Unsafe reflection method constantize called with parameter value Open
folder_node = (params[:reactParams2][:nodeType]).constantize.new
- Read upRead up
- Exclude checks
Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.
The obvious form of this is the use of eval
with user input.
However, Brakeman also reports on dangerous uses of send
, constantize
, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.
Class has too many lines. [256/100] Open
class TreeDisplayController < ApplicationController
helper :application
include SecurityHelper
include AuthorizationHelper
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class TreeDisplayController
has 37 methods (exceeds 20 allowed). Consider refactoring. Open
class TreeDisplayController < ApplicationController
helper :application
include SecurityHelper
include AuthorizationHelper
Method has too many lines. [19/10] Open
def res_node_for_child_2(ch_nodes)
res = []
if ch_nodes
ch_nodes.each do |child|
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [19/10] Open
def serialize_folder_to_json(folder_type, node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for serialize_sub_folder_to_json is too high. [24.84/15] Open
def serialize_sub_folder_to_json(node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type,
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [17/10] Open
def serialize_sub_folder_to_json(node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type,
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for serialize_folder_to_json is too high. [21.75/15] Open
def serialize_folder_to_json(folder_type, node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
File tree_display_controller.rb
has 258 lines of code (exceeds 250 allowed). Consider refactoring. Open
class TreeDisplayController < ApplicationController
helper :application
include SecurityHelper
include AuthorizationHelper
Method has too many lines. [14/10] Open
def children_node_ng
flash[:error] = 'Invalid JSON in the TreeList' unless json_valid? params[:reactParams][:child_nodes]
child_nodes = child_nodes_from_params(params[:reactParams][:child_nodes])
tmp_res = {}
begin
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for get_sub_folder_contents is too high. [19.42/15] Open
def get_sub_folder_contents
# Convert the object received in parameters to a FolderNode object.
folder_node = (params[:reactParams2][:nodeType]).constantize.new
params[:reactParams2][:child_nodes].each do |key, value|
folder_node[key] = value
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for children_node_ng is too high. [18.79/15] Open
def children_node_ng
flash[:error] = 'Invalid JSON in the TreeList' unless json_valid? params[:reactParams][:child_nodes]
child_nodes = child_nodes_from_params(params[:reactParams][:child_nodes])
tmp_res = {}
begin
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [12/10] Open
def get_sub_folder_contents
# Convert the object received in parameters to a FolderNode object.
folder_node = (params[:reactParams2][:nodeType]).constantize.new
params[:reactParams2][:child_nodes].each do |key, value|
folder_node[key] = value
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [12/10] Open
def get_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [12/10] Open
def get_specific_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for get_folder_contents is too high. [15.52/15] Open
def get_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for get_specific_folder_contents is too high. [15.52/15] Open
def get_specific_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method serialize_sub_folder_to_json
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def serialize_sub_folder_to_json(node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type,
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method serialize_folder_to_json
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def serialize_folder_to_json(folder_type, node)
json = {
'nodeinfo' => node,
'name' => node.get_name,
'type' => node.type
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Similar blocks of code found in 2 locations. Consider refactoring. Open
def get_specific_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 50.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
def get_folder_contents
# Get all child nodes associated with a top level folder that the logged in user is authorized
# to view. Top level folders include Questionnaires, Courses, and Assignments.
folders = {}
FolderNode.includes(:folder).get.each do |folder_node|
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 50.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Missing top-level class documentation comment. Open
class TreeDisplayController < ApplicationController
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Do not prefix reader method names with get_
. Open
def get_folder_contents
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Rename is_user_ta?
to user_ta?
. Open
def is_user_ta?(instructor_id, child)
- Read upRead up
- Exclude checks
This cop makes sure that predicates are named properly.
Example:
# bad
def is_even?(value)
end
# good
def even?(value)
end
# bad
def has_value?
end
# good
def value?
end
Avoid comparing a variable with multiple items in a conditional, use Array#include?
instead. Open
if folder_type == 'Courses' || folder_type == 'Assignments'
json.merge!(
'directory' => node.get_directory,
'creation_date' => node.get_creation_date,
'updated_date' => node.get_modified_date,
- Read upRead up
- Exclude checks
This cop checks against comparing a variable with multiple items, where
Array#include?
could be used instead to avoid code repetition.
Example:
# bad
a = 'a'
foo if a == 'a' || a == 'b' || a == 'c'
# good
a = 'a'
foo if ['a', 'b', 'c'].include?(a)
Do not prefix reader method names with get_
. Open
def get_sub_folder_contents
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Rename is_user_instructor?
to user_instructor?
. Open
def is_user_instructor?(instructor_id)
- Read upRead up
- Exclude checks
This cop makes sure that predicates are named properly.
Example:
# bad
def is_even?(value)
end
# good
def even?(value)
end
# bad
def has_value?
end
# good
def value?
end
Use snake_case for variable names. Open
@currCtlr = params[:currCtlr]
- Read upRead up
- Exclude checks
This cop makes sure that all variables use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
fooBar = 1
# good
foo_bar = 1
Example: EnforcedStyle: camelCase
# bad
foo_bar = 1
# good
fooBar = 1
Do not prefix reader method names with get_
. Open
def get_specific_folder_contents
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end