Unprotected mass assignment Open
dd = AssignmentDueDate.new(due_date)
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Unprotected mass assignment Open
@has_errors = true unless dd.update_attributes(due_date)
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Unprotected mass assignment Open
@assignment = Assignment.new(args[:assignment])
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Unprotected mass assignment Open
aq = AssignmentQuestionnaire.new(assignment_questionnaire)
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Unprotected mass assignment Open
unless aq.update_attributes(assignment_questionnaire)
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Assignment Branch Condition size for update_tag_prompt_deployments is too high. [40.99/15] Open
def update_tag_prompt_deployments(attributes)
unless attributes.nil?
attributes.each do |key, value|
TagPromptDeployment.where(id: value['deleted']).delete_all if value.key?('deleted')
# assume if tag_prompt is there, then id, question_type, answer_length_threshold must also be there since the inputs are coupled
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for update_due_dates is too high. [33.32/15] Open
def update_due_dates(attributes, user)
return false unless attributes
attributes.each do |due_date|
next if due_date[:due_at].blank?
# parse the dd and convert it to utc before saving it to db
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for copy is too high. [32.08/15] Open
def self.copy(assignment_id, user)
Assignment.record_timestamps = false
old_assign = Assignment.find(assignment_id)
new_assign = old_assign.dup
user.set_instructor(new_assign)
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Class AssignmentForm
has 29 methods (exceeds 20 allowed). Consider refactoring. Open
class AssignmentForm
attr_accessor :assignment, :assignment_questionnaires, :due_dates, :tag_prompt_deployments
attr_accessor :errors
DEFAULT_MAX_TEAM_SIZE = 1
Method update_tag_prompt_deployments
has a Cognitive Complexity of 24 (exceeds 5 allowed). Consider refactoring. Open
def update_tag_prompt_deployments(attributes)
unless attributes.nil?
attributes.each do |key, value|
TagPromptDeployment.where(id: value['deleted']).delete_all if value.key?('deleted')
# assume if tag_prompt is there, then id, question_type, answer_length_threshold must also be there since the inputs are coupled
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
File assignment_form.rb
has 288 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'active_support/time_with_zone'
class AssignmentForm
attr_accessor :assignment, :assignment_questionnaires, :due_dates, :tag_prompt_deployments
attr_accessor :errors
Assignment Branch Condition size for update is too high. [25.32/15] Open
def update(attributes, user)
@has_errors = false
has_late_policy = false
if attributes[:assignment][:late_policy_id].to_i > 0
has_late_policy = true
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method update_assignment_questionnaires
has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring. Open
def update_assignment_questionnaires(attributes)
return false unless attributes
validate_assignment_questionnaires_weights(attributes)
@errors = @assignment.errors
unless @has_errors
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method update_due_dates
has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring. Open
def update_due_dates(attributes, user)
return false unless attributes
attributes.each do |due_date|
next if due_date[:due_at].blank?
# parse the dd and convert it to utc before saving it to db
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Assignment Branch Condition size for update_assignment_questionnaires is too high. [21.47/15] Open
def update_assignment_questionnaires(attributes)
return false unless attributes
validate_assignment_questionnaires_weights(attributes)
@errors = @assignment.errors
unless @has_errors
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Perceived complexity for update_tag_prompt_deployments is too high. [10/7] Open
def update_tag_prompt_deployments(attributes)
unless attributes.nil?
attributes.each do |key, value|
TagPromptDeployment.where(id: value['deleted']).delete_all if value.key?('deleted')
# assume if tag_prompt is there, then id, question_type, answer_length_threshold must also be there since the inputs are coupled
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Cyclomatic complexity for update_tag_prompt_deployments is too high. [9/6] Open
def update_tag_prompt_deployments(attributes)
unless attributes.nil?
attributes.each do |key, value|
TagPromptDeployment.where(id: value['deleted']).delete_all if value.key?('deleted')
# assume if tag_prompt is there, then id, question_type, answer_length_threshold must also be there since the inputs are coupled
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Cyclomatic complexity for update is too high. [8/6] Open
def update(attributes, user)
@has_errors = false
has_late_policy = false
if attributes[:assignment][:late_policy_id].to_i > 0
has_late_policy = true
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Perceived complexity for update_due_dates is too high. [9/7] Open
def update_due_dates(attributes, user)
return false unless attributes
attributes.each do |due_date|
next if due_date[:due_at].blank?
# parse the dd and convert it to utc before saving it to db
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Perceived complexity for update is too high. [9/7] Open
def update(attributes, user)
@has_errors = false
has_late_policy = false
if attributes[:assignment][:late_policy_id].to_i > 0
has_late_policy = true
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Cyclomatic complexity for update_due_dates is too high. [8/6] Open
def update_due_dates(attributes, user)
return false unless attributes
attributes.each do |due_date|
next if due_date[:due_at].blank?
