Showing 64 of 64 total issues
Rails 3.2.16 contains a SQL injection vulnerability (CVE-2014-3483). Upgrade to 3.2.19 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails version 3.2.22 Open
rails (3.2.16)
- Read upRead up
- Exclude checks
Rails 3.2.16 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to 3.2.18 Open
Coursequestionbank::Application.routes.draw do
- Read upRead up
- Exclude checks
Brakeman reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors.
The obvious form of this is the use of eval
with user input.
However, Brakeman also reports on dangerous uses of send
, constantize
, and other methods which allow creation of arbitrary objects or calling of arbitrary methods.
Method html5
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def html5
if rendered_text
return rendered_text
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Line exceeds maximum allowed length Open
# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
- Exclude checks
Avoid rescuing the Exception
class. Perhaps you meant to rescue StandardError
? Open
rescue Exception => e
flash[:notice] = "There is an error in the file: " + e.message
flash.keep
redirect_to upload_path
return
- Read upRead up
- Exclude checks
This cop checks for rescue blocks targeting the Exception class.
Example:
# bad
begin
do_something
rescue Exception
handle_exception
end
Example:
# good
begin
do_something
rescue ArgumentError
handle_exception
end
Line exceeds maximum allowed length Open
# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
- Exclude checks
Unexpected alert. Open
alert("Source code copied to clipboard!");
- Read upRead up
- Exclude checks
Disallow Use of Alert (no-alert)
JavaScript's alert
, confirm
, and prompt
functions are widely considered to be obtrusive as UI elements and should be replaced by a more appropriate custom UI implementation. Furthermore, alert
is often used while debugging code, which should be removed before deployment to production.
alert("here!");
Rule Details
This rule is aimed at catching debugging code that should be removed and popup UI elements that should be replaced with less obtrusive, custom UIs. As such, it will warn when it encounters alert
, prompt
, and confirm
function calls which are not shadowed.
Examples of incorrect code for this rule:
/*eslint no-alert: "error"*/
alert("here!");
confirm("Are you sure?");
prompt("What's your name?", "John Doe");
Examples of correct code for this rule:
/*eslint no-alert: "error"*/
customAlert("Something happened!");
customConfirm("Are you sure?");
customPrompt("Who are you?");
function foo() {
var alert = myCustomLib.customAlert;
alert();
}
Related Rules
- [no-console](no-console.md)
- [no-debugger](no-debugger.md) Source: http://eslint.org/docs/rules/
Line exceeds maximum allowed length Open
# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
- Exclude checks
Expected '===' and instead saw '=='. Open
if (category == 'none')
- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators ===
and !==
instead of their regular counterparts ==
and !=
.
The reason for this is that ==
and !=
do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true
:
[] == false
[] == ![]
3 == "03"
If one of those occurs in an innocent-looking statement such as a == b
the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }
The --fix
option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof
expression, or if both operands are literals with the same type.
Options
always
The "always"
option (default) enforces the use of ===
and !==
in every situation (except when you opt-in to more specific handling of null
[see below]).
Examples of incorrect code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
Examples of correct code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null
This rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null"
: Customize how this rule treatsnull
literals. Possible values:-
always
(default) - Always use === or !==. -
never
- Never use === or !== withnull
. -
ignore
- Do not apply this rule tonull
.
-
smart
The "smart"
option enforces the use of ===
and !==
except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof
- Comparing against
null
Examples of incorrect code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefined
Examples of correct code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
allow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null
literal.
["error", "always", {"null": "ignore"}]
When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Line exceeds maximum allowed length Open
# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
- Exclude checks
Use ‘===’ to compare with ‘null’. Open
if (data.error == null)
- Read upRead up
- Exclude checks
Disallow Null Comparisons (no-eq-null)
Comparing to null
without a type-checking operator (==
or !=
), can have unintended results as the comparison will evaluate to true when comparing to not just a null
, but also an undefined
value.
if (foo == null) {
bar();
}
Rule Details
The no-eq-null
rule aims reduce potential bug and unwanted behavior by ensuring that comparisons to null
only match null
, and not also undefined
. As such it will flag comparisons to null when using ==
and !=
.
Examples of incorrect code for this rule:
/*eslint no-eq-null: "error"*/
if (foo == null) {
bar();
}
while (qux != null) {
baz();
}
Examples of correct code for this rule:
/*eslint no-eq-null: "error"*/
if (foo === null) {
bar();
}
while (qux !== null) {
baz();
}
Source: http://eslint.org/docs/rules/
Expected '===' and instead saw '=='. Open
var obsolete = field.attr('value') == '1';
- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators ===
and !==
instead of their regular counterparts ==
and !=
.
