Showing 53 of 53 total issues
Similar blocks of code found in 5 locations. Consider refactoring. Open
$.ajax({
url: $(this).attr('action'),
type: 'PUT',
data: $(this).serialize()
});
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 50.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 5 locations. Consider refactoring. Open
$.ajax({
url: $(this).attr('action'),
type: 'PUT',
data: $(this).serialize()
});
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 50.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 5 locations. Consider refactoring. Open
$.ajax({
url: $(this).attr('action'),
type: 'PUT',
data: $(this).serialize()
});
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 50.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
LoginButton.click(function() {
BackButton.show();
LoginButton.hide();
IdentityPanel.show();
return false;
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 49.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
BackButton.click(function() {
BackButton.hide();
LoginButton.show();
IdentityPanel.hide();
return false;
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 49.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Method create
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def create
# new answer
# debugger
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method export
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def export(format)
if problems.empty?
return nil
else
if format == 'ruql'
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Rails 3.2.16 has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails version 3.2.17 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to 3.2.18 Open
Coursequestionbank::Application.routes.draw do
- Read upRead up
- Exclude checks
Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.
The obvious form of this is the use of eval
with user input.
However, Brakeman also reports on dangerous uses of send
, constantize
, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.
Rails 3.2.16 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 3.2.22.4 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 contains a SQL injection vulnerability (CVE-2014-3483). Upgrade to 3.2.19 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails version 3.2.22.1 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 contains a SQL injection vulnerability (CVE-2014-3482). Upgrade to 3.2.19 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Unescaped model attribute rendered inline Open
render :text => ruql_code
- Read upRead up
- Exclude checks
Rails 3.2.16 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails version 3.2.22 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Potentially dangerous attribute available for mass assignment Open
class Studentanswer < ActiveRecord::Base
- Read upRead up
- Exclude checks
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.
Example:
User.new(params[:user])
Unfortunately, if there is a user field called admin
which controls administrator access, now any user can make themselves an administrator.
attr_accessible
and attr_protected
can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible
is used, or mass assignment is completely disabled.
There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like
Unprotected mass assignment near line 61: User.new(params[:user])
The other warning is raised whenever a model is found which does not use attr_accessible
. This produces generic warnings like
Mass assignment is not restricted using attr_accessible
with a list of affected models.
In Rails 3.1 and newer, mass assignment can easily be disabled:
config.active_record.whitelist_attributes = true
Unfortunately, it can also easily be bypassed:
User.new(params[:user], :without_protection => true)
Brakeman will warn on uses of without_protection
.
Rails 3.2.16 has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails version 3.2.17 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Unused block argument - task
. If it's necessary, use _
or _task
as an argument name to indicate that it won't be used. Open
task :add_instructor, [:username] => :environment do |task,args|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Missing radix parameter. Open
wrong_cnt = parseInt($(this).find(".allAttemptsWrongAmount").text().trim());
- Read upRead up
- Exclude checks
Require Radix Parameter (radix)
When using the parseInt()
function it is common to omit the second argument, the radix, and let the function try to determine from the first argument what type of number it is. By default, parseInt()
will autodetect decimal and hexadecimal (via 0x
prefix). Prior to ECMAScript 5, parseInt()
also autodetected octal literals, which caused problems because many developers assumed a leading 0
would be ignored.
This confusion led to the suggestion that you always use the radix parameter to parseInt()
to eliminate unintended consequences. So instead of doing this:
var num = parseInt("071"); // 57
Do this:
var num = parseInt("071", 10); // 71
ECMAScript 5 changed the behavior of parseInt()
so that it no longer autodetects octal literals and instead treats them as decimal literals. However, the differences between hexadecimal and decimal interpretation of the first parameter causes many developers to continue using the radix parameter to ensure the string is interpreted in the intended way.
On the other hand, if the code is targeting only ES5-compliant environments passing the radix 10
may be redundant. In such a case you might want to disallow using such a radix.
Rule Details
This rule is aimed at preventing the unintended conversion of a string to a number of a different base than intended or at preventing the redundant 10
radix if targeting modern environments only.
Options
There are two options for this rule:
-
"always"
enforces providing a radix (default) -
"as-needed"
disallows providing the10
radix
always
Examples of incorrect code for the default "always"
option:
/*eslint radix: "error"*/
var num = parseInt("071");
var num = parseInt(someValue);
var num = parseInt("071", "abc");
var num = parseInt();
Examples of correct code for the default "always"
option:
/*eslint radix: "error"*/
var num = parseInt("071", 10);
var num = parseInt("071", 8);
var num = parseFloat(someValue);
as-needed
Examples of incorrect code for the "as-needed"
option:
/*eslint radix: ["error", "as-needed"]*/
var num = parseInt("071", 10);
var num = parseInt("071", "abc");
var num = parseInt();
Examples of correct code for the "as-needed"
option:
/*eslint radix: ["error", "as-needed"]*/
var num = parseInt("071");
var num = parseInt("071", 8);
var num = parseFloat(someValue);
When Not To Use It
If you don't want to enforce either presence or omission of the 10
radix value you can turn this rule off.
Further Reading
Missing radix parameter. Open
first_success = parseInt($(this).find(".first_success_rate").text().trim());
- Read upRead up
- Exclude checks
Require Radix Parameter (radix)
When using the parseInt()
function it is common to omit the second argument, the radix, and let the function try to determine from the first argument what type of number it is. By default, parseInt()
will autodetect decimal and hexadecimal (via 0x
prefix). Prior to ECMAScript 5, parseInt()
also autodetected octal literals, which caused problems because many developers assumed a leading 0
would be ignored.
This confusion led to the suggestion that you always use the radix parameter to parseInt()
to eliminate unintended consequences. So instead of doing this:
var num = parseInt("071"); // 57
Do this:
var num = parseInt("071", 10); // 71
ECMAScript 5 changed the behavior of parseInt()
so that it no longer autodetects octal literals and instead treats them as decimal literals. However, the differences between hexadecimal and decimal interpretation of the first parameter causes many developers to continue using the radix parameter to ensure the string is interpreted in the intended way.
On the other hand, if the code is targeting only ES5-compliant environments passing the radix 10
may be redundant. In such a case you might want to disallow using such a radix.
Rule Details
This rule is aimed at preventing the unintended conversion of a string to a number of a different base than intended or at preventing the redundant 10
radix if targeting modern environments only.
Options
There are two options for this rule:
-
"always"
enforces providing a radix (default) -
"as-needed"
disallows providing the10
radix
always
Examples of incorrect code for the default "always"
option:
/*eslint radix: "error"*/
var num = parseInt("071");
var num = parseInt(someValue);
var num = parseInt("071", "abc");
var num = parseInt();
Examples of correct code for the default "always"
option:
/*eslint radix: "error"*/
var num = parseInt("071", 10);
var num = parseInt("071", 8);
var num = parseFloat(someValue);
as-needed
Examples of incorrect code for the "as-needed"
option:
/*eslint radix: ["error", "as-needed"]*/
var num = parseInt("071", 10);
var num = parseInt("071", "abc");
var num = parseInt();
Examples of correct code for the "as-needed"
option:
/*eslint radix: ["error", "as-needed"]*/
var num = parseInt("071");
var num = parseInt("071", 8);
var num = parseFloat(someValue);
When Not To Use It
If you don't want to enforce either presence or omission of the 10
radix value you can turn this rule off.