daughter < Parent
end
In this example, Reek would not report the Missing Safe Method
smell for the method foo
of the Dangerous
module.
RecurringTodo has missing safe method 'remove_from_project!' Open
def remove_from_project!
- Read upRead up
- Exclude checks
A candidate method for the Missing Safe Method
smell are methods whose names end with an exclamation mark.
An exclamation mark in method names means (the explanation below is taken from here ):
The ! in method names that end with ! means, “This method is dangerous”—or, more precisely, this method is the “dangerous” version of an otherwise equivalent method, with the same name minus the !. “Danger” is relative; the ! doesn’t mean anything at all unless the method name it’s in corresponds to a similar but bang-less method name. So, for example, gsub! is the dangerous version of gsub. exit! is the dangerous version of exit. flatten! is the dangerous version of flatten. And so forth.
Such a method is called Missing Safe Method
if and only if her non-bang version does not exist and this method is reported as a smell.
Example
Given
class C
def foo; end
def foo!; end
def bar!; end
end
Reek would report bar!
as Missing Safe Method
smell but not foo!
.
Reek reports this smell only in a class context, not in a module context in order to allow perfectly legit code like this:
class Parent
def foo; end
end
module Dangerous
def foo!; end
end
class Son < Parent
include Dangerous
end
class Daughter < Parent
end
In this example, Reek would not report the Missing Safe Method
smell for the method foo
of the Dangerous
module.
RecurringTodo#clear_todos_association has the variable name 't' Open
todos.each do |t|
- Read upRead up
- Exclude checks
An Uncommunicative Variable Name
is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
Use delegate
to define delegations. Open
def continues_recurring?(previous)
- Read upRead up
- Exclude checks
This cop looks for delegations that could have been created
automatically with the delegate
method.
Safe navigation &.
is ignored because Rails' allow_nil
option checks not just for nil but also delegates if nil
responds to the delegated method.
The EnforceForPrefixed
option (defaulted to true
) means that
using the target object as a prefix of the method name
without using the delegate
method will be a violation.
When set to false
, this case is legal.
Example:
# bad
def bar
foo.bar
end
# good
delegate :bar, to: :foo
# good
def bar
foo&.bar
end
# good
private
def bar
foo.bar
end
# EnforceForPrefixed: true
# bad
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
# EnforceForPrefixed: false
# good
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
Use delegate
to define delegations. Open
def recurrence_pattern
- Read upRead up
- Exclude checks
This cop looks for delegations that could have been created
automatically with the delegate
method.
Safe navigation &.
is ignored because Rails' allow_nil
option checks not just for nil but also delegates if nil
responds to the delegated method.
The EnforceForPrefixed
option (defaulted to true
) means that
using the target object as a prefix of the method name
without using the delegate
method will be a violation.
When set to false
, this case is legal.
Example:
# bad
def bar
foo.bar
end
# good
delegate :bar, to: :foo
# good
def bar
foo&.bar
end
# good
private
def bar
foo.bar
end
# EnforceForPrefixed: true
# bad
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
# EnforceForPrefixed: false
# good
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
Use delegate
to define delegations. Open
def get_show_from_date(previous)
- Read upRead up
- Exclude checks
This cop looks for delegations that could have been created
automatically with the delegate
method.
Safe navigation &.
is ignored because Rails' allow_nil
option checks not just for nil but also delegates if nil
responds to the delegated method.
The EnforceForPrefixed
option (defaulted to true
) means that
using the target object as a prefix of the method name
without using the delegate
method will be a violation.
When set to false
, this case is legal.
Example:
# bad
def bar
foo.bar
end
# good
delegate :bar, to: :foo
# good
def bar
foo&.bar
end
# good
private
def bar
foo.bar
end
# EnforceForPrefixed: true
# bad
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
# EnforceForPrefixed: false
# good
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
Use delegate
to define delegations. Open
def recurring_target_as_text
- Read upRead up
- Exclude checks
This cop looks for delegations that could have been created
automatically with the delegate
method.
Safe navigation &.
is ignored because Rails' allow_nil
option checks not just for nil but also delegates if nil
responds to the delegated method.
The EnforceForPrefixed
option (defaulted to true
) means that
using the target object as a prefix of the method name
without using the delegate
method will be a violation.
When set to false
, this case is legal.
Example:
# bad
def bar
foo.bar
end
# good
delegate :bar, to: :foo
# good
def bar
foo&.bar
end
# good
private
def bar
foo.bar
end
# EnforceForPrefixed: true
# bad
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
# EnforceForPrefixed: false
# good
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
Use delegate
to define delegations. Open
def get_due_date(previous)
- Read upRead up
- Exclude checks
This cop looks for delegations that could have been created
automatically with the delegate
method.
Safe navigation &.
is ignored because Rails' allow_nil
option checks not just for nil but also delegates if nil
responds to the delegated method.
The EnforceForPrefixed
option (defaulted to true
) means that
using the target object as a prefix of the method name
without using the delegate
method will be a violation.
When set to false
, this case is legal.
