Rails 3.2.9 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 3.2.22.4 New
rails (3.2.9)
- Read upRead up
- Exclude checks
json gem version 1.7.5 has a remote code vulnerablity: upgrade to 1.7.7 New
json (1.7.5)
- Read upRead up
- Exclude checks
Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.
The obvious form of this is the use of eval
with user input.
However, Brakeman also reports on dangerous uses of send
, constantize
, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.
Rails 3.2.9 contains a SQL injection vulnerability (CVE-2012-5664). Upgrade to 3.2.18 New
rails (3.2.9)
- Read upRead up
- Exclude checks
Rails 3.2.9 contains a SQL injection vulnerability (CVE-2013-0155). Upgrade to 3.2.11 New
rails (3.2.9)
- Read upRead up
- Exclude checks
Rails 3.2.9 has a remote code execution vulnerability: upgrade to 3.2.11 or disable XML parsing New
rails (3.2.9)
- Read upRead up
- Exclude checks
CVE-2013-4389 rubygem-actionmailer: email address processing DoS New
actionmailer (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4389
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4389
Solution: upgrade to >= 3.2.15
Possible Object Leak and Denial of Service attack in Action Pack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0751
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Possible Information Disclosure / Unintended Method Execution in Action Pack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Ability to forge per-form CSRF tokens given a global CSRF token New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Possible remote code execution vulnerability in Action Pack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2098
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14
Arbitrary file existence disclosure in Action Pack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7818
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
Solution: upgrade to ~> 3.2.20, ~> 4.0.11, ~> 4.1.7, >= 4.2.0.beta3
ReDoS based DoS vulnerability in Action Dispatch New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0081
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0081
Solution: upgrade to ~> 3.2.17, ~> 4.0.3, >= 4.1.0.beta2
Possible Information Leak Vulnerability in Action View New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2097
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14, >= 4.1.14.2
Arbitrary file existence disclosure in Action Pack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7829
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
Solution: upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6417
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
Solution: upgrade to ~> 3.2.16, >= 4.0.2
Possible XSS Vulnerability in Action View New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6316
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0156
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0156
Solution: upgrade to ~> 2.3.15, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
Denial of Service Vulnerability in Action View New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6414
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
Solution: upgrade to ~> 3.2.16, >= 4.0.2
CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-1855
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1855
Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
ReDoS based DoS vulnerability in Action Dispatch New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-1857
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1857
Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
Directory Traversal Vulnerability With Certain Route Configurations New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0130
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
Solution: upgrade to ~> 3.2.18, ~> 4.0.5, >= 4.1.1
Possible Information Leak Vulnerability in Action View New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0752
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Timing attack vulnerability in basic authentication in Action Controller. New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7576
Criticality: Low
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
XSS Vulnerability in number_to_currency New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6415
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
Solution: upgrade to ~> 3.2.16, >= 4.0.2
CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0082
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0082
Solution: upgrade to >= 3.2.17
Reflective XSS Vulnerability in Ruby on Rails New
actionpack (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4491
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
Solution: upgrade to ~> 3.2.16, >= 4.0.2
Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2012-6496
Criticality: Medium
URL: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
Solution: upgrade to ~> 3.0.18, ~> 3.1.9, >= 3.2.10
CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0276
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0276
Solution: upgrade to ~> 2.3.17, ~> 3.1.11, >= 3.2.12
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Nested attributes rejection proc bypass in Active Record New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7577
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-3482
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
Solution: upgrade to ~> 3.2.19
CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0155
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0155
Solution: upgrade to ~> 2.3.16, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability New
activerecord (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-1854
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1854
Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding New
activeresource (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8151
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
Solution: upgrade to >= 5.1.1
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore New
activesupport (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Active Support’s underscore New
activesupport (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible Denial of Service attack in Active Support New
activesupport (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3227
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22
XML Parsing Vulnerability affecting JRuby users New
activesupport (3.2.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-1856
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1856
Solution: upgrade to ~> 3.1.12, >= 3.2.13
Regular Expression Denial of Service in Addressable templates New
addressable (2.3.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
XSS vulnerability via data-target in bootstrap-sass New
bootstrap-sass (2.2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-10735
Criticality: Medium
URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
Solution: upgrade to >= 3.4.0
XSS vulnerability in bootstrap-sass New
bootstrap-sass (2.2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-8331
Criticality: Medium
URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
Solution: upgrade to >= 3.4.1
ruby-ffi DDL loading issue on Windows OS New
ffi (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
CSRF Vulnerability in jquery-rails New
jquery-rails (2.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1840
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Solution: upgrade to >= 4.0.4, ~> 3.1.3
Potential XSS vulnerability in jQuery New
jquery-rails (2.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Prototype pollution attack through jQuery $.extend New
jquery-rails (2.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) New
json (1.7.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection New
json (1.7.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0269
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0269
Solution: upgrade to ~> 1.5.5, ~> 1.6.8, >= 1.7.7
CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses New
mail (2.4.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-9097
Criticality: Medium
URL: https://hackerone.com/reports/137631
Solution: upgrade to >= 2.5.5
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Integer Overflow or Wraparound in libxml2 affects Nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
XML Injection in Xerces Java affects Nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption
Remote DoS New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: OSVDB-118481
URL: https://github.com/sparklemotion/nokogiri/pull/1087
Solution: upgrade to >= 1.6.3
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Out-of-bounds Write in zlib affects Nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6461
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6461
Solution: upgrade to ~> 1.5.11, >= 1.6.1
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Nokogiri gem, via libxml, is affected by DoS vulnerabilities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Denial of Service (DoS) in Nokogiri on JRuby New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Nokogiri gem, via libxslt, is affected by improper access control vulnerability New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Moderate severity vulnerability that affects nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
Inefficient Regular Expression Complexity in Nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1819
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4
Improper Handling of Unexpected Data Type in Nokogiri New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6460
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6460
Solution: upgrade to ~> 1.5.11, >= 1.6.1
Revert libxml2 behavior in Nokogiri gem that could cause XSS New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Nokogiri gem, via libxml, is affected by DoS vulnerabilities New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby New
nokogiri (1.5.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
HTTP Response Splitting vulnerability in puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
Keepalive thread overload/DoS in puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
HTTP Smuggling via Transfer-Encoding Header in Puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
HTTP Request Smuggling in puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
Information Exposure with Puma when used with Rails New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Keepalive Connections Causing Denial Of Service in puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
HTTP Response Splitting (Early Hints) in Puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
HTTP Smuggling via Transfer-Encoding Header in Puma New
puma (1.6.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11076
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Solution: upgrade to ~> 3.12.5, >= 4.3.4
Denial of service via multipart parsing in Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Percent-encoded cookies can be used to overwrite existing prefixed cookie names New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Denial of Service Vulnerability in Rack Multipart Parsing New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of Service Vulnerability in Rack Content-Disposition parsing New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible shell escape sequence injection vulnerability in Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0184
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0184
Solution: upgrade to ~> 1.1.5, ~> 1.2.7, ~> 1.3.9, >= 1.4.4
Possible information leak / session hijack vulnerability New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
Denial of service via header parsing in Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0183
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0183
Solution: upgrade to ~> 1.3.8, >= 1.4.3
CVE-2013-0262 rubygem-rack: Path sanitization information disclosure New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0262
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0262
Solution: upgrade to ~> 1.4.5, >= 1.5.2
CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2012-6109
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2012-6109
Solution: upgrade to ~> 1.1.4, ~> 1.2.6, ~> 1.3.7, >= 1.4.2
CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0263
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0263
Solution: upgrade to ~> 1.1.6, ~> 1.2.8, ~> 1.3.10, ~> 1.4.5, >= 1.5.2
Potential Denial of Service Vulnerability in Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3225
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6
Directory traversal in Rack::Directory app bundled with Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Possible XSS vulnerability in Rack New
rack (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
CVE-2014-2538 rubygem rack-ssl: URL error display XSS New
rack-ssl (1.3.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-2538
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2538
Solution: upgrade to >= 1.3.4
OS Command Injection in Rake New
rake (10.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template New
rdoc (3.12)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-0256
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-0256
Solution: upgrade to ~> 3.9.5, ~> 3.12.1, >= 4.0
RDoc OS command injection vulnerability New
rdoc (3.12)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-31799
Criticality: High
URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1
simple_form Gem for Ruby Incorrect Access Control for forms based on user input New
simple_form (2.0.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16676
Criticality: Critical
URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Solution: upgrade to >= 5.0
TZInfo relative path traversal vulnerability allows loading of arbitrary files New
tzinfo (0.3.35)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
uglifier incorrectly handles non-boolean comparisons during minification New
uglifier (1.3.0)
- Read upRead up
- Exclude checks
Advisory: OSVDB-126747
URL: https://github.com/mishoo/UglifyJS2/issues/751
Solution: upgrade to >= 2.7.2
PagesHelper has no descriptive comment New
module PagesHelper
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
Space missing after comma. New
guard 'rspec',:cli => "--color --fail-fast --drb", all_after_pass: false do
- Read upRead up
- Exclude checks
Checks for comma (,) not followed by some kind of space.
Example:
# bad
[1,2]
{ foo:bar,}
# good
[1, 2]
{ foo:bar, }
2 trailing blank lines detected. New
- Exclude checks
Line is too long. [101/80] New
guard 'spork', :cucumber_env => { 'RAILS_ENV' => 'test' }, :rspec_env => { 'RAILS_ENV' => 'test' } do
- Exclude checks
Line is too long. [84/80] New
watch(%r{^app/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
- Exclude checks
Line is too long. [91/80] New
watch(%r{^app/(.*)(\.erb|\.haml)$}) { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
- Exclude checks
Line is too long. [178/80] New
watch(%r{^app/controllers/(.+)_(controller)\.rb$}) { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
- Exclude checks
Line is too long. [122/80] New
watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'spec/acceptance' }
- Exclude checks
Use the new Ruby 1.9 hash syntax. New
guard 'spork', :cucumber_env => { 'RAILS_ENV' => 'test' }, :rspec_env => { 'RAILS_ENV' => 'test' } do
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. New
guard 'spork', :cucumber_env => { 'RAILS_ENV' => 'test' }, :rspec_env => { 'RAILS_ENV' => 'test' } do
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Prefer single-quoted strings when you don't need string interpolation or special symbols. New
guard 'rspec',:cli => "--color --fail-fast --drb", all_after_pass: false do
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Missing top-level module documentation comment. New
module PagesHelper
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Put empty method definitions on a single line. New
def home
end
- Read upRead up
- Exclude checks
This cop checks for the formatting of empty method definitions.
By default it enforces empty method definitions to go on a single
line (compact style), but it can be configured to enforce the end
to go on its own line (expanded style).
Note: A method definition is not considered empty if it contains comments.