The reason for this is that ==
and !=
do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true
:
[] == false
[] == ![]
3 == "03"
If one of those occurs in an innocent-looking statement such as a == b
the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }
The --fix
option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof
expression, or if both operands are literals with the same type.
Options
always
The "always"
option (default) enforces the use of ===
and !==
in every situation (except when you opt-in to more specific handling of null
[see below]).
Examples of incorrect code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
Examples of correct code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null
This rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null"
: Customize how this rule treatsnull
literals. Possible values:-
always
(default) - Always use === or !==. -
never
- Never use === or !== withnull
. -
ignore
- Do not apply this rule tonull
.
-
smart
The "smart"
option enforces the use of ===
and !==
except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof
- Comparing against
null
Examples of incorrect code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefined
Examples of correct code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
allow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null
literal.
["error", "always", {"null": "ignore"}]
When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Unused block argument - exception
. You can omit the argument if you don't care about it. Open
rescue_from CanCan::AccessDenied do |exception|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end
Avoid rescuing the Exception
class. Perhaps you meant to rescue StandardError
? Open
rescue Exception => e
if request.xhr?
render :json => {'error' => e.message}
else
flash[:error] = "Error in problem source: #{e.message}. A Question's unique ID may already exist in database."
- Read upRead up
- Exclude checks
This cop checks for rescue blocks targeting the Exception class.
Example:
# bad
begin
do_something
rescue Exception
handle_exception
end
Example:
# good
begin
do_something
rescue ArgumentError
handle_exception
end
unexpected token tASSOC
(Using Ruby 2.1 parser; configure using TargetRubyVersion
parameter, under AllCops
) Open
:explanation => '<tt>@first</tt> and <tt>@last</tt> are instance
- Exclude checks
Expected '===' and instead saw '=='. Open
var newValue = button.attr('value') == 'Public' ? 'Private' : 'Public';
- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators ===
and !==
instead of their regular counterparts ==
and !=
.
The reason for this is that ==
and !=
do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true
:
[] == false
[] == ![]
3 == "03"
If one of those occurs in an innocent-looking statement such as a == b
the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }
The --fix
option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof
expression, or if both operands are literals with the same type.
Options
always
The "always"
option (default) enforces the use of ===
and !==
in every situation (except when you opt-in to more specific handling of null
[see below]).
Examples of incorrect code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
Examples of correct code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null
This rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null"
: Customize how this rule treatsnull
literals. Possible values:-
always
(default) - Always use === or !==. -
never
- Never use === or !== withnull
. -
ignore
- Do not apply this rule tonull
.
-
smart
The "smart"
option enforces the use of ===
and !==
except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof
- Comparing against
null
Examples of incorrect code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefined
Examples of correct code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
allow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null
literal.
["error", "always", {"null": "ignore"}]
When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Put one space between the method name and the first argument. Open
integer :collection_ids, :multiple => true do
- Read upRead up
- Exclude checks
Checks that exactly one space is used between a method name and the first argument for method calls without parentheses.
Alternatively, extra spaces can be added to align the argument with something on a preceding or following line, if the AllowForAlignment config parameter is true.
Example:
# bad
something x
something y, z
something'hello'
# good
something x
something y, z
something 'hello'
Expected '!==' and instead saw '!='. Open
if (category != 'none')
- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators ===
and !==
instead of their regular counterparts ==
and !=
.
The reason for this is that ==
and !=
do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true
:
[] == false
[] == ![]
3 == "03"
If one of those occurs in an innocent-looking statement such as a == b
the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }
The --fix
option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof
expression, or if both operands are literals with the same type.
Options
always
The "always"
option (default) enforces the use of ===
and !==
in every situation (except when you opt-in to more specific handling of null
[see below]).
Examples of incorrect code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
Examples of correct code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null
This rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null"
: Customize how this rule treatsnull
literals. Possible values:-
always
(default) - Always use === or !==. -
never
- Never use === or !== withnull
. -
ignore
- Do not apply this rule tonull
.
-
smart
The "smart"
option enforces the use of ===
and !==
except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof
- Comparing against
null
Examples of incorrect code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefined
Examples of correct code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
allow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null
literal.
["error", "always", {"null": "ignore"}]
When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Unused block argument - value
. If it's necessary, use _
or _value
as an argument name to indicate that it won't be used. Open
params[:collections].each do |key, value|
- Read upRead up
- Exclude checks
This cop checks for unused block arguments.
Example:
# bad
do_something do |used, unused|
puts used
end
do_something do |bar|
puts :foo
end
define_method(:foo) do |bar|
puts :baz
end
Example:
#good
do_something do |used, _unused|
puts used
end
do_something do
puts :foo
end
define_method(:foo) do |_bar|
puts :baz
end