Example:
# bad
def bar
foo.bar
end
# good
delegate :bar, to: :foo
# good
def bar
foo&.bar
end
# good
private
def bar
foo.bar
end
# EnforceForPrefixed: true
# bad
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
# EnforceForPrefixed: false
# good
def foo_bar
foo.bar
end
# good
delegate :bar, to: :foo, prefix: true
Specify a :dependent
option. Open
has_many :todos
- Read upRead up
- Exclude checks
This cop looks for has_many
or has_one
associations that don't
specify a :dependent
option.
It doesn't register an offense if :through
option was specified.
Example:
# bad
class User < ActiveRecord::Base
has_many :comments
has_one :avatar
end
# good
class User < ActiveRecord::Base
has_many :comments, dependent: :restrict_with_exception
has_one :avatar, dependent: :destroy
has_many :patients, through: :appointments
end
Use safe navigation (&.
) instead of checking if an object exists before calling the method. Open
unless todos.nil?
todos.each do |t|
t.recurring_todo = nil
t.save
end
- Read upRead up
- Exclude checks
This cop transforms usages of a method call safeguarded by a non nil
check for the variable whose method is being called to
safe navigation (&.
).
Configuration option: ConvertCodeThatCanStartToReturnNil
The default for this is false
. When configured to true
, this will
check for code in the format !foo.nil? && foo.bar
. As it is written,
the return of this code is limited to false
and whatever the return
of the method is. If this is converted to safe navigation,
foo&.bar
can start returning nil
as well as what the method
returns.
Example:
# bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo
foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?
foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }
# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }
foo.nil? || foo.bar
!foo || foo.bar
# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo
Use proc
instead of Proc.new
. Open
state :completed, :before_enter => Proc.new { self.completed_at = Time.zone.now }, :before_exit => Proc.new { self.completed_at = nil }
- Read upRead up
- Exclude checks
This cops checks for uses of Proc.new where Kernel#proc would be more appropriate.
Example:
# bad
p = Proc.new { |n| puts n }
# good
p = proc { |n| puts n }
Line is too long. [139/120] Open
state :completed, :before_enter => Proc.new { self.completed_at = Time.zone.now }, :before_exit => Proc.new { self.completed_at = nil }
- Exclude checks
Do not use %W
unless interpolation is needed. If not, use %w
. Open
%W[daily weekly monthly yearly].include?(recurring_period)
- Read upRead up
- Exclude checks
This cop checks for usage of the %W() syntax when %w() would do.
Example:
# bad
%W(cat dog pig)
%W[door wall floor]
# good
%w/swim run bike/
%w[shirt pants shoes]
%W(apple #{fruit} grape)
Line is too long. [127/120] Open
@pattern = eval("RecurringTodos::#{recurring_period.capitalize}RecurrencePattern.new(user)", binding, __FILE__, __LINE__)
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression. Open
unless todos.nil?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Missing magic comment # frozen_string_literal: true
. Open
class RecurringTodo < ApplicationRecord
- Read upRead up
- Exclude checks
This cop is designed to help upgrade to Ruby 3.0. It will add the
comment # frozen_string_literal: true
to the top of files to
enable frozen string literals. Frozen string literals may be default
in Ruby 3.0. The comment will be added below a shebang and encoding
comment. The frozen string literal comment is only valid in Ruby 2.3+.
Example: EnforcedStyle: when_needed (default)
# The `when_needed` style will add the frozen string literal comment
# to files only when the `TargetRubyVersion` is set to 2.3+.
# bad
module Foo
# ...
end
# good
# frozen_string_literal: true
module Foo
# ...
end
Example: EnforcedStyle: always
# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<<` are
# called on a string literal.
# bad
module Bar
# ...
end
# good
# frozen_string_literal: true
module Bar
# ...
end
Example: EnforcedStyle: never
# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true
module Baz
# ...
end
# good
module Baz
# ...
end
Use proc
instead of Proc.new
. Open
state :active, :initial => true, :before_enter => Proc.new { self.occurrences_count = 0 }
- Read upRead up
- Exclude checks
This cops checks for uses of Proc.new where Kernel#proc would be more appropriate.
Example:
# bad
p = Proc.new { |n| puts n }
# good
p = proc { |n| puts n }
Use proc
instead of Proc.new
. Open
state :completed, :before_enter => Proc.new { self.completed_at = Time.zone.now }, :before_exit => Proc.new { self.completed_at = nil }
- Read upRead up
- Exclude checks
This cops checks for uses of Proc.new where Kernel#proc would be more appropriate.
Example:
# bad
p = Proc.new { |n| puts n }
# good
p = proc { |n| puts n }
The use of eval
is a serious security risk. Open
@pattern = eval("RecurringTodos::#{recurring_period.capitalize}RecurrencePattern.new(user)", binding, __FILE__, __LINE__)
- Read upRead up
- Exclude checks
This cop checks for the use of Kernel#eval
and Binding#eval
.
Example:
# bad
eval(something)
binding.eval(something)