Example: EnforcedStyle: compact (default)
# bad
def foo(bar)
end
def self.foo(bar)
end
# good
def foo(bar); end
def foo(bar)
# baz
end
def self.foo(bar); end
Example: EnforcedStyle: expanded
# bad
def foo(bar); end
def self.foo(bar); end
# good
def foo(bar)
end
def self.foo(bar)
end
Put empty method definitions on a single line. New
def about
end
- Read upRead up
- Exclude checks
This cop checks for the formatting of empty method definitions.
By default it enforces empty method definitions to go on a single
line (compact style), but it can be configured to enforce the end
to go on its own line (expanded style).
Note: A method definition is not considered empty if it contains comments.
Example: EnforcedStyle: compact (default)
# bad
def foo(bar)
end
def self.foo(bar)
end
# good
def foo(bar); end
def foo(bar)
# baz
end
def self.foo(bar); end
Example: EnforcedStyle: expanded
# bad
def foo(bar); end
def self.foo(bar); end
# good
def foo(bar)
end
def self.foo(bar)
end
Put empty method definitions on a single line. New
def contact
end
- Read upRead up
- Exclude checks
This cop checks for the formatting of empty method definitions.
By default it enforces empty method definitions to go on a single
line (compact style), but it can be configured to enforce the end
to go on its own line (expanded style).
Note: A method definition is not considered empty if it contains comments.
Example: EnforcedStyle: compact (default)
# bad
def foo(bar)
end
def self.foo(bar)
end
# good
def foo(bar); end
def foo(bar)
# baz
end
def self.foo(bar); end
Example: EnforcedStyle: expanded
# bad
def foo(bar); end
def self.foo(bar); end
# good
def foo(bar)
end
def self.foo(bar)
end
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem pg
should appear before rails
. New
gem 'pg'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem coffee-rails
should appear before sass-rails
. New
gem 'coffee-rails', '~> 3.2.1'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem bootstrap-sass
should appear before uglifier
. New
gem 'bootstrap-sass', '~> 2.2.1.1'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem database_cleaner
should appear before factory_girl_rails
. New
gem 'database_cleaner'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem foobar
should appear before launchy
. New
gem 'foobar'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem growl
should appear before guard-rspec
. New
gem 'growl'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rb-fchange
should appear before rb-fsevent
. New
gem 'rb-fchange', :require => false
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem guard-spork
should appear before spork
. New
gem 'guard-spork'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Prefer single quoted strings New
@import "bootstrap";
- Exclude checks
Avoid using id selectors New
#copyright {
- Exclude checks
Method search
has a Cognitive Complexity of 48 (exceeds 5 allowed). Consider refactoring. Fixed
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method index
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Fixed
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Fixed
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method validate_each
has a Cognitive Complexity of 17 (exceeds 5 allowed). Consider refactoring. Fixed
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Similar blocks of code found in 2 locations. Consider refactoring. Fixed
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 32.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Fixed
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 32.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Rails 3.2.13 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 3.2.22.4 Fixed
- Read upRead up
- Exclude checks
Possible unprotected redirect Fixed
- Read upRead up
- Exclude checks
Unvalidated redirects and forwards are #10 on the OWASP Top Ten.
Redirects which rely on user-supplied values can be used to "spoof" websites or hide malicious links in otherwise harmless-looking URLs. They can also allow access to restricted areas of a site if the destination is not validated.
Brakeman will raise warnings whenever redirect_to
appears to be used with a user-supplied value that may allow them to change the :host
option.
For example,
redirect_to params.merge(:action => :home)
will create a warning like
Possible unprotected redirect near line 46: redirect_to(params)
This is because params
could contain :host => 'evilsite.com'
which would redirect away from your site and to a malicious site.
If the first argument to redirect_to
is a hash, then adding :only_path => true
will limit the redirect to the current host. Another option is to specify the host explicitly.
redirect_to params.merge(:only_path => true)
redirect_to params.merge(:host => 'myhost.com')
If the first argument is a string, then it is possible to parse the string and extract the path:
redirect_to URI.parse(some_url).path
If the URL does not contain a protocol (e.g., http://
), then you will probably get unexpected results, as redirect_to
will prepend the current host name and a protocol.
Possible SQL injection Fixed
- Read upRead up
- Exclude checks
Injection is #1 on the 2013 OWASP Top Ten web security risks. SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes.
Brakeman focuses on ActiveRecord methods dealing with building SQL statements.
A basic (Rails 2.x) example looks like this:
User.first(:conditions => "username = '#{params[:username]}'")
Brakeman would produce a warning like this:
Possible SQL injection near line 30: User.first(:conditions => ("username = '#{params[:username]}'"))
The safe way to do this query is to use a parameterized query:
User.first(:conditions => ["username = ?", params[:username]])
Brakeman also understands the new Rails 3.x way of doing things (and local variables and concatenation):
username = params[:user][:name].downcase
password = params[:user][:password]
User.first.where("username = '" + username + "' AND password = '" + password + "'")
This results in this kind of warning:
Possible SQL injection near line 37:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))
See the Ruby Security Guide for more information and Rails-SQLi.org for many examples of SQL injection in Rails.
Potentially dangerous attribute available for mass assignment Fixed
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Potentially dangerous attribute available for mass assignment Fixed
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
CVE-2013-4389 rubygem-actionmailer: email address processing DoS Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4389
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4389
Solution: upgrade to >= 3.2.15
Possible Object Leak and Denial of Service attack in Action Pack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0751
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Possible Information Disclosure / Unintended Method Execution in Action Pack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Ability to forge per-form CSRF tokens given a global CSRF token Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Possible remote code execution vulnerability in Action Pack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2098
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14
Arbitrary file existence disclosure in Action Pack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7818
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
Solution: upgrade to ~> 3.2.20, ~> 4.0.11, ~> 4.1.7, >= 4.2.0.beta3
ReDoS based DoS vulnerability in Action Dispatch Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0081
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0081
Solution: upgrade to ~> 3.2.17, ~> 4.0.3, >= 4.1.0.beta2
Possible Information Leak Vulnerability in Action View Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2097
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14, >= 4.1.14.2
Arbitrary file existence disclosure in Action Pack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7829
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
Solution: upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6417
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
Solution: upgrade to ~> 3.2.16, >= 4.0.2
Possible XSS Vulnerability in Action View Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6316
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1
Denial of Service Vulnerability in Action View Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6414
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
Solution: upgrade to ~> 3.2.16, >= 4.0.2
ReDoS based DoS vulnerability in Action Dispatch Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Directory Traversal Vulnerability With Certain Route Configurations Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0130
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
Solution: upgrade to ~> 3.2.18, ~> 4.0.5, >= 4.1.1
Possible Information Leak Vulnerability in Action View Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0752
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Timing attack vulnerability in basic authentication in Action Controller. Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7576
Criticality: Low
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
XSS Vulnerability in number_to_currency Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6415
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
Solution: upgrade to ~> 3.2.16, >= 4.0.2
CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0082
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0082
Solution: upgrade to >= 3.2.17
Reflective XSS Vulnerability in Ruby on Rails Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4491
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
Solution: upgrade to ~> 3.2.16, >= 4.0.2
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Nested attributes rejection proc bypass in Active Record Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7577
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-3482
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
Solution: upgrade to ~> 3.2.19
activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8151
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
Solution: upgrade to >= 5.1.1
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Active Support’s underscore Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible Denial of Service attack in Active Support Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3227
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22
Regular Expression Denial of Service in Addressable templates Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Older releases of better_errors open to Cross-Site Request Forgery attack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-39197
Criticality: Medium
URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm
Solution: upgrade to >= 2.8.0
XSS vulnerability via data-target in bootstrap-sass Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-10735
Criticality: Medium
URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
Solution: upgrade to >= 3.4.0
XSS vulnerability in bootstrap-sass Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-8331
Criticality: Medium
URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
Solution: upgrade to >= 3.4.1
Server-side request forgery in CarrierWave Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-21288
Criticality: Medium
URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
Solution: upgrade to ~> 1.3.2, >= 2.1.1
Code Injection vulnerability in CarrierWave::RMagick Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-21305
Criticality: High
URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
Solution: upgrade to ~> 1.3.2, >= 2.1.1
CSRF token fixation attacks in Devise Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-114435
URL: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
Solution: upgrade to ~> 2.2.5, >= 3.0.1
Devise Gem for Ruby confirmation token validation with a blank string Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16109
Criticality: Medium
URL: https://github.com/plataformatec/devise/issues/5071
Solution: upgrade to >= 4.7.1
Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5421
Criticality: Critical
URL: https://github.com/plataformatec/devise/issues/4981
Solution: upgrade to >= 4.6.0
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-8314
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Solution: upgrade to >= 3.5.4
Race condition when using persistent connections Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16779
Criticality: Medium
URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
Solution: upgrade to >= 0.71.0
Missing TLS certificate verification in faye-websocket Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15133
Criticality: High
URL: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv
Solution: upgrade to >= 0.11.0
ruby-ffi DDL loading issue on Windows OS Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
Geocoder gem for Ruby contains possible SQL injection vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7981
Criticality: Critical
URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23
Solution: upgrade to >= 1.6.1
CSRF Vulnerability in jquery-rails Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1840
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Solution: upgrade to >= 4.0.4, ~> 3.1.3
Potential XSS vulnerability in jQuery Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Prototype pollution attack through jQuery $.extend Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Cross-Site Scripting in Kaminari via original_script_name
parameter Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11082
Criticality: Medium
URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
Solution: upgrade to >= 1.2.1
CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-9097
Criticality: Medium
URL: https://hackerone.com/reports/137631
Solution: upgrade to >= 2.5.5
Remote command execution via filename Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13574
Criticality: High
URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/
Solution: upgrade to >= 4.9.4
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Integer Overflow or Wraparound in libxml2 affects Nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
XML Injection in Xerces Java affects Nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Fixed
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Fixed
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption
Remote DoS Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-118481
URL: https://github.com/sparklemotion/nokogiri/pull/1087
Solution: upgrade to >= 1.6.3
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Out-of-bounds Write in zlib affects Nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6461
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6461
Solution: upgrade to ~> 1.5.11, >= 1.6.1
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Denial of Service (DoS) in Nokogiri on JRuby Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Moderate severity vulnerability that affects nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
Inefficient Regular Expression Complexity in Nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1819
