Unsafe reflection method constantize called with parameter value Open
@journey_plan_class = params[:journey_plan_class] ? params[:journey_plan_class].constantize : DatashiftJourney.journey_plan_class
- Read upRead up
- Exclude checks
Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.
The obvious form of this is the use of eval
with user input.
However, Brakeman also reports on dangerous uses of send
, constantize
, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.
TODO found Open
# TODO: how to auto insert has_secure_token into the underlying journey plan model
- Exclude checks
Use %i
or %I
for an array of symbols. Open
prepend_before_action :set_journey_plan, only: [:new, :destroy, :back_a_state]
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Use %i
or %I
for an array of symbols. Open
prepend_before_action :set_reform_object, only: [:edit, :update]
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Use %i
or %I
for an array of symbols. Open
before_action :validate_state, only: [:edit, :update]
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
logger.info("JOURNEY moved to next state - Current Plan :")
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Do not place comments on the same line as the end
keyword. Open
end # UPDATE
- Read upRead up
- Exclude checks
This cop checks for comments put on the same line as some keywords.
These keywords are: begin
, class
, def
, end
, module
.
Note that some comments (such as :nodoc:
and rubocop:disable
) are
allowed.
Example:
# bad
if condition
statement
end # end if
# bad
class X # comment
statement
end
# bad
def x; end # comment
# good
if condition
statement
end
# good
class X # :nodoc:
y
end
Extra empty line detected at method body beginning. Open
# result = form.validate(params)
- Read upRead up
- Exclude checks
This cops checks if empty lines exist around the bodies of methods.
Example:
# good
def foo
# ...
end
# bad
def bar
# ...
end