Mass assignment is not restricted using attr_accessible Open
class SignUpSheet < ActiveRecord::Base
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Assignment Branch Condition size for import is too high. [45.81/15] Open
def self.import(row_hash, session, _id = nil)
raise 'Not enough items: expect 2 or more columns: Topic Identifier, User Name 1, User Name 2, ...' if row_hash.length < 2
imported_topic = SignUpTopic.where(topic_identifier: row_hash[:topic_identifier], assignment_id: session[:assignment_id]).first
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for add_signup_topic is too high. [25.73/15] Open
def self.add_signup_topic(assignment_id)
@review_rounds = Assignment.find(assignment_id).num_review_rounds
@topics = SignUpTopic.where(assignment_id: assignment_id)
@duedates = {}
return @duedates if @topics.nil?
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for process_review_round is too high. [22.02/15] Open
def process_review_round(assignment_id, duedate, round, topic)
duedate_rev, duedate_subm = find_topic_duedates(round, topic)
if duedate_subm.nil? || duedate_rev.nil?
# the topic is new. so copy deadlines from assignment
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for confirmTopic is too high. [15.39/15] Open
def self.confirmTopic(user_id, team_id, topic_id, assignment_id)
# check whether user has signed up already
user_signup = SignUpSheet.otherConfirmedTopicforUser(assignment_id, team_id)
sign_up = SignedUpTeam.new
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method confirmTopic
has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
def self.confirmTopic(user_id, team_id, topic_id, assignment_id)
# check whether user has signed up already
user_signup = SignUpSheet.otherConfirmedTopicforUser(assignment_id, team_id)
sign_up = SignedUpTeam.new
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method sign_up_wailisted
has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def self.sign_up_wailisted(assignment_id, sign_up, team_id, topic_id, user_id)
Method cancel_all_wailists
has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def self.cancel_all_wailists(assignment_id, sign_up, team_id, topic_id, user_id)
Method import
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def self.import(row_hash, session, _id = nil)
raise 'Not enough items: expect 2 or more columns: Topic Identifier, User Name 1, User Name 2, ...' if row_hash.length < 2
imported_topic = SignUpTopic.where(topic_identifier: row_hash[:topic_identifier], assignment_id: session[:assignment_id]).first
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method add_signup_topic
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def self.add_signup_topic(assignment_id)
@review_rounds = Assignment.find(assignment_id).num_review_rounds
@topics = SignUpTopic.where(assignment_id: assignment_id)
@duedates = {}
return @duedates if @topics.nil?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Use find_by
instead of where.first
. Open
duedate_subm = TopicDueDate.where(parent_id: topic.id, deadline_type_id: deadline_type_subm).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of where.first
. Open
duedate_subm = TopicDueDate.where(parent_id: topic.id, deadline_type_id: deadline_type_subm, round: round).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of where.first
. Open
imported_topic = SignUpTopic.where(topic_identifier: row_hash[:topic_identifier], assignment_id: session[:assignment_id]).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of where.first
. Open
duedate_rev = TopicDueDate.where(parent_id: topic.id, deadline_type_id: deadline_type_rev, round: round).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Avoid using update_attribute
because it skips validations. Open
signUp.update_attribute('topic_id', topic_id)
- Read upRead up
- Exclude checks
This cop checks for the use of methods which skip validations which are listed in http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
Example:
# bad
Article.first.decrement!(:view_count)
DiscussionBoard.decrement_counter(:post_count, 5)
Article.first.increment!(:view_count)
DiscussionBoard.increment_counter(:post_count, 5)
person.toggle :active
product.touch
Billing.update_all("category = 'authorized', author = 'David'")
user.update_attribute(website: 'example.com')
user.update_columns(last_request_at: Time.current)
Post.update_counters 5, comment_count: -1, action_count: 1
# good
user.update_attributes(website: 'example.com')
FileUtils.touch('file')
Use find_by
instead of where.first
. Open
signUp = SignedUpTeam.where(topic_id: topic_id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Use find_by
instead of where.first
. Open
participant = AssignmentParticipant.where(parent_id: session[:assignment_id], user_id: user.id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')
Convert if
nested inside else
to elsif
. Open
confirmationStatus = SignUpSheet.confirmTopic(user_id, users_team[0].t_id, topic_id, assignment_id) if topic_id
- Read upRead up
- Exclude checks
If the else
branch of a conditional consists solely of an if
node,
it can be combined with the else
to become an elsif
.
This helps to keep the nesting level from getting too deep.
Example:
# bad
if condition_a
action_a
else
if condition_b
action_b
else
action_c
end
end
# good
if condition_a
action_a
elsif condition_b
action_b
else
action_c
end
Useless assignment to variable - result
. Open
result = true
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Use snake_case for variable names. Open
confirmationStatus = SignUpSheet.confirmTopic(user_id, team.id, topic_id, assignment_id) if topic_id
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Unnecessary spacing detected. Open
raise ImportError, "Topic, " + row_hash[:topic_identifier].to_s + ", was not found." if imported_topic.nil?
