Showing 369 of 369 total issues
Method create
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def create
destination_url = stored_location_for(:user) || root_path
if user_signed_in?
auth = authentication(current_user.authentications)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Potentially unsafe model attribute in link_to href Open
<p><strong>URL: </strong><%= link_to @event.url, @event.url, :class => 'branco' if @event.url.present? %></p>
- Read upRead up
- Exclude checks
Even though Rails will escape the link provided to link_to
, values starting with javascript:
or data:
are unescaped and dangerous.
Brakeman will warn on if user values are used to provide the HREF value in link_to
or if they are interpolated at the beginning of a string.
The --url-safe-methods
option can be used to specify methods which make URLs safe.
See here for more details.
Method vote_box
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def vote_box(event, proposal, user)
if user&.has_vote_for?(proposal)
image_tag('checked.png', :alt => 'Thanks for voting!').html_safe
else
content = ''
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Missing magic comment # frozen_string_literal: true
. Open
class EventCloseController < ApplicationController
- Read upRead up
- Exclude checks
This cop is designed to help upgrade to after Ruby 3.0. It will add the
comment # frozen_string_literal: true
to the top of files to
enable frozen string literals. Frozen string literals may be default
after Ruby 3.0. The comment will be added below a shebang and encoding
comment. The frozen string literal comment is only valid in Ruby 2.3+.
Example: EnforcedStyle: always (default)
# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<<` are
# called on a string literal.
# bad
module Bar
# ...
end
# good
# frozen_string_literal: true
module Bar
# ...
end
Example: EnforcedStyle: never
# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true
module Baz
# ...
end
# good
module Baz
# ...
end
Use 2 (not 3) spaces for indenting an expression spanning multiple lines. Open
(params['action'] == 'update' || params['action'] == 'edit')
- Read upRead up
- Exclude checks
This cop checks the indentation of the right hand side operand in binary operations that span more than one line.
Example: EnforcedStyle: aligned (default)
# bad
if a +
b
something
end
# good
if a +
b
something
end
Example: EnforcedStyle: indented
# bad
if a +
b
something
end
# good
if a +
b
something
end
Missing top-level class documentation comment. Open
class HomeController < ApplicationController
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
if params[:close] == "true"
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use the new Ruby 1.9 hash syntax. Open
format.html { redirect_to(@event, :notice => 'Event was successfully created.') }
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Extra empty line detected at class body end. Open
end
- Read upRead up
- Exclude checks
This cop checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: Enforcedstyle: beginning_only
# good
class Foo
def bar
# ...
end
end
Example: Enforcedstyle: ending_only
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Use the new Ruby 1.9 hash syntax. Open
format.html { render :action => "edit" }
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Line is too long. [92/80] Open
format.html { redirect_to(@event, :notice => 'Proposal was successfully updated.') }
- Exclude checks
Line is too long. [85/80] Open
if (request.get? && request.format.html? && !request.xhr? && !devise_controller?)
- Exclude checks
Align the elements of a hash literal if they span more than one line. Open
fail_message: t('proposals.dislikes.fail'),
- Read upRead up
- Exclude checks
Check that the keys, separators, and values of a multi-line hash literal are aligned according to configuration. The configuration options are:
- key (left align keys, one space before hash rockets and values)
- separator (align hash rockets and colons, right align keys)
- table (left align keys, hash rockets, and values)
The treatment of hashes passed as the last argument to a method call can also be configured. The options are:
- always_inspect
- always_ignore
- ignore_implicit (without curly braces)
Alternatively you can specify multiple allowed styles. That's done by passing a list of styles to EnforcedStyles.
