Model attribute used in file name Open
zip_data = File.read(temp_file.path)
- Read upRead up
- Exclude checks
Using user input when accessing files (local or remote) will raise a warning in Brakeman.
For example
File.open("/tmp/#{cookie[:file]}")
will raise an error like
Cookie value used in file name near line 4: File.open("/tmp/#{cookie[:file]}")
This type of vulnerability can be used to access arbitrary files on a server (including /etc/passwd
.
Parameter value used in file name Open
send_file file_full_path, x_sendfile: true
- Read upRead up
- Exclude checks
Using user input when accessing files (local or remote) will raise a warning in Brakeman.
For example
File.open("/tmp/#{cookie[:file]}")
will raise an error like
Cookie value used in file name near line 4: File.open("/tmp/#{cookie[:file]}")
This type of vulnerability can be used to access arbitrary files on a server (including /etc/passwd
.
Method download_agreement_letters
has a Cognitive Complexity of 23 (exceeds 5 allowed). Consider refactoring. Open
def download_agreement_letters
@event = Event.find(params[:id])
unless params.key?(:selected_participants)
redirect_to(event_participants_url(@event), notice: I18n.t('events.agreement_letters_download.notices.no_participants_selected')) && return
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Class EventsController
has 25 methods (exceeds 20 allowed). Consider refactoring. Open
class EventsController < ApplicationController
include EventImageUploadHelper
load_and_authorize_resource
skip_authorize_resource only: %i(badges download_agreement_letters send_participants_email)
before_action :set_event, only: %i(show edit update destroy participants
File events_controller.rb
has 255 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'pdf_generation/badges_pdf'
require 'pdf_generation/applications_pdf'
require 'pdf_generation/participants_pdf'
require 'rubygems'
require 'zip'
Method download_agreement_letters
has 48 lines of code (exceeds 25 allowed). Consider refactoring. Open
def download_agreement_letters
@event = Event.find(params[:id])
unless params.key?(:selected_participants)
redirect_to(event_participants_url(@event), notice: I18n.t('events.agreement_letters_download.notices.no_participants_selected')) && return
end
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if empty
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier unless
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
unless filters.empty? # skip filtering if no filters have been set
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier unless
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
unless params.key?(:selected_participants)
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if number_of_files == 0
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
%i
-literals should be delimited by [
and ]
. Open
skip_authorize_resource only: %i(badges download_agreement_letters send_participants_email)
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if params[:create].present? || params[:update_and_publish].present?
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if number_of_files != 0
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier unless
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
unless params.key?(:file)
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if @event.hidden && !can?(:view_hidden, Event)
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
%i
-literals should be delimited by [
and ]
. Open
before_action :set_event, only: %i(show edit update destroy participants
participants_pdf print_applications print_applications_eating_habits badges print_badges)
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Use %i
or %I
for an array of symbols. Open
date_ranges_attributes: [:start_date, :end_date, :id]
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Favor modifier unless
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
unless File.exist?(file_full_path)
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?