# parse the dd and convert it to utc before saving it to db
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Perceived complexity for update_assignment_questionnaires is too high. [8/7] Open
def update_assignment_questionnaires(attributes)
return false unless attributes
validate_assignment_questionnaires_weights(attributes)
@errors = @assignment.errors
unless @has_errors
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Cyclomatic complexity for update_assignment_questionnaires is too high. [7/6] Open
def update_assignment_questionnaires(attributes)
return false unless attributes
validate_assignment_questionnaires_weights(attributes)
@errors = @assignment.errors
unless @has_errors
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Assignment Branch Condition size for initialize is too high. [16.82/15] Open
def initialize(args = {})
@assignment = Assignment.new(args[:assignment])
if args[:assignment].nil?
@assignment.course = Course.find(args[:parent_id]) if args[:parent_id]
@assignment.instructor = @assignment.course.instructor if @assignment.course
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for add_to_delayed_queue is too high. [16.64/15] Open
def add_to_delayed_queue
duedates = AssignmentDueDate.where(parent_id: @assignment.id)
duedates.each do |due_date|
deadline_type = DeadlineType.find(due_date.deadline_type_id).name
diff_btw_time_left_and_threshold, min_left = get_time_diff_btw_due_date_and_now(due_date)
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method add_to_delayed_queue
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
def add_to_delayed_queue
duedates = AssignmentDueDate.where(parent_id: @assignment.id)
duedates.each do |due_date|
deadline_type = DeadlineType.find(due_date.deadline_type_id).name
diff_btw_time_left_and_threshold, min_left = get_time_diff_btw_due_date_and_now(due_date)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method update
has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
def update(attributes, user)
@has_errors = false
has_late_policy = false
if attributes[:assignment][:late_policy_id].to_i > 0
has_late_policy = true
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method update_assigned_badges
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def update_assigned_badges(badge, assignment)
if assignment and badge
AssignmentBadge.where(assignment_id: assignment[:id]).map(&:id).each do |assigned_badge_id|
AssignmentBadge.delete(assigned_badge_id) unless badge[:id].include?(assigned_badge_id)
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid more than 3 levels of block nesting. Open
if tag_dep
tag_dep.update(assignment_id: @assignment.id,
questionnaire_id: key,
tag_prompt_id: value['tag_prompt'][i],
question_type: value['question_type'][i],
- Read upRead up
- Exclude checks
This cop checks for excessive nesting of conditional and looping constructs.
You can configure if blocks are considered using the CountBlocks
option. When set to false
(the default) blocks are not counted
towards the nesting level. Set to true
to count blocks as well.
The maximum level of nesting allowed is configurable.
Avoid using update_attribute
because it skips validations. Open
due_date.update_attribute(:delayed_job_id, delayed_job_id)
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Avoid using update_attribute
because it skips validations. Open
new_assign.update_attribute('updated_at', Time.now)
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Avoid using update_attribute
because it skips validations. Open
new_assign.update_attribute('name', 'Copy of ' + new_assign.name)
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Avoid using update_attribute
because it skips validations. Open
new_assign.update_attribute('directory_path', new_assign.directory_path + '_copy') if new_assign.directory_path.present?
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Avoid using update_attribute
because it skips validations. Open
new_assign.update_attribute('created_at', Time.now)
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Use a guard clause instead of wrapping the code inside a conditional expression. Open
unless @has_errors
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use snake_case for variable names. Open
assignmentId = job.args.first
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Do not use Time.parse
without zone. Use one of Time.zone.parse
, Time.current
, Time.parse.in_time_zone
, Time.parse.utc
, Time.parse.getlocal
, Time.parse.iso8601
, Time.parse.jisx0301
, Time.parse.rfc3339
, Time.parse.to_i
, Time.parse.to_f
instead. Open
current_local_time = Time.parse(due_date[:due_at][0..15])
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Line is too long. [222/160] Open
SignUpTopic.create(topic_name: topic.topic_name, assignment_id: new_assign_id, max_choosers: topic.max_choosers, category: topic.category, topic_identifier: topic.topic_identifier, micropayment: topic.micropayment)
- Exclude checks
Useless assignment to variable - reviews
. Open
reviews = @assignment.find_due_dates('review')
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Useless assignment to variable - submissions
. Open
submissions = @assignment.find_due_dates('submission')
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Line is too long. [209/160] Open
MailWorker.perform_in(find_min_from_now(Time.parse(due_date.due_at.to_s(:db)) + simicheck_delay.to_i.hours).minutes.from_now * 60, @assignment.id, "compare_files_with_simicheck", due_date.due_at.to_s(:db))
- Exclude checks
Use snake_case for variable names. Open
assignmentId = job.args.first
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Use a guard clause instead of wrapping the code inside a conditional expression. Open
unless attributes.nil?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use a guard clause instead of wrapping the code inside a conditional expression. Open
if assignment and badge
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Prefer Date or Time over DateTime. Open
curr_time = DateTime.now.in_time_zone(zone = 'UTC').to_s(:db)
- Read upRead up
- Exclude checks
This cop checks for uses of DateTime
that should be replaced by
Date
or Time
.
