SqlSecurity#safe_parameter? has approx 6 statements Open
def safe_parameter?(klass, name, value)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
SqlSecurity#apicasso_parameters is controlled by argument 'hash' Open
(hash || params.to_unsafe_h).slice(:group, :resource, :nested, :sort, :include, :batch)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Control Parameter
is a special case of Control Couple
Example
A simple example would be the "quoted" parameter in the following method:
def write(quoted)
if quoted
write_quoted @value
else
write_unquoted @value
end
end
Fixing those problems is out of the scope of this document but an easy solution could be to remove the "write" method alltogether and to move the calls to "writequoted" / "writeunquoted" in the initial caller of "write".
SqlSecurity#safe_parameter? contains iterators nested 2 deep Open
Array.wrap(value).each do |inner_val|
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A Nested Iterator
occurs when a block contains another block.
Example
Given
class Duck
class << self
def duck_names
%i!tick trick track!.each do |surname|
%i!duck!.each do |last_name|
puts "full name is #{surname} #{last_name}"
end
end
end
end
end
Reek would report the following warning:
test.rb -- 1 warning:
[5]:Duck#duck_names contains iterators nested 2 deep (NestedIterators)
SqlSecurity#sql_injection contains iterators nested 2 deep Open
next unless Array.wrap(klass).any? do |klass|
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A Nested Iterator
occurs when a block contains another block.
Example
Given
class Duck
class << self
def duck_names
%i!tick trick track!.each do |surname|
%i!duck!.each do |last_name|
puts "full name is #{surname} #{last_name}"
end
end
end
end
end
Reek would report the following warning:
test.rb -- 1 warning:
[5]:Duck#duck_names contains iterators nested 2 deep (NestedIterators)
Method group_sql_safe?
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def group_sql_safe?(klass, value)
value.each do |group_key, group_value|
if group_key.to_sym == :calculate
return false unless GROUP_CALCULATE.include?(group_value)
else
- Read upRead up
- Create a ticketCreate a ticket
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
SqlSecurity#safe_parameter? calls 'name.to_sym' 2 times Open
if name.to_sym == :group
group_sql_safe?(klass, value)
elsif name.to_sym == :batch
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
SqlSecurity#safe_for_sql? manually dispatches method call Wontfix
klass.new.respond_to?(value) ||
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Reek reports a Manual Dispatch smell if it finds source code that manually checks whether an object responds to a method before that method is called. Manual dispatch is a type of Simulated Polymorphism which leads to code that is harder to reason about, debug, and refactor.
Example
class MyManualDispatcher
attr_reader :foo
def initialize(foo)
@foo = foo
end
def call
foo.bar if foo.respond_to?(:bar)
end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[9]: MyManualDispatcher manually dispatches method call (ManualDispatch)
SqlSecurity#safe_for_sql? doesn't depend on instance state (maybe move it to another class?) Open
def safe_for_sql?(klass, value)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
A Utility Function is any instance method that has no dependency on the state of the instance.
SqlSecurity takes parameters ['klass', 'value'] to 4 methods Open
def safe_parameter?(klass, name, value)
if name.to_sym == :group
group_sql_safe?(klass, value)
elsif name.to_sym == :batch
value.each do |name, val|
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
In general, a Data Clump
occurs when the same two or three items frequently appear together in classes and parameter lists, or when a group of instance variable names start or end with similar substrings.
The recurrence of the items often means there is duplicate code spread around to handle them. There may be an abstraction missing from the code, making the system harder to understand.
Example
Given
class Dummy
def x(y1,y2); end
def y(y1,y2); end
def z(y1,y2); end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[2, 3, 4]:Dummy takes parameters [y1, y2] to 3 methods (DataClump)
A possible way to fix this problem (quoting from Martin Fowler):
The first step is to replace data clumps with objects and use the objects whenever you see them. An immediate benefit is that you'll shrink some parameter lists. The interesting stuff happens as you begin to look for behavior to move into the new objects.
unexpected token error
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
params[:batch]&.keys&.all? do |klass|
- Create a ticketCreate a ticket
- Exclude checks
unexpected token kEND
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
end
- Create a ticketCreate a ticket
- Exclude checks