Sign upLogin

ece517-p3/expertiza

View on GitHub
Star

Showing 2,813 of 2,813 total issues

Tagging a string as html safe may be a security risk.
Open

    html.html_safe
Severity: Minor
Found in app/models/multiple_choice_radio.rb by rubocop

This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"
#{user_content}
".html_safe
# => ActiveSupport::SafeBuffer "
hi
"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
<b>hi</b>
"

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Specify an :inverse_of option.
    Open

      has_many :review_response_maps, foreign_key: 'reviewee_id'
    Severity: Minor
    Found in app/models/assignment_team.rb by rubocop

    This cop looks for has(one|many) and belongsto associations where ActiveRecord can't automatically determine the inverse association because of a scope or the options used. This can result in unnecessary queries in some circumstances. :inverse_of must be manually specified for associations to work in both ways, or set to false to opt-out.

    Example:

    # good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
    -> { order(published_at: :desc) },
    inverse_of: :blog
  )
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

    Example:

    # bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

    @see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

    Method SystemSettings#permission_denied_page is defined at both app/models/system_settings.rb:5 and app/models/system_settings.rb:30.
    Open

      def permission_denied_page
    Severity: Minor
    Found in app/models/system_settings.rb by rubocop

    This cop checks for duplicated instance (or singleton) method definitions.

    Example:

    # bad

def duplicated
  1
end

def duplicated
  2
end

    Example:

    # bad

def duplicated
  1
end

alias duplicated other_duplicated

    Example:

    # good

def duplicated
  1
end

def other_duplicated
  2
end

    Specify an :inverse_of option.
    Open

      belongs_to :node_object, class_name: "TreeFolder"
    Severity: Minor
    Found in app/models/folder_node.rb by rubocop

    This cop looks for has(one|many) and belongsto associations where ActiveRecord can't automatically determine the inverse association because of a scope or the options used. This can result in unnecessary queries in some circumstances. :inverse_of must be manually specified for associations to work in both ways, or set to false to opt-out.

    Example:

    # good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
    -> { order(published_at: :desc) },
    inverse_of: :blog
  )
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

    Example:

    # bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

    @see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

    Rename has_suggested_topic? to suggested_topic?.
    Open

      def self.has_suggested_topic?(assignment_id)
    Severity: Minor
    Found in app/models/sign_up_topic.rb by rubocop

    This cop makes sure that predicates are named properly.

    Example:

    # bad
def is_even?(value)
end

# good
def even?(value)
end

# bad
def has_value?
end

# good
def value?
end

    Use a guard clause instead of wrapping the code inside a conditional expression.
    Open

          if topic.max_choosers > no_of_students_who_selected_the_topic.size
    Severity: Minor
    Found in app/models/sign_up_topic.rb by rubocop

    Use a guard clause instead of wrapping the code inside a conditional expression

    Example:

    # bad
def test
  if something
    work
  end
end

# good
def test
  return unless something
  work
end

# also good
def test
  work if something
end

# bad
if something
  raise 'exception'
else
  ok
end

# good
raise 'exception' if something
ok

    Use find_by instead of where.first.
    Open

        topic = SignUpTopic.where(topic_name: row_hash[:topic_name], assignment_id: session[:assignment_id]).first
    Severity: Minor
    Found in app/models/sign_up_topic.rb by rubocop

    This cop is used to identify usages of where.first and change them to use find_by instead.

    Example:

    # bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take

# good
User.find_by(name: 'Bruce')

    Tagging a string as html safe may be a security risk.
    Open

        html.html_safe
    Severity: Minor
    Found in app/models/section_header.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Do not prefix reader method names with get_.
    Open

      def get_private
    Severity: Minor
    Found in app/models/questionnaire_node.rb by rubocop

    This cop makes sure that accessor methods are named properly.

    Example:

    # bad
def set_attribute(value)
end

# good
def attribute=(value)
end

# bad
def get_attribute
end

# good
def attribute
end

    Use each_value instead of each.
    Open

        choice_info.each do |_idx, value|
    Severity: Minor
    Found in app/models/multiple_choice_radio.rb by rubocop

    This cop checks for uses of each_key and each_value Hash methods.

    Note: If you have an array of two-element arrays, you can put parentheses around the block arguments to indicate that you're not working with a hash, and suppress RuboCop offenses.

    Example:

    # bad
hash.keys.each { |k| p k }
hash.values.each { |v| p v }
hash.each { |k, _v| p k }
hash.each { |_k, v| p v }

# good
hash.each_key { |k| p k }
hash.each_value { |v| p v }

    Tagging a string as html safe may be a security risk.
    Open

        html.html_safe
    Severity: Minor
    Found in app/models/table_header.rb by rubocop

    This cop checks for the use of output safety calls like htmlsafe, raw, and safeconcat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

    Example:

    user_content = "hi"

# bad
"
    #{user_content}
    ".html_safe
# => ActiveSupport::SafeBuffer "
    hi
    "

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "
    <b>hi</b>
    "

# bad
out = ""
out << "
  • #{user_content}
    • "
out << "
  • #{user_content}
    • "
out.html_safe
# => ActiveSupport::SafeBuffer "
  • hi
    • 

  • hi
    • "

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "
  • <b>hi</b>
    • 

  • <b>hi</b>
    • "

# bad
out = "
    trusted content
    ".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "
    trusted_content
    
hi"

# good
out = "
    trusted content
    ".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "
    trusted_content
    <b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

    Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead.
    Open

          stage_deadline: (Time.parse(participant.stage_deadline) rescue Time.now + 1.year)
    Severity: Minor
    Found in app/models/student_task.rb by rubocop

    This cop checks for the use of Time methods without zone.

