comm-network/mastodon

View on GitHub

Showing 1,049 of 1,049 total issues

Class has too many lines. [367/300]
Open

  class AccountsCLI < Thor
    include CLIHelper

    def self.exit_on_failure?
      true
Severity: Minor
Found in lib/mastodon/accounts_cli.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [351/300]
Open

class Status < ApplicationRecord
  before_destroy :unlink_from_conversations

  include Discard::Model
  include Paginable
Severity: Minor
Found in app/models/status.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [350/300]
Open

class ActivityPub::Activity::Create < ActivityPub::Activity
  def perform
    return reject_payload! if unsupported_object_type? || invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity?

    RedisLock.acquire(lock_options) do |lock|

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [343/300]
Open

class Account < ApplicationRecord
  USERNAME_RE = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i
  MENTION_RE  = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[a-z0-9\.\-]+[a-z0-9]+)?)/i

  include AccountAssociations
Severity: Minor
Found in app/models/account.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Perceived complexity for process_update is too high. [25/20]
Open

  def process_update
    user.settings['notification_emails'] = merged_notification_emails if change?('notification_emails')
    user.settings['interactions']        = merged_interactions if change?('interactions')
    user.settings['default_privacy']     = default_privacy_preference if change?('setting_default_privacy')
    user.settings['default_sensitive']   = default_sensitive_preference if change?('setting_default_sensitive')
Severity: Minor
Found in app/lib/user_settings_decorator.rb by rubocop

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Assignment Branch Condition size for meta is too high. [103.2/100]
Open

  def meta
    store = {
      streaming_api_base_url: Rails.configuration.x.streaming_api_base_url,
      access_token: object.token,
      locale: I18n.locale,

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric and https://en.wikipedia.org/wiki/ABC_Software_Metric.

Assignment Branch Condition size for process_update is too high. [101.8/100]
Open

  def process_update
    user.settings['notification_emails'] = merged_notification_emails if change?('notification_emails')
    user.settings['interactions']        = merged_interactions if change?('interactions')
    user.settings['default_privacy']     = default_privacy_preference if change?('setting_default_privacy')
    user.settings['default_sensitive']   = default_sensitive_preference if change?('setting_default_sensitive')
Severity: Minor
Found in app/lib/user_settings_decorator.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric and https://en.wikipedia.org/wiki/ABC_Software_Metric.

Method has too many lines. [56/55]
Open

  def from_elasticsearch
    query = {
      function_score: {
        query: {
          multi_match: {
Severity: Minor
Found in app/services/tag_search_service.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Block has too many lines. [48/35]
Open

  included do
    devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'

    def pam_conflict(_attributes)
      # Block pam login tries on traditional account

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [47/35]
Open

  class_methods do
    def find_for_oauth(auth, signed_in_resource = nil)
      # EOLE-SSO Patch
      auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array
      identity = Identity.find_for_oauth(auth)
Severity: Minor
Found in app/models/concerns/omniauthable.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [45/35]
Open

  class_methods do
    def following_map(target_account_ids, account_id)
      Follow.where(target_account_id: target_account_ids, account_id: account_id).each_with_object({}) do |follow, mapping|
        mapping[follow.target_account_id] = {
          reblogs: follow.show_reblogs?,

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [43/35]
Open

  class_methods do
    def remotable_attachment(attachment_name, limit, suppress_errors: true)
      attribute_name  = "#{attachment_name}_remote_url".to_sym
      method_name     = "#{attribute_name}=".to_sym
      alt_method_name = "reset_#{attachment_name}!".to_sym
Severity: Minor
Found in app/models/concerns/remotable.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Potentially dangerous key allowed for mass assignment
Open

    params.permit(:type, :offset, :min_id, :max_id, :account_id)

Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.

Example:

User.new(params[:user])

Unfortunately, if there is a user field called admin which controls administrator access, now any user can make themselves an administrator.

attr_accessible and attr_protected can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible is used, or mass assignment is completely disabled.