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4
Improper Handling of Unexpected Data Type in Nokogiri Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6460
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6460
Solution: upgrade to ~> 1.5.11, >= 1.6.1
Revert libxml2 behavior in Nokogiri gem that could cause XSS Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Improper Certificate Validation in oauth ruby gem Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2016-11086
Criticality: High
URL: https://github.com/advisories/GHSA-7359-3c6r-hfc2
Solution: upgrade to >= 0.5.5
OmniAuth's lib/omniauth/failure_endpoint.rb
does not escape message_key
value Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-36599
Criticality: Critical
Solution: upgrade to ~> 1.9.2, >= 2.0.0
CSRF vulnerability in OmniAuth's request phase Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Solution: upgrade to >= 2.0.0
omniauth leaks authenticity token in callback params Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18076
Criticality: High
URL: https://github.com/omniauth/omniauth/pull/867
Solution: upgrade to >= 1.3.2
omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4593
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4593
Solution: upgrade to >= 1.5.1
omniauth-facebook Gem for Ruby Unspecified CSRF Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4562
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4562
Solution: upgrade to >= 1.5.0
HTTP Response Splitting vulnerability in puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
Keepalive thread overload/DoS in puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
HTTP Smuggling via Transfer-Encoding Header in Puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
HTTP Request Smuggling in puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
Information Exposure with Puma when used with Rails Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Keepalive Connections Causing Denial Of Service in puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
HTTP Response Splitting (Early Hints) in Puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
HTTP Smuggling via Transfer-Encoding Header in Puma Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11076
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Solution: upgrade to ~> 3.12.5, >= 4.3.4
Denial of service via multipart parsing in Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Denial of Service Vulnerability in Rack Multipart Parsing Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible shell escape sequence injection vulnerability in Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Possible information leak / session hijack vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
Denial of service via header parsing in Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
Potential Denial of Service Vulnerability in Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3225
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6
Directory traversal in Rack::Directory app bundled with Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Possible XSS vulnerability in Rack Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
CVE-2014-2538 rubygem rack-ssl: URL error display XSS Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2014-2538
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2538
Solution: upgrade to >= 1.3.4
OS Command Injection in Rake Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
RDoc OS command injection vulnerability Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-31799
Criticality: High
URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1
redis-namespace Gem for Ruby contains a flaw in the method_missing implementation Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-96425
URL: http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release
Solution: upgrade to >= 1.3.1, ~> 1.2.2, ~> 1.1.1, ~> 1.0.4
rest-client ruby gem logs sensitive information Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3448
Criticality: Low
URL: https://github.com/rest-client/rest-client/issues/349
Solution: upgrade to >= 1.7.3
CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1820
Criticality: Critical
URL: https://github.com/rest-client/rest-client/issues/369
Solution: upgrade to >= 1.8.0
Sidekiq Gem for Ruby Multiple Unspecified CSRF Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-125675
URL: https://github.com/mperham/sidekiq/pull/2422
Solution: upgrade to >= 3.4.2
Cross-site Scripting in Sidekiq Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30151
Criticality: Medium
URL: https://github.com/advisories/GHSA-grh7-935j-hg6w
Solution: upgrade to ~> 5.2.0, >= 6.2.1
Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element
Reflected XSS Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-125676
URL: https://github.com/mperham/sidekiq/issues/2330
Solution: upgrade to >= 3.4.0
Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-125678
URL: https://github.com/mperham/sidekiq/pull/2309
Solution: upgrade to >= 3.4.0
Denial of service in sidekiq Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23837
Criticality: High
URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Solution: upgrade to >= 6.4.0, ~> 5.2.10
simple_form Gem for Ruby Incorrect Access Control for forms based on user input Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16676
Criticality: Critical
URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Solution: upgrade to >= 5.0
TZInfo relative path traversal vulnerability allows loading of arbitrary files Fixed
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
uglifier incorrectly handles non-boolean comparisons during minification Fixed
- Read upRead up
- Exclude checks
Advisory: OSVDB-126747
URL: https://github.com/mishoo/UglifyJS2/issues/751
Solution: upgrade to >= 2.7.2
Complex method Property::search (107.4) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method PropertiesController#index (54.1) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method FileSizeValidator#validate_each (32.5) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method ComparesController#create (29.2) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method PropertiesController#buy (20.2) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
Complex method PropertiesController#rent (20.2) Fixed
- Read upRead up
- Exclude checks
Flog calculates the ABC score for methods. The ABC score is based on assignments, branches (method calls), and conditions.
You can read more about ABC metrics or the flog tool
ComparesController#create calls '@property.id' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
ComparesController#create calls 'property_path(@property)' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
ComparesController#create calls 'session[:compare_list]' 4 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
ComparesController#index calls 'session[:compare_list]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
ComparesController#update calls 'session[:compare_list]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
ComparesController assumes too much for instance variable '@property' Fixed
- Read upRead up
- Exclude checks
Classes should not assume that instance variables are set or present outside of the current class definition.
Good:
class Foo
def initialize
@bar = :foo
end
def foo?
@bar == :foo
end
end
Good as well:
class Foo
def foo?
bar == :foo
end
def bar
@bar ||= :foo
end
end
Bad:
class Foo
def go_foo!
@bar = :foo
end
def foo?
@bar == :foo
end
end
Example
Running Reek on:
class Dummy
def test
@ivar
end
end
would report:
[1]:InstanceVariableAssumption: Dummy assumes too much for instance variable @ivar
Note that this example would trigger this smell warning as well:
class Parent
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
@omg
end
end
The way to address the smell warning is that you should create an attr_reader
to use @omg
in the subclass and not access @omg
directly like this:
class Parent
attr_reader :omg
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
omg
end
end
Directly accessing instance variables is considered a smell because it breaks encapsulation and makes it harder to reason about code.
If you don't want to expose those methods as public API just make them private like this:
class Parent
def initialize(omg)
@omg = omg
end
private
attr_reader :omg
end
class Child < Parent
def foo
omg
end
end
Current Support in Reek
An instance variable must:
- be set in the constructor
- or be accessed through a method with lazy initialization / memoization.
If not, Instance Variable Assumption will be reported.
ComparesController has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
ComparesController#index performs a nil-check Fixed
- Read upRead up
- Exclude checks
A NilCheck
is a type check. Failures of NilCheck
violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)
ComparesController#update performs a nil-check Fixed
- Read upRead up
- Exclude checks
A NilCheck
is a type check. Failures of NilCheck
violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)
ComparesController#create has approx 6 statements Fixed
- Read upRead up
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
FavoritesController assumes too much for instance variable '@property' Fixed
- Read upRead up
- Exclude checks
Classes should not assume that instance variables are set or present outside of the current class definition.
Good:
class Foo
def initialize
@bar = :foo
end
def foo?
@bar == :foo
end
end
Good as well:
class Foo
def foo?
bar == :foo
end
def bar
@bar ||= :foo
end
end
Bad:
class Foo
def go_foo!
@bar = :foo
end
def foo?
@bar == :foo
end
end
Example
Running Reek on:
class Dummy
def test
@ivar
end
end
would report:
[1]:InstanceVariableAssumption: Dummy assumes too much for instance variable @ivar
Note that this example would trigger this smell warning as well:
class Parent
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
@omg
end
end
The way to address the smell warning is that you should create an attr_reader
to use @omg
in the subclass and not access @omg
directly like this:
class Parent
attr_reader :omg
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
omg
end
end
Directly accessing instance variables is considered a smell because it breaks encapsulation and makes it harder to reason about code.
If you don't want to expose those methods as public API just make them private like this:
class Parent
def initialize(omg)
@omg = omg
end
private
attr_reader :omg
end
class Child < Parent
def foo
omg
end
end
Current Support in Reek
An instance variable must:
- be set in the constructor
- or be accessed through a method with lazy initialization / memoization.
If not, Instance Variable Assumption will be reported.
FavoritesController has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
OmniauthCallbacksController has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
PropertiesController#index calls 'Property.includes(:images)' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesController#index calls 'params[:page]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesController#index calls 'params[:view]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesController#sort_order calls 'params[:sort]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesController assumes too much for instance variable '@property' Fixed
- Read upRead up
- Exclude checks
Classes should not assume that instance variables are set or present outside of the current class definition.
Good:
class Foo
def initialize
@bar = :foo
end
def foo?
@bar == :foo
end
end
Good as well:
class Foo
def foo?
bar == :foo
end
def bar
@bar ||= :foo
end
end
Bad:
class Foo
def go_foo!
@bar = :foo
end
def foo?
@bar == :foo
end
end
Example
Running Reek on:
class Dummy
def test
@ivar
end
end
would report:
[1]:InstanceVariableAssumption: Dummy assumes too much for instance variable @ivar
Note that this example would trigger this smell warning as well:
class Parent
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
@omg
end
end
The way to address the smell warning is that you should create an attr_reader
to use @omg
in the subclass and not access @omg
directly like this:
class Parent
attr_reader :omg
def initialize(omg)
@omg = omg
end
end
class Child < Parent
def foo
omg
end
end
Directly accessing instance variables is considered a smell because it breaks encapsulation and makes it harder to reason about code.
If you don't want to expose those methods as public API just make them private like this:
class Parent
def initialize(omg)
@omg = omg
end
private
attr_reader :omg
end
class Child < Parent
def foo
omg
end
end
Current Support in Reek
An instance variable must:
- be set in the constructor
- or be accessed through a method with lazy initialization / memoization.
If not, Instance Variable Assumption will be reported.
PropertiesController has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
PropertiesController#correct_user performs a nil-check Fixed
- Read upRead up
- Exclude checks
A NilCheck
is a type check. Failures of NilCheck
violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
end
Reek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)
PropertiesController tests 'current_user' at least 4 times Fixed
- Read upRead up
- Exclude checks
Repeated Conditional
is a special case of Simulated Polymorphism
. Basically it means you are checking the same value throughout a single class and take decisions based on this.
Example
Given
class RepeatedConditionals
attr_accessor :switch
def repeat_1
puts "Repeat 1!" if switch
end
def repeat_2
puts "Repeat 2!" if switch
end
def repeat_3
puts "Repeat 3!" if switch
end
end
Reek would emit the following warning:
test.rb -- 4 warnings:
[5, 9, 13]:RepeatedConditionals tests switch at least 3 times (RepeatedConditional)
If you get this warning then you are probably not using the right abstraction or even more probable, missing an additional abstraction.
PropertiesController has at least 6 instance variables Fixed
- Read upRead up
- Exclude checks
Too Many Instance Variables
is a special case of LargeClass
.
Example
Given this configuration
TooManyInstanceVariables:
max_instance_variables: 3
and this code:
class TooManyInstanceVariables
def initialize
@arg_1 = :dummy
@arg_2 = :dummy
@arg_3 = :dummy
@arg_4 = :dummy
end
end
Reek would emit the following warning:
test.rb -- 5 warnings:
[1]:TooManyInstanceVariables has at least 4 instance variables (TooManyInstanceVariables)
PropertiesController#index has approx 7 statements Fixed
- Read upRead up
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
ApplicationHelper#bootstrap_class_for doesn't depend on instance state (maybe move it to another class?) Fixed
- Read upRead up
- Exclude checks
A Utility Function is any instance method that has no dependency on the state of the instance.
PropertiesHelper#property_search_results calls 'properties.total_count' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesHelper#summary calls 'controller.action_name' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
PropertiesHelper has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
PropertiesHelper#thumbnail doesn't depend on instance state (maybe move it to another class?) Fixed
- Read upRead up
- Exclude checks
A Utility Function is any instance method that has no dependency on the state of the instance.
