Mass assignment is not restricted using attr_accessible Open
class MetareviewResponseMap < ResponseMap
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Assignment Branch Condition size for import is too high. [58.73/15] Open
def self.import(row_hash, session, id)
raise ArgumentError.new("Not enough items. The string should contain: Author, Reviewer, ReviewOfReviewer1 <, ..., ReviewerOfReviewerN>") if row_hash.length < 3
row_hash[:metareviewers].each do |row|
# ACS Make All contributors as teams
contributor = AssignmentTeam.where(name: row_hash[:reviewee].to_s, parent_id: id).first
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for export is too high. [19.1/15] Open
def self.export(csv, parent_id, _options)
mappings = Assignment.find(parent_id).metareview_mappings
mappings = mappings.sort_by {|a| [a.review_mapping.reviewee.name, a.reviewee.name, a.reviewer.name] }
mappings.each do |map|
csv << [
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method get_all_versions
has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring. Open
def get_all_versions
if self.review_mapping.response
@sorted_array = []
@prev = Response.all
@prev.each do |element|
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Assignment Branch Condition size for get_all_versions is too high. [17.03/15] Open
def get_all_versions
if self.review_mapping.response
@sorted_array = []
@prev = Response.all
@prev.each do |element|
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Cyclomatic complexity for import is too high. [7/6] Open
def self.import(row_hash, session, id)
raise ArgumentError.new("Not enough items. The string should contain: Author, Reviewer, ReviewOfReviewer1 <, ..., ReviewerOfReviewerN>") if row_hash.length < 3
row_hash[:metareviewers].each do |row|
# ACS Make All contributors as teams
contributor = AssignmentTeam.where(name: row_hash[:reviewee].to_s, parent_id: id).first
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Method import
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
def self.import(row_hash, session, id)
raise ArgumentError.new("Not enough items. The string should contain: Author, Reviewer, ReviewOfReviewer1 <, ..., ReviewerOfReviewerN>") if row_hash.length < 3
row_hash[:metareviewers].each do |row|
# ACS Make All contributors as teams
contributor = AssignmentTeam.where(name: row_hash[:reviewee].to_s, parent_id: id).first
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Use find_by
instead of where.first
. Open
reviewee = AssignmentParticipant.where(user_id: ruser.id, parent_id: id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Specify an :inverse_of
option. Open
belongs_to :reviewee, class_name: 'Participant', foreign_key: 'reviewee_id'
- Read upRead up
- Exclude checks
This cop looks for has(one|many) and belongsto associations where
ActiveRecord can't automatically determine the inverse association
because of a scope or the options used. This can result in unnecessary
queries in some circumstances. :inverse_of
must be manually specified
for associations to work in both ways, or set to false
to opt-out.
Example:
# good
class Blog < ApplicationRecord
has_many :posts
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Blog < ApplicationRecord
has_many :posts, -> { order(published_at: :desc) }
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
has_many(:posts,
-> { order(published_at: :desc) },
inverse_of: :blog
)
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
with_options inverse_of: :blog do
has_many :posts, -> { order(published_at: :desc) }
end
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable
end
# good
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
Example:
# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician
belongs_to :patient
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
# good
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician, inverse_of: :appointments
belongs_to :patient, inverse_of: :appointments
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
@see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses
Use find_by
instead of dynamic find_by_name
. Open
muser = User.find_by_name(row.to_s.strip)
- Read upRead up
- Exclude checks
This cop checks dynamic find_by_*
methods.
Use find_by
instead of dynamic method.
See. https://github.com/bbatsov/rails-style-guide#find_by
Example:
# bad
User.find_by_name(name)
# bad
User.find_by_name_and_email(name)
# bad
User.find_by_email!(name)
# good
User.find_by(name: name)
# good
User.find_by(name: name, email: email)
# good
User.find_by!(email: email)
Specify an :inverse_of
option. Open
belongs_to :review_mapping, class_name: 'ResponseMap', foreign_key: 'reviewed_object_id'
- Read upRead up
- Exclude checks
This cop looks for has(one|many) and belongsto associations where
ActiveRecord can't automatically determine the inverse association
because of a scope or the options used. This can result in unnecessary
queries in some circumstances. :inverse_of
must be manually specified
for associations to work in both ways, or set to false
to opt-out.
Example:
# good
class Blog < ApplicationRecord
has_many :posts
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Blog < ApplicationRecord
has_many :posts, -> { order(published_at: :desc) }
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
has_many(:posts,
-> { order(published_at: :desc) },
inverse_of: :blog
)
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
with_options inverse_of: :blog do
has_many :posts, -> { order(published_at: :desc) }
end
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable
end
# good
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
Example:
# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician
belongs_to :patient
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
# good
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician, inverse_of: :appointments
belongs_to :patient, inverse_of: :appointments
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
@see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses
Use find_by
instead of where.first
. Open
contributor = AssignmentTeam.where(name: row_hash[:reviewee].to_s, parent_id: id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of dynamic find_by_name
. Open
ruser = User.find_by_name(row_hash[:reviewer].to_s.strip)
- Read upRead up
- Exclude checks
This cop checks dynamic find_by_*
methods.
Use find_by
instead of dynamic method.