There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like

Unprotected mass assignment near line 61: User.new(params[:user])

The other warning is raised whenever a model is found which does not use attr_accessible. This produces generic warnings like

Mass assignment is not restricted using attr_accessible

with a list of affected models.

In Rails 3.1 and newer, mass assignment can easily be disabled:

config.active_record.whitelist_attributes = true

Unfortunately, it can also easily be bypassed:

User.new(params[:user], :without_protection => true)

Brakeman will warn on uses of without_protection.

Possible unprotected redirect
Open

      redirect_to @remote_follow.subscribe_address_for(@account)

Unvalidated redirects and forwards are #10 on the OWASP Top Ten.

Redirects which rely on user-supplied values can be used to "spoof" websites or hide malicious links in otherwise harmless-looking URLs. They can also allow access to restricted areas of a site if the destination is not validated.

Brakeman will raise warnings whenever redirect_to appears to be used with a user-supplied value that may allow them to change the :host option.

For example,

redirect_to params.merge(:action => :home)

will create a warning like

Possible unprotected redirect near line 46: redirect_to(params)

This is because params could contain :host => 'evilsite.com' which would redirect away from your site and to a malicious site.

If the first argument to redirect_to is a hash, then adding :only_path => true will limit the redirect to the current host. Another option is to specify the host explicitly.

redirect_to params.merge(:only_path => true)

redirect_to params.merge(:host => 'myhost.com')

If the first argument is a string, then it is possible to parse the string and extract the path:

redirect_to URI.parse(some_url).path

If the URL does not contain a protocol (e.g., http://), then you will probably get unexpected results, as redirect_to will prepend the current host name and a protocol.

You specified required: true, in Rails > 5.0 the required option is deprecated and you want to use optional: false. In most configurations, this is the default and you can omit this option altogether
Open

  belongs_to :account, inverse_of: :featured_tags, required: true
Severity: Minor
Found in app/models/featured_tag.rb by rubocop

This cop looks for belongs_to associations where we control whether the association is required via the deprecated required option instead.

Since Rails 5, belongs_to associations are required by default and this can be controlled through the use of optional: true.

From the release notes:

belongs_to will now trigger a validation error by default if the
  association is not present. You can turn this off on a
  per-association basis with optional: true. Also deprecate required
  option in favor of optional for belongs_to. (Pull Request)

In the case that the developer is doing required: false, we definitely want to autocorrect to optional: true.

However, without knowing whether they've set overridden the default value of config.active_record.belongs_to_required_by_default, we can't say whether it's safe to remove required: true or whether we should replace it with optional: false (or, similarly, remove a superfluous optional: false). Therefore, in the cases we're using required: true, we'll simply invert it to optional: false and the user can remove depending on their defaults.

Example:

# bad
class Post < ApplicationRecord
  belongs_to :blog, required: false
end

# good
class Post < ApplicationRecord
  belongs_to :blog, optional: true
end

# bad
class Post < ApplicationRecord
  belongs_to :blog, required: true
end

# good
class Post < ApplicationRecord
  belongs_to :blog, optional: false
end

@see https://guides.rubyonrails.org/5_0_release_notes.html @see https://github.com/rails/rails/pull/18937

Specify an :inverse_of option.
Open

  belongs_to :in_reply_to_account, foreign_key: 'in_reply_to_account_id', class_name: 'Account', optional: true
Severity: Minor
Found in app/models/status.rb by rubocop

This cop looks for has(one|many) and belongsto associations where Active Record can't automatically determine the inverse association because of a scope or the options used. Using the blog with order scope example below, traversing the a Blog's association in both directions with blog.posts.first.blog would cause the blog to be loaded from the database twice.

:inverse_of must be manually specified for Active Record to use the associated object in memory, or set to false to opt-out. Note that setting nil does not stop Active Record from trying to determine the inverse automatically, and is not considered a valid value for this.