FavoriteProperty has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
Image has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
Property#self.search calls 'params[:search]' 16 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:bedrooms_from]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:bedrooms_to]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:floor_size_from]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:floor_size_to]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:price_from]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:price_to]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:query]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:search][:types]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property#self.search calls 'params[:sort]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
Property has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
Property#self.search has approx 21 statements Fixed
- Read upRead up
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
Property has the variable name 'a' Fixed
- Read upRead up
- Exclude checks
An Uncommunicative Variable Name
is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
User#self.from_omniauth calls 'auth.info' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
User#self.new_with_session calls 'session["devise.user_attributes"]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
User has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
PictureUploader has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
PictureUploader#default_url doesn't depend on instance state (maybe move it to another class?) Fixed
- Read upRead up
- Exclude checks
A Utility Function is any instance method that has no dependency on the state of the instance.
FileSizeValidator#validate_each calls 'MESSAGES[key]' 2 times Fixed
- Read upRead up
- Exclude checks
Duplication occurs when two fragments of code look nearly identical, or when two fragments of code have nearly identical effects at some conceptual level.
Reek implements a check for Duplicate Method Call.
Example
Here's a very much simplified and contrived example. The following method will report a warning:
def double_thing()
@other.thing + @other.thing
end
One quick approach to silence Reek would be to refactor the code thus:
def double_thing()
thing = @other.thing
thing + thing
end
A slightly different approach would be to replace all calls of double_thing
by calls to @other.double_thing
:
class Other
def double_thing()
thing + thing
end
end
The approach you take will depend on balancing other factors in your code.
FileSizeValidator#initialize refers to 'options' more than self (maybe move it to another class?) Fixed
- Read upRead up
- Exclude checks
Feature Envy occurs when a code fragment references another object more often than it references itself, or when several clients do the same series of manipulations on a particular type of object.
Feature Envy reduces the code's ability to communicate intent: code that "belongs" on one class but which is located in another can be hard to find, and may upset the "System of Names" in the host class.
Feature Envy also affects the design's flexibility: A code fragment that is in the wrong class creates couplings that may not be natural within the application's domain, and creates a loss of cohesion in the unwilling host class.
Feature Envy often arises because it must manipulate other objects (usually its arguments) to get them into a useful form, and one force preventing them (the arguments) doing this themselves is that the common knowledge lives outside the arguments, or the arguments are of too basic a type to justify extending that type. Therefore there must be something which 'knows' about the contents or purposes of the arguments. That thing would have to be more than just a basic type, because the basic types are either containers which don't know about their contents, or they are single objects which can't capture their relationship with their fellows of the same type. So, this thing with the extra knowledge should be reified into a class, and the utility method will most likely belong there.
Example
Running Reek on:
class Warehouse
def sale_price(item)
(item.price - item.rebate) * @vat
end
end
would report:
Warehouse#total_price refers to item more than self (FeatureEnvy)
since this:
(item.price - item.rebate)
belongs to the Item class, not the Warehouse.
FileSizeValidator::Helper has no descriptive comment Fixed
- Read upRead up
- Exclude checks
Classes and modules are the units of reuse and release. It is therefore considered good practice to annotate every class and module with a brief comment outlining its responsibilities.
Example
Given
class Dummy
# Do things...
end
Reek would emit the following warning:
test.rb -- 1 warning:
[1]:Dummy has no descriptive comment (IrresponsibleModule)
Fixing this is simple - just an explaining comment:
# The Dummy class is responsible for ...
class Dummy
# Do things...
end
FileSizeValidator has missing safe method 'check_validity!' Fixed
- Read upRead up
- Exclude checks
A candidate method for the Missing Safe Method
smell are methods whose names end with an exclamation mark.
An exclamation mark in method names means (the explanation below is taken from here ):
The ! in method names that end with ! means, “This method is dangerous”—or, more precisely, this method is the “dangerous” version of an otherwise equivalent method, with the same name minus the !. “Danger” is relative; the ! doesn’t mean anything at all unless the method name it’s in corresponds to a similar but bang-less method name. So, for example, gsub! is the dangerous version of gsub. exit! is the dangerous version of exit. flatten! is the dangerous version of flatten. And so forth.
Such a method is called Missing Safe Method
if and only if her non-bang version does not exist and this method is reported as a smell.
Example
Given
class C
def foo; end
def foo!; end
def bar!; end
end
Reek would report bar!
as Missing Safe Method
smell but not foo!
.
Reek reports this smell only in a class context, not in a module context in order to allow perfectly legit code like this:
class Parent
def foo; end
end
module Dangerous
def foo!; end
end
class Son < Parent
include Dangerous
end
class Daughter < Parent
end
In this example, Reek would not report the Missing Safe Method
smell for the method foo
of the Dangerous
module.
FileSizeValidator#validate_each has approx 12 statements Fixed
- Read upRead up
- Exclude checks
A method with Too Many Statements
is any method that has a large number of lines.
Too Many Statements
warns about any method that has more than 5 statements. Reek's smell detector for Too Many Statements
counts +1 for every simple statement in a method and +1 for every statement within a control structure (if
, else
, case
, when
, for
, while
, until
, begin
, rescue
) but it doesn't count the control structure itself.
So the following method would score +6 in Reek's statement-counting algorithm:
def parse(arg, argv, &error)
if !(val = arg) and (argv.empty? or /\A-/ =~ (val = argv[0]))
return nil, block, nil # +1
end
opt = (val = parse_arg(val, &error))[1] # +2
val = conv_arg(*val) # +3
if opt and !arg
argv.shift # +4
else
val[0] = nil # +5
end
val # +6
end
(You might argue that the two assigments within the first @if@ should count as statements, and that perhaps the nested assignment should count as +2.)
FileSizeValidator#help doesn't depend on instance state (maybe move it to another class?) Fixed
- Read upRead up
- Exclude checks
A Utility Function is any instance method that has no dependency on the state of the instance.
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Unused block argument - m
. You can omit the argument if you don't care about it. Fixed
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Block has too many lines. [37/25] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Line is too long. [103/80] Fixed
- Exclude checks
Line is too long. [86/80] Fixed
- Exclude checks
Line is too long. [180/80] Fixed
- Exclude checks
Line is too long. [95/80] Fixed
- Exclude checks
Line is too long. [95/80] Fixed
- Exclude checks
Line is too long. [124/80] Fixed
- Exclude checks
Line is too long. [92/80] Fixed
- Exclude checks
Line is too long. [88/80] Fixed
- Exclude checks
Line is too long. [86/80] Fixed
- Exclude checks
Line is too long. [90/80] Fixed
- Exclude checks
Line is too long. [114/80] Fixed
- Exclude checks
Line is too long. [85/80] Fixed
- Exclude checks
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
%W
-literals should be delimited by [
and ]
. Fixed
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Line is too long. [81/80] Fixed
- Exclude checks
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Align the elements of a hash literal if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Check that the keys, separators, and values of a multi-line hash literal are aligned according to configuration. The configuration options are:
- key (left align keys)
- separator (align hash rockets and colons, right align keys)
- table (left align keys, hash rockets, and values)
The treatment of hashes passed as the last argument to a method call can also be configured. The options are:
- always_inspect
- always_ignore
- ignore_implicit (without curly braces)
- ignore_explicit (with curly braces)
Example:
# EnforcedHashRocketStyle: key (default)
# EnforcedColonStyle: key (default)
# good
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
# bad
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
Example:
# EnforcedHashRocketStyle: separator
# EnforcedColonStyle: separator
#good
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
#bad
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
{
:foo => bar,
:ba => baz
}
Example:
# EnforcedHashRocketStyle: table
# EnforcedColonStyle: table
#good
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
#bad
{
foo: bar,
ba: baz
}
{
:foo => bar,
:ba => baz
}
Extra empty line detected at block body end. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of blocks match the configuration.
Example: EnforcedStyle: empty_lines
# good
foo do |bar|
# ...
end
Example: EnforcedStyle: noemptylines (default)
# good
foo do |bar|
# ...
end
Block body expression is on the same line as the block start. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the multiline do end blocks have a newline after the start of the block. Additionally, it checks whether the block arguments, if any, are on the same line as the start of the block.
Example:
# bad
blah do |i| foo(i)
bar(i)
end
# bad
blah do
|i| foo(i)
bar(i)
end
# good
blah do |i|
foo(i)
bar(i)
end
# bad
blah { |i| foo(i)
bar(i)
}
# good
blah { |i|
foo(i)
bar(i)
}
Block body expression is on the same line as the block start. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the multiline do end blocks have a newline after the start of the block. Additionally, it checks whether the block arguments, if any, are on the same line as the start of the block.
Example:
# bad
blah do |i| foo(i)
bar(i)
end
# bad
blah do
|i| foo(i)
bar(i)
end
# good
blah do |i|
foo(i)
bar(i)
end
# bad
blah { |i| foo(i)
bar(i)
}
# good
blah { |i|
foo(i)
bar(i)
}
Block body expression is on the same line as the block start. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the multiline do end blocks have a newline after the start of the block. Additionally, it checks whether the block arguments, if any, are on the same line as the start of the block.
Example:
# bad
blah do |i| foo(i)
bar(i)
end
# bad
blah do
|i| foo(i)
bar(i)
end
# good
blah do |i|
foo(i)
bar(i)
end
# bad
blah { |i| foo(i)
bar(i)
}
# good
blah { |i|
foo(i)
bar(i)
}
Block body expression is on the same line as the block start. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the multiline do end blocks have a newline after the start of the block. Additionally, it checks whether the block arguments, if any, are on the same line as the start of the block.
Example:
# bad
blah do |i| foo(i)
bar(i)
end
# bad
blah do
|i| foo(i)
bar(i)
end
# good
blah do |i|
foo(i)
bar(i)
end
# bad
blah { |i| foo(i)
bar(i)
}
# good
blah { |i|
foo(i)
bar(i)
}
Space between { and | missing. Fixed
- Read upRead up
- Exclude checks
Checks that block braces have or don't have surrounding space inside them on configuration. For blocks taking parameters, it checks that the left brace has or doesn't have trailing space depending on configuration.
Example: EnforcedStyle: space (default)
# The `space` style enforces that block braces have
# surrounding space.
# bad
some_array.each {puts e}
# good
some_array.each { puts e }
Example: EnforcedStyle: no_space
# The `no_space` style enforces that block braces don't
# have surrounding space.
# bad
some_array.each { puts e }
# good
some_array.each {puts e}
Example: EnforcedStyleForEmptyBraces: no_space (default)
# The `no_space` EnforcedStyleForEmptyBraces style enforces that
# block braces don't have a space in between when empty.
# bad
some_array.each { }
some_array.each { }
some_array.each { }
# good
some_array.each {}
Example: EnforcedStyleForEmptyBraces: space
# The `space` EnforcedStyleForEmptyBraces style enforces that
# block braces have at least a spece in between when empty.
# bad
some_array.each {}
# good
some_array.each { }
some_array.each { }
some_array.each { }
Example: SpaceBeforeBlockParameters: true (default)
# The SpaceBeforeBlockParameters style set to `true` enforces that
# there is a space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.
# bad
[1, 2, 3].each {|n| n * 2 }
# good
[1, 2, 3].each { |n| n * 2 }
Example: SpaceBeforeBlockParameters: true
# The SpaceBeforeBlockParameters style set to `false` enforces that
# there is no space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.
# bad
[1, 2, 3].each { |n| n * 2 }
# good
[1, 2, 3].each {|n| n * 2 }
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
}
at 44, 15 is not aligned with must { string params[:search][:types].join(" ")
at 43, 10. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the end keywords are aligned properly for do end blocks.
