Sign upLogin

internetvideogamelibrary/internetvideogamelibrary-website

View on GitHub
Star

Showing 1,417 of 1,417 total issues

Potentially dangerous key allowed for mass assignment
Open

    params.require(:user).permit(:role)
Severity: Minor
Found in app/controllers/users_controller.rb by brakeman

Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash.

Example:

User.new(params[:user])

Unfortunately, if there is a user field called admin which controls administrator access, now any user can make themselves an administrator.

attr_accessible and attr_protected can be used to limit mass assignment. However, Brakeman will warn unless attr_accessible is used, or mass assignment is completely disabled.

There are two different mass assignment warnings which can arise. The first is when mass assignment actually occurs, such as the example above. This results in a warning like

Unprotected mass assignment near line 61: User.new(params[:user])

The other warning is raised whenever a model is found which does not use attr_accessible. This produces generic warnings like

Mass assignment is not restricted using attr_accessible

with a list of affected models.

In Rails 3.1 and newer, mass assignment can easily be disabled:

config.active_record.whitelist_attributes = true

Unfortunately, it can also easily be bypassed:

User.new(params[:user], :without_protection => true)

Brakeman will warn on uses of without_protection.

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

              'xiv,14',
Severity: Minor
Found in app/chewy/default_index.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

              'pokemon,pocket monsters,ポケットモンスター'
Severity: Minor
Found in app/chewy/default_index.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

    redirect_to '/', alert: 'Game not found'
Severity: Minor
Found in app/controllers/editions_controller.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

    @search = GamesSearch.new(query: params[:q], platform: params[:platform], type: 'edition', not_id: params[:id])
Severity: Minor
Found in app/controllers/games_controller.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Space missing after comma.
Open

    results = @search.all_except(new_editions,new_expansions).order(created_at: :desc).limit(6)
Severity: Minor
Found in app/controllers/index_controller.rb by rubocop

Checks for comma (,) not followed by some kind of space.

Example:

# bad
[1,2]
{ foo:bar,}

# good
[1, 2]
{ foo:bar, }

Space after keyword if is missing.
Open

      if(g.expansion_id.present?)
Severity: Minor
Found in app/controllers/index_controller.rb by rubocop

Checks the spacing around the keywords.

Example:

# bad
something 'test'do|x|
end

while(something)
end

something = 123if test

# good
something 'test' do |x|
end

while (something)
end

something = 123 if test

Missing magic comment # frozen_string_literal: true.
Open

class VisitorsController < ApplicationController
Severity: Minor
Found in app/controllers/visitors_controller.rb by rubocop

This cop is designed to help you transition from mutable string literals to frozen string literals. It will add the comment # frozen_string_literal: true to the top of files to enable frozen string literals. Frozen string literals may be default in future Ruby. The comment will be added below a shebang and encoding comment. The frozen string literal comment is only valid in Ruby 2.3+.

Note that the cop will ignore files where the comment exists but is set to false instead of true.

Example: EnforcedStyle: always (default)

# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<

Example: EnforcedStyle: never

# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true

module Baz
  # ...
end

# good
module Baz
  # ...
end

Space inside { missing.
Open

    .filter(not: {terms: {edition_id: edition_ids}})
Severity: Minor
Found in app/searches/games_search.rb by rubocop

Checks that braces used for hash literals have or don't have surrounding space depending on configuration.

Example: EnforcedStyle: space (default)

# The `space` style enforces that hash literals have
# surrounding space.

# bad
h = {a: 1, b: 2}

# good
h = { a: 1, b: 2 }

Example: EnforcedStyle: no_space

# The `no_space` style enforces that hash literals have
# no surrounding space.

# bad
h = { a: 1, b: 2 }

# good
h = {a: 1, b: 2}

Example: EnforcedStyle: compact

# The `compact` style normally requires a space inside
# hash braces, with the exception that successive left
# braces or right braces are collapsed together in nested hashes.

# bad
h = { a: { b: 2 } }
foo = { { a: 1 } => { b: { c: 2 } } }

# good
h = { a: { b: 2 }}
foo = {{ a: 1 } => { b: { c: 2 }}}

Example: EnforcedStyleForEmptyBraces: no_space (default)

# The `no_space` EnforcedStyleForEmptyBraces style enforces that
# empty hash braces do not contain spaces.

# bad
foo = { }
bar = {    }

# good
foo = {}
bar = {}

Example: EnforcedStyleForEmptyBraces: space

# The `space` EnforcedStyleForEmptyBraces style enforces that
# empty hash braces contain space.

# bad
foo = {}

# good
foo = { }
foo = {  }
foo = {     }

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

                        operator: 'AND'
Severity: Minor
Found in app/searches/games_search.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

APP_ROOT = File.expand_path('..', __dir__)
Severity: Minor
Found in bin/setup by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

  puts '== Installing dependencies =='
Severity: Minor
Found in bin/setup by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Missing magic comment # frozen_string_literal: true.
Open

require 'set'
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

This cop is designed to help you transition from mutable string literals to frozen string literals. It will add the comment # frozen_string_literal: true to the top of files to enable frozen string literals. Frozen string literals may be default in future Ruby. The comment will be added below a shebang and encoding comment. The frozen string literal comment is only valid in Ruby 2.3+.

Note that the cop will ignore files where the comment exists but is set to false instead of true.

Example: EnforcedStyle: always (default)

# The `always` style will always add the frozen string literal comment
# to a file, regardless of the Ruby version or if `freeze` or `<

Example: EnforcedStyle: never

# The `never` will enforce that the frozen string literal comment does
# not exist in a file.
# bad
# frozen_string_literal: true

module Baz
  # ...
end

# good
module Baz
  # ...
end

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'altermix.ua',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'amt-k.ru',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'cartechnic.ru',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'edakgfvwql.ru',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'free-share-buttons.com',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'freewhatsappload.com',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Open

      'hundejo.com',
Severity: Minor
Found in lib/referral_spam_control.rb by rubocop

Checks if uses of quotes match the configured preference.

Example: EnforcedStyle: single_quotes (default)

# bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

Example: EnforcedStyle: double_quotes

# bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Severity
Category
Status
Source
Language