Showing 132 of 132 total issues
Unused method argument - options
. If it's necessary, use _
or _options
as an argument name to indicate that it won't be used. You can also write as as_indexed_json(*)
if you want the method to accept any arguments but don't care about them. Open
def as_indexed_json(options = {})
- Read upRead up
- Exclude checks
This cop checks for unused method arguments.
Example:
# bad
def some_method(used, unused, _unused_but_allowed)
puts used
end
Example:
# good
def some_method(used, _unused, _unused_but_allowed)
puts used
end
File Content Disclosure in Action View Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5418
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3
Unreachable code. Open
var dialog = document.getElementById(event.target.closest('dialog').id);
- Read upRead up
- Exclude checks
disallow unreachable code after return
, throw
, continue
, and break
statements (no-unreachable)
Because the return
, throw
, break
, and continue
statements unconditionally exit a block of code, any statements after them cannot be executed. Unreachable statements are usually a mistake.
function fn() {
x = 1;
return x;
x = 3; // this will never execute
}
Rule Details
This rule disallows unreachable code after return
, throw
, continue
, and break
statements.
Examples of incorrect code for this rule:
/*eslint no-unreachable: "error"*/
function foo() {
return true;
console.log("done");
}
function bar() {
throw new Error("Oops!");
console.log("done");
}
while(value) {
break;
console.log("done");
}
throw new Error("Oops!");
console.log("done");
function baz() {
if (Math.random() < 0.5) {
return;
} else {
throw new Error();
}
console.log("done");
}
for (;;) {}
console.log("done");
Examples of correct code for this rule, because of JavaScript function and variable hoisting:
/*eslint no-unreachable: "error"*/
function foo() {
return bar();
function bar() {
return 1;
}
}
function bar() {
return x;
var x;
}
switch (foo) {
case 1:
break;
var x;
}
Source: http://eslint.org/docs/rules/
Unused block argument - k
. If it's necessary, use _
or _k
as an argument name to indicate that it won't be used. Open
field_type_instance.errors.each do |k, v|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Unused block argument - error
. You can omit the argument if you don't care about it. Open
m.failure do |error|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Unused block argument - options
. If it's necessary, use _
or _options
as an argument name to indicate that it won't be used. Open
validations.all? do |type, options|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Unused block argument - content_item
. You can omit the argument if you don't care about it. Open
m.success do |content_item|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Unused block argument - error
. You can omit the argument if you don't care about it. Open
m.failure do |error|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Broken Access Control vulnerability in Active Job Open
activejob (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
unexpected token $end
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
- Exclude checks
unexpected token error
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
plugin_new_transaction_klass(field_item)&.new&.call(field_item)&.value!
- Exclude checks
Unused block argument - options
. If it's necessary, use _
or _options
as an argument name to indicate that it won't be used. Open
validations.all? do |type, options|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Unused block argument - content_item
. You can omit the argument if you don't care about it. Open
m.success do |content_item|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Denial of Service Vulnerability in Action View Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Move the invocation into the parens that contain the function. Open
(function () {
- Read upRead up
- Exclude checks
Require IIFEs to be Wrapped (wrap-iife)
You can immediately invoke function expressions, but not function declarations. A common technique to create an immediately-invoked function expression (IIFE) is to wrap a function declaration in parentheses. The opening parentheses causes the contained function to be parsed as an expression, rather than a declaration.
// function expression could be unwrapped
var x = function () { return { y: 1 };}();
// function declaration must be wrapped
function () { /* side effects */ }(); // SyntaxError
Rule Details
This rule requires all immediately-invoked function expressions to be wrapped in parentheses.
Options
This rule has two options, a string option and an object option.
String option:
-
"outside"
enforces always wrapping the call expression. The default is"outside"
. -
"inside"
enforces always wrapping the function expression. -
"any"
enforces always wrapping, but allows either style.
Object option:
-
"functionPrototypeMethods": true
additionally enforces wrapping function expressions invoked using.call
and.apply
. The default isfalse
.
outside
Examples of incorrect code for the default "outside"
option:
/*eslint wrap-iife: ["error", "outside"]*/
var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };})(); // wrapped function expression
Examples of correct code for the default "outside"
option:
/*eslint wrap-iife: ["error", "outside"]*/
var x = (function () { return { y: 1 };}()); // wrapped call expression
inside
Examples of incorrect code for the "inside"
option:
/*eslint wrap-iife: ["error", "inside"]*/
var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };}()); // wrapped call expression
Examples of correct code for the "inside"
option:
/*eslint wrap-iife: ["error", "inside"]*/
var x = (function () { return { y: 1 };})(); // wrapped function expression
any
Examples of incorrect code for the "any"
option:
/*eslint wrap-iife: ["error", "any"]*/
var x = function () { return { y: 1 };}(); // unwrapped
Examples of correct code for the "any"
option:
/*eslint wrap-iife: ["error", "any"]*/
var x = (function () { return { y: 1 };}()); // wrapped call expression
var x = (function () { return { y: 1 };})(); // wrapped function expression
functionPrototypeMethods
Examples of incorrect code for this rule with the "inside", { "functionPrototypeMethods": true }
options:
/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */
var x = function(){ foo(); }()
var x = (function(){ foo(); }())
var x = function(){ foo(); }.call(bar)
var x = (function(){ foo(); }.call(bar))
Examples of correct code for this rule with the "inside", { "functionPrototypeMethods": true }
options:
/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */
var x = (function(){ foo(); })()
var x = (function(){ foo(); }).call(bar)
Source: http://eslint.org/docs/rules/
unexpected token error
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
plugin_update_transaction_klass(field_item)&.new&.call(field_item)&.value!
- Exclude checks
unexpected token error
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
asset_field_item(content_item).data['asset']&.[]('versions')&.[]('mini')&.[]('url')
- Exclude checks
TODO found Open
# TODO: This needs to be generic functionality
- Exclude checks
TODO found Open
# TODO: The thumb version needs to be configurable, and this needs to be in a plugin
- Exclude checks
TODO found Open
# TODO: This needs to be in a plugin
- Exclude checks