See. https://github.com/bbatsov/rails-style-guide#find_by
Example:
# bad
User.find_by_name(name)
# bad
User.find_by_name_and_email(name)
# bad
User.find_by_email!(name)
# good
User.find_by(name: name)
# good
User.find_by(name: name, email: email)
# good
User.find_by!(email: email)
Use find_by
instead of where.first
. Open
reviewmapping = ReviewResponseMap.where(reviewee_id: contributor.id, reviewer_id: reviewee.id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of where.first
. Open
reviewer = AssignmentParticipant.where(user_id: muser.id, parent_id: id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Unnecessary spacing detected. Open
reviewer = AssignmentParticipant.where(user_id: muser.id, parent_id: id).first
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Redundant use of Object#to_s
in interpolation. Open
raise ImportError, "Metareviewer, #{row.to_s}, for contributor, #{contributor.name}, and reviewee, #{row_hash[:reviewer].to_s }, was not found." if reviewer.nil?
- Read upRead up
- Exclude checks
This cop checks for string conversion in string interpolation, which is redundant.
Example:
# bad
"result is #{something.to_s}"
Example:
# good
"result is #{something}"
Unnecessary spacing detected. Open
contributor = AssignmentTeam.where(name: row_hash[:reviewee].to_s, parent_id: id).first
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Space inside string interpolation detected. Open
raise ImportError, "Metareviewer, #{row.to_s}, for contributor, #{contributor.name}, and reviewee, #{row_hash[:reviewer].to_s }, was not found." if reviewer.nil?
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Do not prefix reader method names with get_
. Open
def get_all_versions
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Ternary operators must not be nested. Prefer if
or else
constructs instead. Open
@sorted = @sorted_array.sort {|m1, m2| m1.version_num and m2.version_num ? m1.version_num <=> m2.version_num : (m1.version_num ? -1 : 1) }
- Exclude checks
Line is too long. [168/160] Open
raise ImportError, "Metareviewer, #{row.to_s}, for contributor, #{contributor.name}, and reviewee, #{row_hash[:reviewer].to_s }, was not found." if reviewer.nil?
- Exclude checks
Unnecessary spacing detected. Open
reviewee = AssignmentParticipant.where(user_id: ruser.id, parent_id: id).first
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Redundant use of Object#to_s
in interpolation. Open
raise ImportError, "Metareviewer, #{row.to_s}, for contributor, #{contributor.name}, and reviewee, #{row_hash[:reviewer].to_s }, was not found." if reviewer.nil?
- Read upRead up
- Exclude checks
This cop checks for string conversion in string interpolation, which is redundant.
Example:
# bad
"result is #{something.to_s}"
Example:
# good
"result is #{something}"
Redundant use of Object#to_s
in interpolation. Open
raise ImportError, "Reviewee, #{row_hash[:reviewer].to_s}, for contributor, #{contributor.name}, was not found." if reviewee.nil?
- Read upRead up
- Exclude checks
This cop checks for string conversion in string interpolation, which is redundant.
Example:
# bad
"result is #{something.to_s}"
Example:
# good
"result is #{something}"
Redundant else
-clause. Open
else
- Read upRead up
- Exclude checks
Checks for empty else-clauses, possibly including comments and/or an
explicit nil
depending on the EnforcedStyle.
Example: EnforcedStyle: empty
# warn only on empty else
# bad
if condition
statement
else
end
# good
if condition
statement
else
nil
end
# good
if condition
statement
else
statement
end
# good
if condition
statement
end
Example: EnforcedStyle: nil
# warn on else with nil in it
# bad
if condition
statement
else
nil
end
# good
if condition
statement
else
end
# good
if condition
statement
else
statement
end
# good
if condition
statement
end
Example: EnforcedStyle: both (default)
# warn on empty else and else with nil in it
# bad
if condition
statement
else
nil
end
# bad
if condition
statement
else
end
# good
if condition
statement
else
statement
end
# good
if condition
statement
end
Line is too long. [163/160] Open
raise ArgumentError.new("Not enough items. The string should contain: Author, Reviewer, ReviewOfReviewer1 <, ..., ReviewerOfReviewerN>") if row_hash.length < 3
- Exclude checks
Do not prefix reader method names with get_
. Open
def get_title
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Unnecessary spacing detected. Open
reviewmapping = ReviewResponseMap.where(reviewee_id: contributor.id, reviewer_id: reviewee.id).first
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Redundant use of Object#to_s
in interpolation. Open
raise ImportError, "No review mapping was found for contributor, #{contributor.name}, and reviewee, #{row_hash[:reviewer].to_s}." if reviewmapping.nil?
- Read upRead up
- Exclude checks
This cop checks for string conversion in string interpolation, which is redundant.
Example:
# bad
"result is #{something.to_s}"
Example:
# good
"result is #{something}"
Unused method argument - session
. If it's necessary, use _
or _session
as an argument name to indicate that it won't be used. Open
def self.import(row_hash, session, id)
- Read upRead up
- Exclude checks
This cop checks for unused method arguments.
Example:
# bad
def some_method(used, unused, _unused_but_allowed)
puts used
end
Example:
# good
def some_method(used, _unused, _unused_but_allowed)
puts used
end