Example: EnforcedHashRocketStyle: key (default)
# bad
{
:foo => bar,
:ba => baz
}
{
:foo => bar,
:ba => baz
}
# good
{
:foo => bar,
:ba => baz
}
Example: EnforcedHashRocketStyle: separator
# bad
{
:foo => bar,
:ba => baz
}
{
:foo => bar,
:ba => baz
}
# good
{
:foo => bar,
:ba => baz
}
Example: EnforcedHashRocketStyle: table
# bad
{
:foo => bar,
:ba => baz
}
# good
{
:foo => bar,
:ba => baz
}
Example: EnforcedColonStyle: key (default)
# bad
{
foo: bar,
ba: baz
}
{
foo: bar,
ba: baz
}
# good
{
foo: bar,
ba: baz
}
Example: EnforcedColonStyle: separator
# bad
{
foo: bar,
ba: baz
}
# good
{
foo: bar,
ba: baz
}
Example: EnforcedColonStyle: table
# bad
{
foo: bar,
ba: baz
}
# good
{
foo: bar,
ba: baz
}
Example: EnforcedLastArgumentHashStyle: always_inspect (default)
# Inspect both implicit and explicit hashes.
# bad
do_something(foo: 1,
bar: 2)
# bad
do_something({foo: 1,
bar: 2})
# good
do_something(foo: 1,
bar: 2)
# good
do_something(
foo: 1,
bar: 2
)
# good
do_something({foo: 1,
bar: 2})
# good
do_something({
foo: 1,
bar: 2
})
Example: EnforcedLastArgumentHashStyle: always_ignore
# Ignore both implicit and explicit hashes.
# good
do_something(foo: 1,
bar: 2)
# good
do_something({foo: 1,
bar: 2})
Example: EnforcedLastArgumentHashStyle: ignore_implicit
# Ignore only implicit hashes.
# bad
do_something({foo: 1,
bar: 2})
# good
do_something(foo: 1,
bar: 2)
Example: EnforcedLastArgumentHashStyle: ignore_explicit
# Ignore only explicit hashes.
# bad
do_something(foo: 1,
bar: 2)
# good
do_something({foo: 1,
bar: 2})
Missing magic comment # frozen_string_literal: true
. Open
class ProposalsController < ApplicationController
- Read upRead up
- Exclude checks
This cop is designed to help upgrade to after Ruby 3.0. It will add the
comment # frozen_string_literal: true
to the top of files to
enable frozen string literals. Frozen string literals may be default
after Ruby 3.0. The comment will be added below a shebang and encoding
comment. The frozen string literal comment is only valid in Ruby 2.3+.
Example: EnforcedStyle: always (default)
# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<<` are
# called on a string literal.
# bad
module Bar
# ...
end
# good
# frozen_string_literal: true
module Bar
# ...
end
Example: EnforcedStyle: never
# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true
module Baz
# ...
end
# good
module Baz
# ...
end
Use a guard clause (unless (request.get? && request.format.html? && !request.xhr? && !devise_controller?); return; end
) instead of wrapping the code inside a conditional expression. Open
if (request.get? && request.format.html? && !request.xhr? && !devise_controller?)
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
format.html { render :action => "edit" }
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use the new Ruby 1.9 hash syntax. Open
format.xml { render :xml => @proposal }
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Open
if verify_recaptcha(:model => @event, :message => 'Please type the captcha correctly') && @event.save
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
flash.now[:alert] = "There was an error with the recaptcha code below. Please re-enter the code."
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Missing magic comment # frozen_string_literal: true
. Open
class HomeController < ApplicationController
- Read upRead up
- Exclude checks
This cop is designed to help upgrade to after Ruby 3.0. It will add the
comment # frozen_string_literal: true
to the top of files to
enable frozen string literals. Frozen string literals may be default
after Ruby 3.0. The comment will be added below a shebang and encoding
comment. The frozen string literal comment is only valid in Ruby 2.3+.
Example: EnforcedStyle: always (default)
# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<<` are
# called on a string literal.
# bad
module Bar
# ...
end
# good
# frozen_string_literal: true
module Bar
# ...
end
Example: EnforcedStyle: never
# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true
module Baz
# ...
end
# good
module Baz
# ...
end