    Built on top of Ruby on Rails style guide (https://github.com/bbatsov/rails-style-guide#time) and the article http://danilenko.org/2012/7/6/rails_timezones/ .

    Two styles are supported for this cop. When EnforcedStyle is 'strict' then only use of Time.zone is allowed.

    When EnforcedStyle is 'flexible' then it's also allowed to use Time.intimezone.

    Example:

    # always offense
Time.now
Time.parse('2015-03-02 19:05:37')

# no offense
Time.zone.now
Time.zone.parse('2015-03-02 19:05:37')

# no offense only if style is 'flexible'
Time.current
DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone
Time.at(timestamp).in_time_zone

    Method SystemSettings#default_markup_style is defined at both app/models/system_settings.rb:4 and app/models/system_settings.rb:12.
    Open

      def default_markup_style
    Severity: Minor
    Found in app/models/system_settings.rb by rubocop

    This cop checks for duplicated instance (or singleton) method definitions.

    Example:

    # bad

def duplicated
  1
end

def duplicated
  2
end

    Example:

    # bad

def duplicated
  1
end

alias duplicated other_duplicated

    Example:

    # good

def duplicated
  1
end

def other_duplicated
  2
end

    Method SystemSettings#session_expired_page is defined at both app/models/system_settings.rb:5 and app/models/system_settings.rb:34.
    Open

      def session_expired_page
    Severity: Minor
    Found in app/models/system_settings.rb by rubocop

    This cop checks for duplicated instance (or singleton) method definitions.

    Example:

    # bad

def duplicated
  1
end

def duplicated
  2
end

    Example:

    # bad

def duplicated
  1
end

alias duplicated other_duplicated

    Example:

    # good

def duplicated
  1
end

def other_duplicated
  2
end

    Use snake_case for method names.
    Open

      def self.slotAvailable?(topic_id)
    Severity: Minor
    Found in app/models/sign_up_topic.rb by rubocop

    This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.

    Example: EnforcedStyle: snake_case (default)

    # bad
def fooBar; end

# good
def foo_bar; end

    Example: EnforcedStyle: camelCase

    # bad
def foo_bar; end

# good
def fooBar; end

    end at 26, 4 is not aligned with def at 19, 2.
    Open

        end
    Severity: Minor
    Found in app/models/quiz_questionnaire.rb by rubocop

    This cop checks whether the end keywords of method definitions are aligned properly.

    Two modes are supported through the EnforcedStyleAlignWith configuration parameter. If it's set to start_of_line (which is the default), the end shall be aligned with the start of the line where the def keyword is. If it's set to def, the end shall be aligned with the def keyword.

    Example: EnforcedStyleAlignWith: startofline (default)

    # bad

private def foo
            end

# good

private def foo
end

    Example: EnforcedStyleAlignWith: def

    # bad

private def foo
            end

# good

private def foo
        end

    end at 35, 2 is not aligned with class at 1, 0.
    Open

      end
    Severity: Minor
    Found in app/models/quiz_questionnaire.rb by rubocop

    This cop checks whether the end keywords are aligned properly.

    Three modes are supported through the EnforcedStyleAlignWith configuration parameter:

    If it's set to keyword (which is the default), the end shall be aligned with the start of the keyword (if, class, etc.).

    If it's set to variable the end shall be aligned with the left-hand-side of the variable assignment, if there is one.

    If it's set to start_of_line, the end shall be aligned with the start of the line where the matching keyword appears.

    Example: EnforcedStyleAlignWith: keyword (default)

    # bad

variable = if true
    end

# good

variable = if true
           end

    Example: EnforcedStyleAlignWith: variable

    # bad

variable = if true
    end

# good

variable = if true
end

    Example: EnforcedStyleAlignWith: startofline

    # bad

variable = if true
    end

# good

puts(if true
end)

    Specify an :inverse_of option.
    Open

      belongs_to :reviewee, class_name: 'Bookmark', foreign_key: 'reviewee_id'
    Severity: Minor
    Found in app/models/bookmark_rating_response_map.rb by rubocop

    This cop looks for has(one|many) and belongsto associations where ActiveRecord can't automatically determine the inverse association because of a scope or the options used. This can result in unnecessary queries in some circumstances. :inverse_of must be manually specified for associations to work in both ways, or set to false to opt-out.

    Example:

    # good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
    -> { order(published_at: :desc) },
    inverse_of: :blog
  )
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

    Example:

    # bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

    Example:

    # bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

    @see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

    Do not prefix reader method names with get_.
    Open

      def get_modified_date
    Severity: Minor
    Found in app/models/questionnaire_node.rb by rubocop

    This cop makes sure that accessor methods are named properly.

    Example:

    # bad
def set_attribute(value)
end

# good
def attribute=(value)
end

# bad
def get_attribute
end

# good
def attribute
end

    Rename is_leaf to leaf?.
    Open

      def is_leaf
    Severity: Minor
    Found in app/models/questionnaire_node.rb by rubocop

    This cop makes sure that predicates are named properly.

    Example:

    # bad
def is_even?(value)
end

# good
def even?(value)
end

# bad
def has_value?
end

# good
def value?
end
    Severity
    Category
    Status
    Source
    Language