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Use snake_case for method names. Open
def self.create_SignUpTeam(assignment_id, sign_up, topic_id, user_id)
- Read upRead up
- Exclude checks
This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
def fooBar; end
# good
def foo_bar; end
Example: EnforcedStyle: camelCase
# bad
def foo_bar; end
# good
def fooBar; end
Use snake_case for method names. Open
def self.slotAvailable?(topic_id)
- Read upRead up
- Exclude checks
This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
def fooBar; end
# good
def foo_bar; end
Example: EnforcedStyle: camelCase
# bad
def foo_bar; end
# good
def fooBar; end
Useless assignment to variable - teamuser
. Did you mean team
? Open
teamuser = ApplicationController.helpers.create_team_users(user, team.id)
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Use snake_case for method names. Open
def self.confirmTopic(user_id, team_id, topic_id, assignment_id)
- Read upRead up
- Exclude checks
This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
def fooBar; end
# good
def foo_bar; end
Example: EnforcedStyle: camelCase
# bad
def foo_bar; end
# good
def fooBar; end
Use snake_case for variable names. Open
confirmationStatus = SignUpSheet.confirmTopic(user_id, users_team[0].t_id, topic_id, assignment_id) if topic_id
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Prefer Date or Time over DateTime. Open
duedate['submission_' + round.to_s] = DateTime.parse(duedate_subm['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for uses of DateTime
that should be replaced by
Date
or Time
.
Example:
# bad - uses `DateTime` for current time
DateTime.now
# good - uses `Time` for current time
Time.now
# bad - uses `DateTime` for modern date
DateTime.iso8601('2016-06-29')
# good - uses `Date` for modern date
Date.iso8601('2016-06-29')
# good - uses `DateTime` with start argument for historical date
DateTime.iso8601('1751-04-23', Date::ENGLAND)
Prefer each
over for
. Open
for user_signup_topic in user_signup
- Read upRead up
- Exclude checks
This cop looks for uses of the for keyword, or each method. The preferred alternative is set in the EnforcedStyle configuration parameter. An each call with a block on a single line is always allowed, however.
Prefer Date or Time over DateTime. Open
subm_string = duedate_subm.nil? ? nil : DateTime.parse(duedate_subm['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for uses of DateTime
that should be replaced by
Date
or Time
.
Example:
# bad - uses `DateTime` for current time
DateTime.now
# good - uses `Time` for current time
Time.now
# bad - uses `DateTime` for modern date
DateTime.iso8601('2016-06-29')
# good - uses `Date` for modern date
Date.iso8601('2016-06-29')
# good - uses `DateTime` with start argument for historical date
DateTime.iso8601('1751-04-23', Date::ENGLAND)
Prefer Date or Time over DateTime. Open
duedate['review_' + round.to_s] = DateTime.parse(duedate_rev['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for uses of DateTime
that should be replaced by
Date
or Time
.
Example:
# bad - uses `DateTime` for current time
DateTime.now
# good - uses `Time` for current time
Time.now
# bad - uses `DateTime` for modern date
DateTime.iso8601('2016-06-29')
# good - uses `Date` for modern date
Date.iso8601('2016-06-29')
# good - uses `DateTime` with start argument for historical date
DateTime.iso8601('1751-04-23', Date::ENGLAND)
Do not use DateTime.parse.strftime
without zone. Use one of Time.zone.parse.strftime
, DateTime.current
, DateTime.parse.strftime.in_time_zone
, DateTime.parse.strftime.utc
, DateTime.parse.strftime.getlocal
, DateTime.parse.strftime.iso8601
, DateTime.parse.strftime.jisx0301
, DateTime.parse.strftime.rfc3339
, DateTime.parse.strftime.to_i
, DateTime.parse.strftime.to_f
instead. Open
duedate['submission_' + round.to_s] = DateTime.parse(duedate_subm['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Use snake_case for variable names. Open
signUp = SignedUpTeam.where(topic_id: topic_id).first
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Do not use DateTime.parse.strftime
without zone. Use one of Time.zone.parse.strftime
, DateTime.current
, DateTime.parse.strftime.in_time_zone
, DateTime.parse.strftime.utc
, DateTime.parse.strftime.getlocal
, DateTime.parse.strftime.iso8601
, DateTime.parse.strftime.jisx0301
, DateTime.parse.strftime.rfc3339
, DateTime.parse.strftime.to_i
, DateTime.parse.strftime.to_f
instead. Open
subm_string = duedate_subm.nil? ? nil : DateTime.parse(duedate_subm['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Useless assignment to variable - team_id
. Open
team_id = SignedUpTeam.find_team_users(assignment_id, user_id)
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Rename has_teammate_ads?
to teammate_ads?
. Open
def self.has_teammate_ads?(topic_id)
- Read upRead up
- Exclude checks
This cop makes sure that predicates are named properly.
Example:
# bad
def is_even?(value)
end
# good
def even?(value)
end
# bad
def has_value?
end
# good
def value?
end
Use snake_case for method names. Open
def self.otherConfirmedTopicforUser(assignment_id, team_id)
- Read upRead up
- Exclude checks
This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
def fooBar; end
# good
def foo_bar; end
Example: EnforcedStyle: camelCase
# bad
def foo_bar; end
# good
def fooBar; end
Do not use DateTime.parse.strftime
without zone. Use one of Time.zone.parse.strftime
, DateTime.current
, DateTime.parse.strftime.in_time_zone
, DateTime.parse.strftime.utc
, DateTime.parse.strftime.getlocal
, DateTime.parse.strftime.iso8601
, DateTime.parse.strftime.jisx0301
, DateTime.parse.strftime.rfc3339
, DateTime.parse.strftime.to_i
, DateTime.parse.strftime.to_f
instead. Open
duedate['review_' + round.to_s] = DateTime.parse(duedate_rev['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
- Read upRead up
- Exclude checks
This cop checks for the use of Time methods without zone.
Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .
Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.
When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.
Example:
# always offense
Time.now
Time.parse('2015-03-02 19:05:37')
# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')
# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone
Prefer each
over for
. Open
for round in 1..@review_rounds
- Read upRead up
- Exclude checks
This cop looks for uses of the for keyword, or each method. The preferred alternative is set in the EnforcedStyle configuration parameter. An each call with a block on a single line is always allowed, however.