Example:

# good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

Example:

# bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: :blog)
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
# When you don't want to use the inverse association.
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: false)
end

Example:

# bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

Example:

# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

@see https://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see https://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

Method parameter must be at least 3 characters long.
Open

    def file_processors(f)
Severity: Minor
Found in app/models/media_attachment.rb by rubocop

This cop checks method parameter names for how descriptive they are. It is highly configurable.

The MinNameLength config option takes an integer. It represents the minimum amount of characters the name must be. Its default is 3. The AllowNamesEndingInNumbers config option takes a boolean. When set to false, this cop will register offenses for names ending with numbers. Its default is false. The AllowedNames config option takes an array of whitelisted names that will never register an offense. The ForbiddenNames config option takes an array of blacklisted names that will always register an offense.

Example:

# bad
def bar(varOne, varTwo)
  varOne + varTwo
end

# With `AllowNamesEndingInNumbers` set to false
def foo(num1, num2)
  num1 * num2
end

# With `MinArgNameLength` set to number greater than 1
def baz(a, b, c)
  do_stuff(a, b, c)
end

# good
def bar(thud, fred)
  thud + fred
end

def foo(speed, distance)
  speed * distance
end

def baz(age_a, height_b, gender_c)
  do_stuff(age_a, height_b, gender_c)
end

Align the elements of a hash literal if they span more than one line.
Open

    favourite:      'Favourite',
Severity: Minor
Found in app/models/notification.rb by rubocop

Check that the keys, separators, and values of a multi-line hash literal are aligned according to configuration. The configuration options are:

- key (left align keys, one space before hash rockets and values)
- separator (align hash rockets and colons, right align keys)
- table (left align keys, hash rockets, and values)

The treatment of hashes passed as the last argument to a method call can also be configured. The options are:

- always_inspect
- always_ignore
- ignore_implicit (without curly braces)

Alternatively you can specify multiple allowed styles. That's done by passing a list of styles to EnforcedStyles.

Example: EnforcedHashRocketStyle: key (default)

# bad
{
  :foo => bar,
   :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
  :ba => baz
}

Example: EnforcedHashRocketStyle: separator

# bad
{
  :foo => bar,
  :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
   :ba => baz
}

Example: EnforcedHashRocketStyle: table

# bad
{
  :foo => bar,
   :ba => baz
}

# good
{
  :foo => bar,
  :ba  => baz
}

Example: EnforcedColonStyle: key (default)

# bad
{
  foo: bar,
   ba: baz
}
{
  foo: bar,
  ba:  baz
}

# good
{
  foo: bar,
  ba: baz
}

Example: EnforcedColonStyle: separator

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
   ba: baz
}

Example: EnforcedColonStyle: table

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
  ba:  baz
}

Example: EnforcedLastArgumentHashStyle: always_inspect (default)

# Inspect both implicit and explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
             bar: 2)

# good
do_something(
  foo: 1,
  bar: 2
)

# good
do_something({foo: 1,
              bar: 2})

# good
do_something({
  foo: 1,
  bar: 2
})

Example: EnforcedLastArgumentHashStyle: always_ignore

# Ignore both implicit and explicit hashes.

# good
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Example: EnforcedLastArgumentHashStyle: ignore_implicit

# Ignore only implicit hashes.

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
  bar: 2)

Example: EnforcedLastArgumentHashStyle: ignore_explicit

# Ignore only explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Specify a :dependent option.
Open

  has_many :accounts, foreign_key: :domain, primary_key: :domain
Severity: Minor
Found in app/models/domain_block.rb by rubocop

This cop looks for has_many or has_one associations that don't specify a :dependent option. It doesn't register an offense if :through option was specified.

Example:

# bad
class User < ActiveRecord::Base
  has_many :comments
  has_one :avatar
end

# good
class User < ActiveRecord::Base
  has_many :comments, dependent: :restrict_with_exception
  has_one :avatar, dependent: :destroy
  has_many :patients, through: :appointments
end

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    if records_continue?

Checks for if and unless statements that would fit on one line if written as a modifier if/unless. The maximum line length is configured in the Metrics/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/Tab cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Severity
Category
Status
Source
Language