Three modes are supported through the EnforcedStyleAlignWith
configuration parameter:
start_of_block
: the end
shall be aligned with the
start of the line where the do
appeared.
start_of_line
: the end
shall be aligned with the
start of the line where the expression started.
either
(which is the default) : the end
is allowed to be in either
location. The autofixer will default to start_of_line
.
Example: EnforcedStyleAlignWith: either (default)
# bad
foo.bar
.each do
baz
end
# good
variable = lambda do |i|
i
end
Example: EnforcedStyleAlignWith: startofblock
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
Example: EnforcedStyleAlignWith: startofline
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
}
at 49, 15 is not aligned with must { range :price, { gte: price_from, lte: price_to }
at 48, 10. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the end keywords are aligned properly for do end blocks.
Three modes are supported through the EnforcedStyleAlignWith
configuration parameter:
start_of_block
: the end
shall be aligned with the
start of the line where the do
appeared.
start_of_line
: the end
shall be aligned with the
start of the line where the expression started.
either
(which is the default) : the end
is allowed to be in either
location. The autofixer will default to start_of_line
.
Example: EnforcedStyleAlignWith: either (default)
# bad
foo.bar
.each do
baz
end
# good
variable = lambda do |i|
i
end
Example: EnforcedStyleAlignWith: startofblock
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
Example: EnforcedStyleAlignWith: startofline
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
}
at 54, 15 is not aligned with must { range :bedroom, { gte: bedrooms_from, lte: bedrooms_to }
at 53, 10. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the end keywords are aligned properly for do end blocks.
Three modes are supported through the EnforcedStyleAlignWith
configuration parameter:
start_of_block
: the end
shall be aligned with the
start of the line where the do
appeared.
start_of_line
: the end
shall be aligned with the
start of the line where the expression started.
either
(which is the default) : the end
is allowed to be in either
location. The autofixer will default to start_of_line
.
Example: EnforcedStyleAlignWith: either (default)
# bad
foo.bar
.each do
baz
end
# good
variable = lambda do |i|
i
end
Example: EnforcedStyleAlignWith: startofblock
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
Example: EnforcedStyleAlignWith: startofline
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
}
at 59, 15 is not aligned with must { range :floor_size, { gte: floor_size_from, lte: floor_size_to }
at 58, 10. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the end keywords are aligned properly for do end blocks.
Three modes are supported through the EnforcedStyleAlignWith
configuration parameter:
start_of_block
: the end
shall be aligned with the
start of the line where the do
appeared.
start_of_line
: the end
shall be aligned with the
start of the line where the expression started.
either
(which is the default) : the end
is allowed to be in either
location. The autofixer will default to start_of_line
.
Example: EnforcedStyleAlignWith: either (default)
# bad
foo.bar
.each do
baz
end
# good
variable = lambda do |i|
i
end
Example: EnforcedStyleAlignWith: startofblock
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
Example: EnforcedStyleAlignWith: startofline
# bad
foo.bar
.each do
baz
end
# good
foo.bar
.each do
baz
end
Symbol with a boolean name - you probably meant to use false
. Fixed
- Read upRead up
- Exclude checks
This cop checks for :true
and :false
symbols.
In most cases it would be a typo.
Example:
# bad
:true
# good
true
Example:
# bad
:false
# good
false
Unused block argument - a
. If it's necessary, use _
or _a
as an argument name to indicate that it won't be used. Also consider using a proc without arguments instead of a lambda if you want it to accept any arguments but don't care about them. Fixed
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Cyclomatic complexity for search is too high. [16/6] Fixed
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Assignment Branch Condition size for search is too high. [63.1/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Line is too long. [90/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [85/80] Fixed
- Exclude checks
Line is too long. [92/80] Fixed
- Exclude checks
Line is too long. [86/80] Fixed
- Exclude checks
Line is too long. [101/80] Fixed
- Exclude checks
Line is too long. [95/80] Fixed
- Exclude checks
Line is too long. [107/80] Fixed
- Exclude checks
Line is too long. [101/80] Fixed
- Exclude checks
Method has too many lines. [22/10] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Perceived complexity for search is too high. [16/7] Fixed
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Avoid using {...}
for multi-line blocks. Fixed
- Read upRead up
- Exclude checks
Check for uses of braces or do/end around single line or multi-line blocks.
Example: EnforcedStyle: linecountbased (default)
# bad - single line block
items.each do |item| item / 5 end
# good - single line block
items.each { |item| item / 5 }
# bad - multi-line block
things.map { |thing|
something = thing.some_method
process(something)
}
# good - multi-line block
things.map do |thing|
something = thing.some_method
process(something)
end
Example: EnforcedStyle: semantic
# Prefer `do...end` over `{...}` for procedural blocks.
# return value is used/assigned
# bad
foo = map do |x|
x
end
puts (map do |x|
x
end)
# return value is not used out of scope
# good
map do |x|
x
end
# Prefer `{...}` over `do...end` for functional blocks.
# return value is not used out of scope
# bad
each { |x|
x
}
# return value is used/assigned
# good
foo = map { |x|
x
}
map { |x|
x
}.inspect
Example: EnforcedStyle: bracesforchaining
# bad
words.each do |word|
word.flip.flop
end.join("-")
# good
words.each { |word|
word.flip.flop
}.join("-")
Avoid using {...}
for multi-line blocks. Fixed
- Read upRead up
- Exclude checks
Check for uses of braces or do/end around single line or multi-line blocks.
Example: EnforcedStyle: linecountbased (default)
# bad - single line block
items.each do |item| item / 5 end
# good - single line block
items.each { |item| item / 5 }
# bad - multi-line block
things.map { |thing|
something = thing.some_method
process(something)
}
# good - multi-line block
things.map do |thing|
something = thing.some_method
process(something)
end
Example: EnforcedStyle: semantic
# Prefer `do...end` over `{...}` for procedural blocks.
# return value is used/assigned
# bad
foo = map do |x|
x
end
puts (map do |x|
x
end)
# return value is not used out of scope
# good
map do |x|
x
end
# Prefer `{...}` over `do...end` for functional blocks.
# return value is not used out of scope
# bad
each { |x|
x
}
# return value is used/assigned
# good
foo = map { |x|
x
}
map { |x|
x
}.inspect
Example: EnforcedStyle: bracesforchaining
# bad
words.each do |word|
word.flip.flop
end.join("-")
# good
words.each { |word|
word.flip.flop
}.join("-")
Avoid using {...}
for multi-line blocks. Fixed
- Read upRead up
- Exclude checks
Check for uses of braces or do/end around single line or multi-line blocks.
Example: EnforcedStyle: linecountbased (default)
# bad - single line block
items.each do |item| item / 5 end
# good - single line block
items.each { |item| item / 5 }
# bad - multi-line block
things.map { |thing|
something = thing.some_method
process(something)
}
# good - multi-line block
things.map do |thing|
something = thing.some_method
process(something)
end
Example: EnforcedStyle: semantic
# Prefer `do...end` over `{...}` for procedural blocks.
# return value is used/assigned
# bad
foo = map do |x|
x
end
puts (map do |x|
x
end)
# return value is not used out of scope
# good
map do |x|
x
end
# Prefer `{...}` over `do...end` for functional blocks.
# return value is not used out of scope
# bad
each { |x|
x
}
# return value is used/assigned
# good
foo = map { |x|
x
}
map { |x|
x
}.inspect
Example: EnforcedStyle: bracesforchaining
# bad
words.each do |word|
word.flip.flop
end.join("-")
# good
words.each { |word|
word.flip.flop
}.join("-")
Avoid using {...}
for multi-line blocks. Fixed
- Read upRead up
- Exclude checks
Check for uses of braces or do/end around single line or multi-line blocks.
Example: EnforcedStyle: linecountbased (default)
# bad - single line block
items.each do |item| item / 5 end
# good - single line block
items.each { |item| item / 5 }
# bad - multi-line block
things.map { |thing|
something = thing.some_method
process(something)
}
# good - multi-line block
things.map do |thing|
something = thing.some_method
process(something)
end
Example: EnforcedStyle: semantic
# Prefer `do...end` over `{...}` for procedural blocks.
# return value is used/assigned
# bad
foo = map do |x|
x
end
puts (map do |x|
x
end)
# return value is not used out of scope
# good
map do |x|
x
end
# Prefer `{...}` over `do...end` for functional blocks.
# return value is not used out of scope
# bad
each { |x|
x
}
# return value is used/assigned
# good
foo = map { |x|
x
}
map { |x|
x
}.inspect
Example: EnforcedStyle: bracesforchaining
# bad
words.each do |word|
word.flip.flop
end.join("-")
# good
words.each { |word|
word.flip.flop
}.join("-")
Redundant curly braces around a hash parameter. Fixed
- Read upRead up
- Exclude checks
This cop checks for braces around the last parameter in a method call
if the last parameter is a hash.
It supports braces
, no_braces
and context_dependent
styles.
Example: EnforcedStyle: braces
# The `braces` style enforces braces around all method
# parameters that are hashes.
# bad
some_method(x, y, a: 1, b: 2)
# good
some_method(x, y, {a: 1, b: 2})
Example: EnforcedStyle: no_braces (default)
# The `no_braces` style checks that the last parameter doesn't
# have braces around it.
# bad
some_method(x, y, {a: 1, b: 2})
# good
some_method(x, y, a: 1, b: 2)
Example: EnforcedStyle: context_dependent
# The `context_dependent` style checks that the last parameter
# doesn't have braces around it, but requires braces if the
# second to last parameter is also a hash literal.
# bad
some_method(x, y, {a: 1, b: 2})
some_method(x, y, {a: 1, b: 2}, a: 1, b: 2)
# good
some_method(x, y, a: 1, b: 2)
some_method(x, y, {a: 1, b: 2}, {a: 1, b: 2})
Redundant curly braces around a hash parameter. Fixed
- Read upRead up
- Exclude checks
This cop checks for braces around the last parameter in a method call
if the last parameter is a hash.
It supports braces
, no_braces
and context_dependent
styles.
Example: EnforcedStyle: braces
# The `braces` style enforces braces around all method
# parameters that are hashes.
# bad
some_method(x, y, a: 1, b: 2)
# good
some_method(x, y, {a: 1, b: 2})
Example: EnforcedStyle: no_braces (default)
# The `no_braces` style checks that the last parameter doesn't
# have braces around it.
# bad
some_method(x, y, {a: 1, b: 2})
# good
some_method(x, y, a: 1, b: 2)
Example: EnforcedStyle: context_dependent
# The `context_dependent` style checks that the last parameter
# doesn't have braces around it, but requires braces if the
# second to last parameter is also a hash literal.
# bad
some_method(x, y, {a: 1, b: 2})
some_method(x, y, {a: 1, b: 2}, a: 1, b: 2)
# good
some_method(x, y, a: 1, b: 2)
some_method(x, y, {a: 1, b: 2}, {a: 1, b: 2})
Redundant curly braces around a hash parameter. Fixed
- Read upRead up
- Exclude checks
This cop checks for braces around the last parameter in a method call
if the last parameter is a hash.