Example:
# bad - uses `DateTime` for current time
DateTime.now
# good - uses `Time` for current time
Time.now
# bad - uses `DateTime` for modern date
DateTime.iso8601('2016-06-29')
# good - uses `Date` for modern date
Date.iso8601('2016-06-29')
# good - uses `DateTime` with start argument for historical date
DateTime.iso8601('1751-04-23', Date::ENGLAND)
Use a guard clause instead of wrapping the code inside a conditional expression. Open
if total_weight != 0 and total_weight != 100
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use a guard clause instead of wrapping the code inside a conditional expression. Open
if @assignment.require_quiz.nil?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use a guard clause instead of wrapping the code inside a conditional expression. Open
if simicheck_delay.to_i >= 0
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Do not use Time.parse
without zone. Use one of Time.zone.parse
, Time.current
, Time.parse.in_time_zone
, Time.parse.utc
, Time.parse.getlocal
, Time.parse.iso8601
, Time.parse.jisx0301
, Time.parse.rfc3339
, Time.parse.to_i
, Time.parse.to_f
instead. Open
MailWorker.perform_in(find_min_from_now(Time.parse(due_date.due_at.to_s(:db)) + simicheck_delay.to_i.hours).minutes.from_now * 60, @assignment.id, "compare_files_with_simicheck", due_date.due_at.to_s(:db))
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Prefer each
over for
. Open
for i in 0..value['tag_prompt'].count - 1
- Read upRead up
- Exclude checks
This cop looks for uses of the for keyword, or each method. The preferred alternative is set in the EnforcedStyle configuration parameter. An each call with a block on a single line is always allowed, however.
Useless assignment to variable - zone
. Open
curr_time = DateTime.now.in_time_zone(zone = 'UTC').to_s(:db)
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Do not use Time.parse
without zone. Use one of Time.zone.parse
, Time.current
, Time.parse.in_time_zone
, Time.parse.utc
, Time.parse.getlocal
, Time.parse.iso8601
, Time.parse.jisx0301
, Time.parse.rfc3339
, Time.parse.to_i
, Time.parse.to_f
instead. Open
due_at = Time.parse(due_at)
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Do not use Time.now
without zone. Use one of Time.zone.now
, Time.current
, Time.now.in_time_zone
, Time.now.utc
, Time.now.getlocal
, Time.now.iso8601
, Time.now.jisx0301
, Time.now.rfc3339
, Time.now.to_i
, Time.now.to_f
instead. Open
new_assign.update_attribute('created_at', Time.now)
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Do not use Time.local
without zone. Use one of Time.zone.local
, Time.current
, Time.local.in_time_zone
, Time.local.utc
, Time.local.getlocal
, Time.local.iso8601
, Time.local.jisx0301
, Time.local.rfc3339
, Time.local.to_i
, Time.local.to_f
instead. Open
utc_time = tz.local_to_utc(Time.local(current_local_time.year,
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Do not use Time.parse
without zone. Use one of Time.zone.parse
, Time.current
, Time.parse.in_time_zone
, Time.parse.utc
, Time.parse.getlocal
, Time.parse.iso8601
, Time.parse.jisx0301
, Time.parse.rfc3339
, Time.parse.to_i
, Time.parse.to_f
instead. Open
Time.parse(due_at)
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Do not use Time.parse
without zone. Use one of Time.zone.parse
, Time.current
, Time.parse.in_time_zone
, Time.parse.utc
, Time.parse.getlocal
, Time.parse.iso8601
, Time.parse.jisx0301
, Time.parse.rfc3339
, Time.parse.to_i
, Time.parse.to_f
instead. Open
curr_time = Time.parse(curr_time)
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Do not use Time.now
without zone. Use one of Time.zone.now
, Time.current
, Time.now.in_time_zone
, Time.now.utc
, Time.now.getlocal
, Time.now.iso8601
, Time.now.jisx0301
, Time.now.rfc3339
, Time.now.to_i
, Time.now.to_f
instead. Open
new_assign.update_attribute('updated_at', Time.now)
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone