Sign upLogin

ece517-p3/expertiza

View on GitHub
Star

Showing 2,813 of 2,813 total issues

Use find_by instead of where.first.
Open

      participant = AssignmentParticipant.where(parent_id: session[:assignment_id], user_id: user.id).first
Severity: Minor
Found in app/models/sign_up_sheet.rb by rubocop

This cop is used to identify usages of where.first and change them to use find_by instead.

Example:

# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take

# good
User.find_by(name: 'Bruce')

end at 62, 42 is not aligned with if at 58, 25.
Open

                                          end
Severity: Minor
Found in app/models/controller_action.rb by rubocop

This cop checks whether the end keywords are aligned properly.

Three modes are supported through the EnforcedStyleAlignWith configuration parameter:

If it's set to keyword (which is the default), the end shall be aligned with the start of the keyword (if, class, etc.).

If it's set to variable the end shall be aligned with the left-hand-side of the variable assignment, if there is one.

If it's set to start_of_line, the end shall be aligned with the start of the line where the matching keyword appears.

Example: EnforcedStyleAlignWith: keyword (default)

# bad

variable = if true
    end

# good

variable = if true
           end

Example: EnforcedStyleAlignWith: variable

# bad

variable = if true
    end

# good

variable = if true
end

Example: EnforcedStyleAlignWith: startofline

# bad

variable = if true
    end

# good

puts(if true
end)

Tagging a string as html safe may be a security risk.
Open

    safe_join(["<tr>".html_safe, "</tr>".html_safe], html.html_safe)
Severity: Minor
Found in app/models/dropdown.rb by rubocop

This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"
#{user_content}
".html_safe
# => ActiveSupport::SafeBuffer "
hi
"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
<b>hi</b>
"

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Tagging a string as html safe may be a security risk.
    Open

        html.html_safe
    Severity: Minor
    Found in app/models/dropdown.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Line is too long. [170/160]
    Open

        parent = parent_model id # current_task will be either a course object or an assignment object. # current_task will be either a course object or an assignment object.
    Severity: Minor
    Found in app/models/team.rb by rubocop

    Use a guard clause instead of wrapping the code inside a conditional expression.
    Open

        if handle_dups == "replace" # replace: delete old team
    Severity: Minor
    Found in app/models/team.rb by rubocop

    Use a guard clause instead of wrapping the code inside a conditional expression

    Example:

    # bad
def test
  if something
    work
  end
end

# good
def test
  return unless something
  work
end

# also good
def test
  work if something
end

# bad
if something
  raise 'exception'
else
  ok
end

# good
raise 'exception' if something
ok

    Tagging a string as html safe may be a security risk.
    Open

        html.html_safe
    Severity: Minor
    Found in app/models/scale.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Specify an :inverse_of option.
    Open

      belongs_to :node_object, class_name: 'Team'
    Severity: Minor
    Found in app/models/team_node.rb by rubocop

    This cop looks for has(one|many) and belongsto associations where ActiveRecord can't automatically determine the inverse association because of a scope or the options used. This can result in unnecessary queries in some circumstances. :inverse_of must be manually specified for associations to work in both ways, or set to false to opt-out.

    Example:

    # good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
    -> { order(published_at: :desc) },
    inverse_of: :blog
  )
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

    Example:

    # bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

    @see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

    Useless assignment to variable - team_id.
    Open

        team_id = SignedUpTeam.find_team_users(assignment_id, user_id)
    Severity: Minor
    Found in app/models/sign_up_sheet.rb by rubocop

    This cop checks for every useless assignment to local variable in every scope. The basic idea for this cop was from the warning of ruby -cw:

    assigned but unused variable - foo

    Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.

    Example:

    # bad

def some_method
  some_var = 1
  do_something
end

    Example:

    # good

def some_method
  some_var = 1
  do_something(some_var)
end

    Do not use DateTime.parse.strftime without zone. Use one of Time.zone.parse.strftime, DateTime.current, DateTime.parse.strftime.in_time_zone, DateTime.parse.strftime.utc, DateTime.parse.strftime.getlocal, DateTime.parse.strftime.iso8601, DateTime.parse.strftime.jisx0301, DateTime.parse.strftime.rfc3339, DateTime.parse.strftime.to_i, DateTime.parse.strftime.to_f instead.
    Open

          duedate['review_' + round.to_s] = DateTime.parse(duedate_rev['due_at'].to_s).strftime("%Y-%m-%d %H:%M:%S")
    Severity: Minor
    Found in app/models/sign_up_sheet.rb by rubocop

    This cop checks for the use of Time methods without zone.

    Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .

    Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.

    When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.

    Example:

    # always offense
Time.now
Time.parse('2015-03-02 19:05:37')

# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')

# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone

    end at 68, 42 is not aligned with if at 64, 25.
    Open

                                              end
    Severity: Minor
    Found in app/models/controller_action.rb by rubocop

    This cop checks whether the end keywords are aligned properly.

    Three modes are supported through the EnforcedStyleAlignWith configuration parameter:

    If it's set to keyword (which is the default), the end shall be aligned with the start of the keyword (if, class, etc.).

    If it's set to variable the end shall be aligned with the left-hand-side of the variable assignment, if there is one.

    If it's set to start_of_line, the end shall be aligned with the start of the line where the matching keyword appears.

    Example: EnforcedStyleAlignWith: keyword (default)

    # bad

variable = if true
    end

# good

variable = if true
           end

    Example: EnforcedStyleAlignWith: variable

    # bad

variable = if true
    end

# good

variable = if true
end

    Example: EnforcedStyleAlignWith: startofline

    # bad

variable = if true
    end

# good

puts(if true
end)

    Prefer each over for.
    Open

        for action in actions do
    Severity: Minor
    Found in app/models/controller_action.rb by rubocop

    This cop looks for uses of the for keyword, or each method. The preferred alternative is set in the EnforcedStyle configuration parameter. An each call with a block on a single line is always allowed, however.

    Redundant use of Object#to_s in interpolation.
    Open

            raise ImportError, "The user '#{teammember.to_s}' was not found. <a href='/users/new'>Create</a> this user?"
    Severity: Minor
    Found in app/models/team.rb by rubocop

    This cop checks for string conversion in string interpolation, which is redundant.

    Example:

    # bad

"result is #{something.to_s}"

    Example:

    # good

"result is #{something}"

    Use find_by instead of where.first.
    Open

        MenuItem.where(conditions).first
    Severity: Minor
    Found in app/models/menu_item.rb by rubocop

    This cop is used to identify usages of where.first and change them to use find_by instead.

    Example:

    # bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take

# good
User.find_by(name: 'Bruce')

    Line is too long. [202/160]
    Open

        html += '<td><textarea cols="50" rows="1" name="question[' + self.id.to_s + '][txt]" id="question_' + self.id.to_s + '_txt" placeholder="Edit question content here">' + self.txt + '</textarea></td>'
    Severity: Minor
    Found in app/models/scale.rb by rubocop

    Prefer each over for.
    Open

        for j in questionnaire_min..questionnaire_max
    Severity: Minor
    Found in app/models/scale.rb by rubocop

    This cop looks for uses of the for keyword, or each method. The preferred alternative is set in the EnforcedStyle configuration parameter. An each call with a block on a single line is always allowed, however.

    Convert if nested inside else to elsif.
    Open

                             if perms.key?(action.controller.permission_id)
    Severity: Minor
    Found in app/models/controller_action.rb by rubocop

    If the else branch of a conditional consists solely of an if node, it can be combined with the else to become an elsif. This helps to keep the nesting level from getting too deep.

    Example:

    # bad
if condition_a
  action_a
else
  if condition_b
    action_b
  else
    action_c
  end
end

# good
if condition_a
  action_a
elsif condition_b
  action_b
else
  action_c
end

    Tagging a string as html safe may be a security risk.
    Open

        safe_join(["<tr>".html_safe, "</tr>".html_safe], html.html_safe)
    Severity: Minor
    Found in app/models/dropdown.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Tagging a string as html safe may be a security risk.
    Open

        safe_join(["<TR>".html_safe, "</TR>".html_safe], html.html_safe)
    Severity: Minor
    Found in app/models/dropdown.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Tagging a string as html safe may be a security risk.
    Open

        safe_join(["".html_safe, "".html_safe], html.html_safe)
    Severity: Minor
    Found in app/models/dropdown.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"
    Severity
    Category
    Status
    Source
    Language