It supports braces
, no_braces
and context_dependent
styles.
Example: EnforcedStyle: braces
# The `braces` style enforces braces around all method
# parameters that are hashes.
# bad
some_method(x, y, a: 1, b: 2)
# good
some_method(x, y, {a: 1, b: 2})
Example: EnforcedStyle: no_braces (default)
# The `no_braces` style checks that the last parameter doesn't
# have braces around it.
# bad
some_method(x, y, {a: 1, b: 2})
# good
some_method(x, y, a: 1, b: 2)
Example: EnforcedStyle: context_dependent
# The `context_dependent` style checks that the last parameter
# doesn't have braces around it, but requires braces if the
# second to last parameter is also a hash literal.
# bad
some_method(x, y, {a: 1, b: 2})
some_method(x, y, {a: 1, b: 2}, a: 1, b: 2)
# good
some_method(x, y, a: 1, b: 2)
some_method(x, y, {a: 1, b: 2}, {a: 1, b: 2})
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the -> { ... }
lambda literal syntax for single line lambdas. Fixed
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end
Favor a normal if-statement over a modifier clause in a multiline statement. Fixed
- Read upRead up
- Exclude checks
Checks for uses of if/unless modifiers with multiple-lines bodies.
Example:
# bad
{
result: 'this should not happen'
} unless cond
# good
{ result: 'ok' } if cond
Favor a normal if-statement over a modifier clause in a multiline statement. Fixed
- Read upRead up
- Exclude checks
Checks for uses of if/unless modifiers with multiple-lines bodies.
Example:
# bad
{
result: 'this should not happen'
} unless cond
# good
{ result: 'ok' } if cond
Favor a normal if-statement over a modifier clause in a multiline statement. Fixed
- Read upRead up
- Exclude checks
Checks for uses of if/unless modifiers with multiple-lines bodies.
Example:
# bad
{
result: 'this should not happen'
} unless cond
# good
{ result: 'ok' } if cond
Favor a normal if-statement over a modifier clause in a multiline statement. Fixed
- Read upRead up
- Exclude checks
Checks for uses of if/unless modifiers with multiple-lines bodies.
Example:
# bad
{
result: 'this should not happen'
} unless cond
# good
{ result: 'ok' } if cond
Redundant self
detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for redundant uses of self
.
The usage of self
is only needed when:
Sending a message to same object with zero arguments in presence of a method name clash with an argument or a local variable.
Calling an attribute writer to prevent an local variable assignment.
Note, with using explicit self you can only send messages with public or protected scope, you cannot send private messages this way.
Note we allow uses of self
with operators because it would be awkward
otherwise.
Example:
# bad
def foo(bar)
self.baz
end
# good
def foo(bar)
self.bar # Resolves name clash with the argument.
end
def foo
bar = 1
self.bar # Resolves name clash with the local variable.
end
def foo
%w[x y z].select do |bar|
self.bar == bar # Resolves name clash with argument of the block.
end
end
Redundant self
detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for redundant uses of self
.
The usage of self
is only needed when:
Sending a message to same object with zero arguments in presence of a method name clash with an argument or a local variable.
Calling an attribute writer to prevent an local variable assignment.
Note, with using explicit self you can only send messages with public or protected scope, you cannot send private messages this way.
Note we allow uses of self
with operators because it would be awkward
otherwise.
Example:
# bad
def foo(bar)
self.baz
end
# good
def foo(bar)
self.bar # Resolves name clash with the argument.
end
def foo
bar = 1
self.bar # Resolves name clash with the local variable.
end
def foo
%w[x y z].select do |bar|
self.bar == bar # Resolves name clash with argument of the block.
end
end
Redundant self
detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for redundant uses of self
.
The usage of self
is only needed when:
Sending a message to same object with zero arguments in presence of a method name clash with an argument or a local variable.
Calling an attribute writer to prevent an local variable assignment.
Note, with using explicit self you can only send messages with public or protected scope, you cannot send private messages this way.
Note we allow uses of self
with operators because it would be awkward
otherwise.
Example:
# bad
def foo(bar)
self.baz
end
# good
def foo(bar)
self.bar # Resolves name clash with the argument.
end
def foo
bar = 1
self.bar # Resolves name clash with the local variable.
end
def foo
%w[x y z].select do |bar|
self.bar == bar # Resolves name clash with argument of the block.
end
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Unnecessary spacing detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Operator ?
should be surrounded by a single space. Fixed
- Read upRead up
- Exclude checks
Checks that operators have space around them, except for ** which should not have surrounding space.
Example:
# bad
total = 3*4
"apple"+"juice"
my_number = 38/4
a ** b
# good
total = 3 * 4
"apple" + "juice"
my_number = 38 / 4
a**b
Method has too many lines. [12/10] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Line is too long. [105/80] Fixed
- Exclude checks
Line is too long. [84/80] Fixed
- Exclude checks
Missing top-level module documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Extra empty line detected at class body beginning. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Use alias
instead of alias_method
in a class body. Fixed
- Read upRead up
- Exclude checks
This cop enforces the use of either #alias
or #alias_method
depending on configuration.
It also flags uses of alias :symbol
rather than alias bareword
.
Example: EnforcedStyle: prefer_alias (default)
# bad
alias_method :bar, :foo
alias :bar :foo
# good
alias bar foo
Example: EnforcedStyle: preferaliasmethod
# bad
alias :bar :foo
alias bar foo
# good
alias_method :bar, :foo
Use alias
instead of alias_method
in a class body. Fixed
- Read upRead up
- Exclude checks
This cop enforces the use of either #alias
or #alias_method
depending on configuration.
It also flags uses of alias :symbol
rather than alias bareword
.
Example: EnforcedStyle: prefer_alias (default)
# bad
alias_method :bar, :foo
alias :bar :foo
# good
alias bar foo
Example: EnforcedStyle: preferaliasmethod
# bad
alias :bar :foo
alias bar foo
# good
alias_method :bar, :foo
Use alias
instead of alias_method
in a class body. Fixed
- Read upRead up
- Exclude checks
This cop enforces the use of either #alias
or #alias_method
depending on configuration.
It also flags uses of alias :symbol
rather than alias bareword
.
Example: EnforcedStyle: prefer_alias (default)
# bad
alias_method :bar, :foo
alias :bar :foo
# good
alias bar foo
Example: EnforcedStyle: preferaliasmethod
# bad
alias :bar :foo
alias bar foo
# good
alias_method :bar, :foo
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Extra empty line detected at class body end. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Put empty method definitions on a single line. Fixed
- Read upRead up
- Exclude checks
This cop checks for the formatting of empty method definitions.
By default it enforces empty method definitions to go on a single
line (compact style), but it can be configured to enforce the end
to go on its own line (expanded style).
Note: A method definition is not considered empty if it contains comments.
Example: EnforcedStyle: compact (default)
# bad
def foo(bar)
end
def self.foo(bar)
end
# good
def foo(bar); end
def foo(bar)
# baz
end
def self.foo(bar); end
Example: EnforcedStyle: expanded
# bad
def foo(bar); end
def self.foo(bar); end
# good
def foo(bar)
end
def self.foo(bar)
end
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Use 2 (not 1) spaces for indentation. Fixed
- Read upRead up
- Exclude checks
This cops checks for indentation that doesn't use the specified number of spaces.
See also the IndentationConsistency cop which is the companion to this one.
Example:
# bad
class A
def test
puts 'hello'
end
end
# good
class A
def test
puts 'hello'
end
end
Example: IgnoredPatterns: ['^\s*module']
# bad
module A
class B
def test
puts 'hello'
end
end
end
# good
module A
class B
def test
puts 'hello'
end
end
end
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Space inside string interpolation detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for whitespace within string interpolations.
Example: EnforcedStyle: no_space (default)
# bad
var = "This is the #{ space } example"
# good
var = "This is the #{no_space} example"
Example: EnforcedStyle: space
# bad
var = "This is the #{no_space} example"
# good
var = "This is the #{ space } example"
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Align else
with if
. Fixed
- Read upRead up
- Exclude checks
This cops checks the alignment of else keywords. Normally they should be aligned with an if/unless/while/until/begin/def keyword, but there are special cases when they should follow the same rules as the alignment of end.
Example:
# bad
if something
code
else
code
end
# bad
if something
code
elsif something
code
end
# good
if something
code
else
code
end
Use 2 (not 4) spaces for indentation. Fixed
- Read upRead up
- Exclude checks
This cops checks for indentation that doesn't use the specified number of spaces.
See also the IndentationConsistency cop which is the companion to this one.
Example:
# bad
class A
def test
puts 'hello'
end
end
# good
class A
def test
puts 'hello'
end
end
Example: IgnoredPatterns: ['^\s*module']
# bad
module A
class B
def test
puts 'hello'
end
end
end
# good
module A
class B
def test
puts 'hello'
end
end
end
end
at 43, 17 is not aligned with if
at 39, 15. Fixed
- Read upRead up
- Exclude checks
This cop checks whether the end keywords are aligned properly.
Three modes are supported through the EnforcedStyleAlignWith
configuration parameter:
If it's set to keyword
(which is the default), the end
shall be aligned with the start of the keyword (if, class, etc.).
If it's set to variable
the end
shall be aligned with the
left-hand-side of the variable assignment, if there is one.
If it's set to start_of_line
, the end
shall be aligned with the
start of the line where the matching keyword appears.
Example: EnforcedStyleAlignWith: keyword (default)
# bad
variable = if true
end
# good
variable = if true
end
Example: EnforcedStyleAlignWith: variable
# bad
variable = if true
end
# good
variable = if true
end
Example: EnforcedStyleAlignWith: startofline
# bad
variable = if true
end
# good
puts(if true
end)
Cyclomatic complexity for index is too high. [7/6] Fixed
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Assignment Branch Condition size for index is too high. [38.79/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for rent is too high. [15.43/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Assignment Branch Condition size for buy is too high. [15.43/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Line is too long. [84/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [103/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [87/80] Fixed
- Exclude checks
Line is too long. [81/80] Fixed
- Exclude checks
Method has too many lines. [14/10] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Perceived complexity for index is too high. [9/7] Fixed
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use %i
or %I
for an array of symbols. Fixed
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Use %i
or %I
for an array of symbols. Fixed
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Use %w
or %W
for an array of words. Fixed
- Read upRead up
- Exclude checks
This cop can check for array literals made up of word-like strings, that are not using the %w() syntax.
Alternatively, it can check for uses of the %w() syntax, in projects which do not want to include that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize
of 3
will not enforce a style on an
array of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%w[foo bar baz]
# bad
['foo', 'bar', 'baz']
Example: EnforcedStyle: brackets
# good
['foo', 'bar', 'baz']
# bad
%w[foo bar baz]
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Align the parameters of a method call if they span more than one line. Fixed
- Read upRead up
- Exclude checks
Here we check if the parameters on a multi-line method call or definition are aligned.
Example: EnforcedStyle: withfirstparameter (default)
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Example: EnforcedStyle: withfixedindentation
# good
foo :bar,
:baz
# bad
foo :bar,
:baz
Extra empty line detected at class body beginning. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Unnecessary spacing detected. Fixed
- Read upRead up
- Exclude checks
This cop checks for extra/unnecessary whitespace.
Example:
# good if AllowForAlignment is true
name = "RuboCop"
# Some comment and an empty line
website += "/bbatsov/rubocop" unless cond
puts "rubocop" if debug
# bad for any configuration
set_app("RuboCop")
website = "https://github.com/bbatsov/rubocop"
Use 2 (not 3) spaces for indentation. Fixed
- Read upRead up
- Exclude checks
This cops checks for indentation that doesn't use the specified number of spaces.
See also the IndentationConsistency cop which is the companion to this one.
Example:
# bad
class A
def test
puts 'hello'
end
end
# good
class A
def test
puts 'hello'
end
end
Example: IgnoredPatterns: ['^\s*module']
# bad
module A
class B
def test
puts 'hello'
end
end
end
# good
module A
class B
def test
puts 'hello'
end
end
end
Space missing to the left of {. Fixed
- Read upRead up
- Exclude checks
Checks that block braces have or don't have a space before the opening brace depending on configuration.
Example:
# bad
foo.map{ |a|
a.bar.to_s
}
# good
foo.map { |a|
a.bar.to_s
}
Space between { and | missing. Fixed
- Read upRead up
- Exclude checks
Checks that block braces have or don't have surrounding space inside them on configuration. For blocks taking parameters, it checks that the left brace has or doesn't have trailing space depending on configuration.
Example: EnforcedStyle: space (default)
# The `space` style enforces that block braces have
# surrounding space.
# bad
some_array.each {puts e}
# good
some_array.each { puts e }
Example: EnforcedStyle: no_space
# The `no_space` style enforces that block braces don't
# have surrounding space.
# bad
some_array.each { puts e }
# good
some_array.each {puts e}
Example: EnforcedStyleForEmptyBraces: no_space (default)
# The `no_space` EnforcedStyleForEmptyBraces style enforces that
# block braces don't have a space in between when empty.
# bad
some_array.each { }
some_array.each { }
some_array.each { }
# good
some_array.each {}
Example: EnforcedStyleForEmptyBraces: space
# The `space` EnforcedStyleForEmptyBraces style enforces that
# block braces have at least a spece in between when empty.
# bad
some_array.each {}
# good
some_array.each { }
some_array.each { }
some_array.each { }
Example: SpaceBeforeBlockParameters: true (default)
# The SpaceBeforeBlockParameters style set to `true` enforces that
# there is a space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.
# bad
[1, 2, 3].each {|n| n * 2 }
# good
[1, 2, 3].each { |n| n * 2 }
Example: SpaceBeforeBlockParameters: true
# The SpaceBeforeBlockParameters style set to `false` enforces that
# there is no space between `{` and `|`. Overrides `EnforcedStyle`
# if there is a conflict.
# bad
[1, 2, 3].each { |n| n * 2 }
# good
[1, 2, 3].each {|n| n * 2 }
Assignment Branch Condition size for create is too high. [23.17/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Line is too long. [96/80] Fixed
- Exclude checks
Line is too long. [94/80] Fixed
- Exclude checks
Line is too long. [88/80] Fixed
- Exclude checks
Method has too many lines. [12/10] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Don't use parentheses around a method call. Fixed
- Read upRead up
- Exclude checks
This cop checks for redundant parentheses.
Example:
# bad
(x) if ((y.z).nil?)
# good
x if y.z.nil?
Extra empty line detected at class body beginning. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Extra empty line detected at class body end. Fixed
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of classes match the configuration.
Example: EnforcedStyle: empty_lines
# good
class Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
class Foo
class Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
class Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
class Foo
def bar
# ...
end
end
Missing space after #
. Fixed
- Read upRead up
- Exclude checks
This cop checks whether comments have a leading space after the
#
denoting the start of the comment. The leading space is not
required for some RDoc special syntax, like #++
, #--
,
#:nodoc
, =begin
- and =end
comments, "shebang" directives,
or rackup options.
Example:
# bad
#Some comment
# good
# Some comment
Line is too long. [81/80] Fixed
- Exclude checks
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Unnecessary utf-8 encoding comment. Fixed
- Exclude checks
%w
-literals should be delimited by [
and ]
. Fixed
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use ==
if you meant to do a comparison or wrap the expression in parentheses to indicate you meant to assign in a condition. Fixed
- Read upRead up
- Exclude checks
This cop checks for assignments in the conditions of if/while/until.
Example:
# bad
if some_var = true
do_something
end
Example:
# good
if some_var == true
do_something
end
Use ==
if you meant to do a comparison or wrap the expression in parentheses to indicate you meant to assign in a condition. Fixed
- Read upRead up
- Exclude checks
This cop checks for assignments in the conditions of if/while/until.
Example:
# bad
if some_var = true
do_something
end
Example:
# good
if some_var == true
do_something
end
Cyclomatic complexity for validate_each is too high. [8/6] Fixed
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Assignment Branch Condition size for validate_each is too high. [25.67/15] Fixed
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Line is too long. [99/80] Fixed
- Exclude checks
Line is too long. [91/80] Fixed
- Exclude checks
Line is too long. [86/80] Fixed
- Exclude checks
Line is too long. [103/80] Fixed
- Exclude checks
Line is too long. [127/80] Fixed
- Exclude checks
Line is too long. [92/80] Fixed
- Exclude checks
Method has too many lines. [13/10] Fixed
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Perceived complexity for validate_each is too high. [8/7] Fixed
- Read upRead up
- Exclude checks
This cop tries to produce a complexity score that's a measure of the
complexity the reader experiences when looking at a method. For that
reason it considers when
nodes as something that doesn't add as much
complexity as an if
or a &&
. Except if it's one of those special
case
/when
constructs where there's no expression after case
. Then
the cop treats it as an if
/elsif
/elsif
... and lets all the when
nodes count. In contrast to the CyclomaticComplexity cop, this cop
considers else
nodes as adding complexity.
Example:
def my_method # 1
if cond # 1
case var # 2 (0.8 + 4 * 0.2, rounded)
when 1 then func_one
when 2 then func_two
when 3 then func_three
when 4..10 then func_other
end
else # 1
do_something until a && b # 2
end # ===
end # 7 complexity points
Prefer Object#is_a?
over Object#kind_of?
. Fixed
- Read upRead up
- Exclude checks
This cop enforces consistent use of Object#is_a?
or Object#kind_of?
.
Example: EnforcedStyle: is_a? (default)
# bad
var.kind_of?(Date)
var.kind_of?(Integer)
# good
var.is_a?(Date)
var.is_a?(Integer)
Example: EnforcedStyle: kind_of?
# bad
var.is_a?(Time)
var.is_a?(String)
# good
var.kind_of?(Time)
var.kind_of?(String)
Prefer Object#is_a?
over Object#kind_of?
. Fixed
- Read upRead up
- Exclude checks
This cop enforces consistent use of Object#is_a?
or Object#kind_of?
.
Example: EnforcedStyle: is_a? (default)
# bad
var.kind_of?(Date)
var.kind_of?(Integer)
# good
var.is_a?(Date)
var.is_a?(Integer)
Example: EnforcedStyle: kind_of?
# bad
var.is_a?(Time)
var.is_a?(String)
# good
var.kind_of?(Time)
var.kind_of?(String)
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Missing top-level class documentation comment. Fixed
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the new Ruby 1.9 hash syntax. Fixed
- Read upRead up
- Exclude checks
This cop checks hash literal syntax.
It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).
A separate offense is registered for each problematic pair.
The supported styles are:
- ruby19 - forces use of the 1.9 syntax (e.g.
{a: 1}
) when hashes have all symbols for keys - hash_rockets - forces use of hash rockets for all hashes
- nomixedkeys - simply checks for hashes with mixed syntaxes
- ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes
Example: EnforcedStyle: ruby19 (default)
# bad
{:a => 2}
{b: 1, :c => 2}
# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden
Example: EnforcedStyle: hash_rockets
# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}
# good
{:a => 1, :b => 2}
Example: EnforcedStyle: nomixedkeys
# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}
# good
{:a => 1, :b => 2}
{c: 1, d: 2}
Example: EnforcedStyle: ruby19nomixed_keys
# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets
# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}
Use the -> { ... }
lambda literal syntax for single line lambdas. Fixed
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end
Freeze mutable objects assigned to constants. Fixed
- Read upRead up
- Exclude checks
This cop checks whether some constant value isn't a mutable literal (e.g. array or hash).
Example:
# bad
CONST = [1, 2, 3]
# good
CONST = [1, 2, 3].freeze
Do not use parallel assignment. Fixed
- Read upRead up
- Exclude checks
Checks for simple usages of parallel assignment. This will only complain when the number of variables being assigned matched the number of assigning variables.
Example:
# bad
a, b, c = 1, 2, 3
a, b, c = [1, 2, 3]
# good
one, two = *foo
a, b = foo()
a, b = b, a
a = 1
b = 2
c = 3
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use %i
or %I
for an array of symbols. Fixed
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Prefer single-quoted strings when you don't need string interpolation or special symbols. Fixed
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem pg
should appear before rails
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem jquery-rails
should appear before simple_form
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem omniauth-facebook
should appear before omniauth-twitter
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem geocoder
should appear before mini_magick
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem sidekiq
should appear before tire
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem carrierwave_backgrounder
should appear before sidekiq
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem coffee-rails
should appear before sass-rails
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem bootstrap-sass
should appear before uglifier
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem factory_girl_rails
should appear before selenium-webdriver
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem database_cleaner
should appear before factory_girl_rails
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rack_session_access
should appear before webmock
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem growl
should appear before guard-rspec
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rb-fchange
should appear before rb-fsevent
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem pry-rails
should appear before rb-inotify
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem meta_request
should appear before rails-footnotes
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem better_errors
should appear before meta_request
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem guard-spring
should appear before sextant
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem bullet
should appear before guard-spring
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem binding_of_caller
should appear before bullet
. Fixed
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Use //
comments everywhere Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Name of mixin box_sizing
should be written in all lowercase letters with hyphens instead of underscores Fixed
- Exclude checks
Avoid vendor prefixes. Fixed
- Exclude checks
Avoid vendor prefixes. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like #bbb
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Expected 0 spaces after (
instead of
Fixed
- Exclude checks
Color literals like white
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Color literals like #f4f4f4
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered border-bottom, border-top, margin Fixed
- Exclude checks
Color literals like #ddd
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like rgba(0, 0, 0, 0.18)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.18
should be written without a leading zero as .18
Fixed
- Exclude checks
Shorthand form for property margin
should be written more concisely as 10px auto 30px
instead of 10px auto 30px auto
Fixed
- Exclude checks
Selector flat_button
should be written in lowercase with hyphens Fixed
- Exclude checks
Properties should be ordered background, border, border-radius, box-shadow, color, line-height, margin-bottom, padding, text-align, text-shadow, text-transform, width Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like rgb(0, 0, 0)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like rgb(255, 255, 255)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like #676767
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Properties should be ordered color, padding-top, text-align Fixed
- Exclude checks
Color literals like green
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color green
should be written in hexadecimal form as #008000
Fixed
- Exclude checks
Empty rule Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Properties should be ordered height, margin, min-height Fixed
- Exclude checks
!important should not be used Fixed
- Exclude checks
Property height
already defined on line 8 Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Color literals like rgb(92, 92, 92)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like rgb(194, 194, 194)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Properties should be ordered line-height, list-style Fixed
- Exclude checks
Color literals like rgb(194, 194, 194)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Shorthand form for property padding
should be written more concisely as 20px 0px 30px
instead of 20px 0px 30px 0px
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like rgb(112, 112, 112)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered border-bottom, color, padding-bottom, padding-top Fixed
- Exclude checks
Color literals like white
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Color literals like black
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color black
should be written in hexadecimal form as #000000
Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Properties should be ordered margin-bottom, margin-left, margin-top Fixed
- Exclude checks
Line should be indented 4 spaces, but was indented 5 spaces Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Selector search_query
should be written in lowercase with hyphens Fixed
- Exclude checks
Line should be indented 2 spaces, but was indented 3 spaces Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Line should be indented 2 spaces, but was indented 3 spaces Fixed
- Exclude checks
Properties should be ordered height, margin Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Properties should be ordered font-size, position, right, top Fixed
- Exclude checks
Selector latest_properties
should be written in lowercase with hyphens Fixed
- Exclude checks
Properties should be ordered border-bottom, margin-bottom, text-align Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Color literals like #d5d5d5
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Properties should be ordered background, display, font-size, font-weight, padding, position, top Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Color literals like #fff
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Color literals like rgba(255, 255, 255, 0.7)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.7
should be written without a leading zero as .7
Fixed
- Exclude checks
Properties should be ordered background, bottom, color, font-weight, left, padding, position, text-align, width Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
!important should not be used Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
!important should not be used Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like rgba(42, 43, 43, 0.1)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.1
should be written without a leading zero as .1
Fixed
- Exclude checks
Shorthand form for property margin
should be written more concisely as 5px auto
instead of 5px auto 5px auto
Fixed
- Exclude checks
Properties should be ordered color, font-size, font-weight, height, line-height, padding-left Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered background-color, color, float, font-size, margin-bottom, opacity, padding, position, right, text-align, top Fixed
- Exclude checks
0.9
should be written without a leading zero as .9
Fixed
- Exclude checks
Color literals like rgba(42, 43, 43, 0.9)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.9
should be written without a leading zero as .9
Fixed
- Exclude checks
0.7
should be written without a leading zero as .7
Fixed
- Exclude checks
Color literals like rgb(255, 255, 255)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.2
should be written without a leading zero as .2
Fixed
- Exclude checks
Expected item on line 43 to appear before line 32. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
Properties should be ordered color, font-size, height, line-height, margin-bottom, padding Fixed
- Exclude checks
1.0em
should be written without the mantissa as 1em
Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Properties should be ordered color, font-size, height, line-height, margin-bottom, padding Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Color literals like rgb(185, 188, 194)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Expected item on line 71 to appear before line 70. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like rgba(185, 188, 194, 0.8)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.8
should be written without a leading zero as .8
Fixed
- Exclude checks
Properties should be ordered opacity, visibility Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Properties should be ordered background-color, border, height, margin-bottom, padding Fixed
- Exclude checks
Expected item on line 82 to appear before line 79. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
Properties should be ordered color, float, margin-bottom, margin-top Fixed
- Exclude checks
Color literals like rgb(112, 116, 124)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered float, margin-top Fixed
- Exclude checks
Properties should be ordered float, margin, margin-right Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Properties should be ordered display, padding-right Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Properties should be ordered float, margin, padding-top Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Color literals like #ddd
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered border, height, margin, position Fixed
- Exclude checks
Shorthand form for property margin
should be written more concisely as 5px auto
instead of 5px auto 5px auto
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Properties should be ordered color, font-size, font-weight, height, line-height, padding-left Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered background-color, color, float, font-size, margin-bottom, opacity, padding, position, right, text-align, top Fixed
- Exclude checks
Color literals like rgba(42, 43, 43, 0.9)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.9
should be written without a leading zero as .9
Fixed
- Exclude checks
0.8
should be written without a leading zero as .8
Fixed
- Exclude checks
Color literals like rgb(255, 255, 255)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.2
should be written without a leading zero as .2
Fixed
- Exclude checks
Expected item on line 46 to appear before line 35. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
Properties should be ordered color, font-size, height, line-height, margin-bottom, padding Fixed
- Exclude checks
1.0em
should be written without the mantissa as 1em
Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Properties should be ordered color, font-size, height, line-height, margin-bottom, padding Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Properties should be ordered bottom, min-width, position, right Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Color literals like #bbb
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered background, border-bottom, margin, padding Fixed
- Exclude checks
Color literals like rgba(0, 0, 0, 0.18)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.18
should be written without a leading zero as .18
Fixed
- Exclude checks
Shorthand form for property margin
should be written more concisely as 10px auto 30px
instead of 10px auto 30px auto
Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Color literals like white
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered float, padding Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Selector map_container
should be written in lowercase with hyphens Fixed
- Exclude checks
Properties should be ordered border-color, border-style, border-width, -moz-box-shadow, -webkit-box-shadow, box-shadow, padding Fixed
- Exclude checks
Color literals like #ccc
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like #999
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Shorthand form for property border-color
should be written more concisely as #ccc #ccc #999
instead of #ccc #ccc #999 #ccc
Fixed
- Exclude checks
Color literals like #ccc
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Color literals like #ccc
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Avoid vendor prefixes. Fixed
- Exclude checks
Color literals like rgba(64, 64, 64, 0.5)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Avoid vendor prefixes. Fixed
- Exclude checks
Color literals like rgba(64, 64, 64, 0.5)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.5
should be written without a leading zero as .5
Fixed
- Exclude checks
Color literals like rgba(64, 64, 64, 0.1)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.1
should be written without a leading zero as .1
Fixed
- Exclude checks
Selector gmaps4rails_map
should be written in lowercase with hyphens Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Properties should be ordered display, width Fixed
- Exclude checks
Property 'display' should be placed on own line Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Merge rule .map_container img
with rule on line 21 Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
Selector map_container
should be written in lowercase with hyphens Fixed
- Exclude checks
Merge rule .gmaps4rails_map img
with rule on line 31 Fixed
- Exclude checks
Selector gmaps4rails_map
should be written in lowercase with hyphens Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Selector should have depth of applicability no greater than 3, but was 4 Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Color literals like white
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Selector should have depth of applicability no greater than 3, but was 4 Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Properties should be ordered background, box-shadow, opacity Fixed
- Exclude checks
1.0
should be written without the mantissa as 1
Fixed
- Exclude checks
Colon after property should be followed by one space Fixed
- Exclude checks
Color white
should be written in hexadecimal form as #ffffff
Fixed
- Exclude checks
Color literals like white
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Selector should have depth of applicability no greater than 3, but was 4 Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Avoid qualifying id selectors with an element. Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Selector footnotes_debug
should be written in lowercase with hyphens Fixed
- Exclude checks
Color literals like rgb(235, 235, 235)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Selector debug_dump
should be written in lowercase with hyphens Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Expected item on line 6 to appear before line 5. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
Properties should be ordered background-color, border-bottom, border-top, padding Fixed
- Exclude checks
Color literals like rgb(255, 255, 255)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered border-bottom, border-top, padding Fixed
- Exclude checks
Color literals like rgb(255, 255, 255)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Properties should be ordered border-left, border-right, border-top, float, margin, opacity Fixed
- Exclude checks
Color literals like rgb(42, 43, 43)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0.4
should be written without a leading zero as .4
Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
border-bottom: 0
is preferred over border-bottom: none
Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered height, margin-left, margin-top, width Fixed
- Exclude checks
Expected item on line 49 to appear before line 45. Rule sets should be ordered as follows: @extends
, @includes
without @content
, properties, @includes
with @content
, nested rule sets Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Properties should be ordered list-style, margin Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered border-bottom, list-style Fixed
- Exclude checks
Color literals like rgb(223, 223, 223)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered display, padding Fixed
- Exclude checks
Selector should have depth of applicability no greater than 3, but was 4 Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Nesting should be no greater than 3, but was 4 Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Nesting should be no greater than 3, but was 4 Fixed
- Exclude checks
Properties should be ordered background-color, text-decoration Fixed
- Exclude checks
Color literals like rgb(238, 238, 238)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Prefer single quoted strings Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Shorthand form for property margin
should be written more concisely as 60px auto 30px
instead of 60px auto 30px auto
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Selector user_password_confirmation
should be written in lowercase with hyphens Fixed
- Exclude checks
Selector user_name
should be written in lowercase with hyphens Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Selector user_email
should be written in lowercase with hyphens Fixed
- Exclude checks
Selector user_password
should be written in lowercase with hyphens Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Shorthand form for property border-radius
should be written more concisely as 1px
instead of 1px 1px 1px 1px
Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Properties should be ordered border, border-radius, box-shadow, text-shadow Fixed
- Exclude checks
Shorthand form for property border-radius
should be written more concisely as 1px
instead of 1px 1px 1px 1px
Fixed
- Exclude checks
0px
should be written without units as 0
Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Color literals like rgb(40, 185, 221)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Color literals like rgb(15, 102, 170)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Color literals like rgb(50, 50, 50)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Opening curly brace {
should be preceded by one space Fixed
- Exclude checks
Color literals like rgba(0, 0, 0, 0.1)
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
0.1
should be written without a leading zero as .1
Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Each selector in a comma sequence should be on its own single line Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Avoid qualifying class selectors with an element. Fixed
- Exclude checks
Merge rule input.btn
with rule on line 62 Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Properties should be ordered color, margin-bottom, text-align Fixed
- Exclude checks
Color literals like #676767
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Use //
comments everywhere Fixed
- Exclude checks
Avoid using id selectors Fixed
- Exclude checks
Rule declaration should be preceded by an empty line Fixed
- Exclude checks
Properties should be ordered color, margin-bottom Fixed
- Exclude checks
Color literals like #676767
should only be used in variable declarations; they should be referred to via variable everywhere else. Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Properties should be ordered margin-top, padding, width Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Rule declaration should be followed by an empty line Fixed
- Exclude checks
Avoid qualifying class selectors with an element. Fixed
- Exclude checks