Sign upLogin

kete/kete

View on GitHub
Star
app/models/extended_field.rb

Summary

Maintainability
A
2 hrs
Test Coverage

Insufficient validation for 'xml_element_name' using /^[^\s]*$/. Use \A and \z as anchors
Open

  validates_format_of :xml_element_name, :xsi_type, with: /^[^\s]*$/, message: lambda { I18n.t('extended_field_model.no_spaces') }
Severity: Critical
Found in app/models/extended_field.rb by brakeman

Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning. Using ^ and $ is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.

See the Ruby Security Guide for details.

Insufficient validation for 'label' using /^[^\'\":<>&,\/\\?.-]*$/. Use \A and \z as anchors
Open

  validates_format_of :label, with: /^[^\'\":<>\&,\/\\\?\.\-]*$/, message: lambda { I18n.t('extended_field_model.invalid_chars', invalid_chars: ": \', \\, /, &, \", ?, <, >, -, and .") }
Severity: Critical
Found in app/models/extended_field.rb by brakeman

Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning. Using ^ and $ is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.

See the Ruby Security Guide for details.

Mass assignment is not restricted using attr_accessible
Open

class ExtendedField < ActiveRecord::Base
Severity: Critical
Found in app/models/extended_field.rb by brakeman

This warning comes up if a model does not limit what attributes can be set through mass assignment.

In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.

Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.

Note that disabling mass assignment globally will suppress these warnings.

Class has too many lines. [131/100]
Open

class ExtendedField < ActiveRecord::Base
  include ExtendedFieldsHelpers

  # Choices/enumerations
  has_many :choice_mappings, as: :field
Severity: Minor
Found in app/models/extended_field.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class ExtendedField has 25 methods (exceeds 20 allowed). Consider refactoring.
Open

class ExtendedField < ActiveRecord::Base
  include ExtendedFieldsHelpers

  # Choices/enumerations
  has_many :choice_mappings, as: :field
Severity: Minor
Found in app/models/extended_field.rb - About 2 hrs to fix

    Method has too many lines. [17/10]
    Open

      def self.clauses_for_has_label_that_matches(params_key)
    params_key_words = params_key.to_s.tr('_', ' ').split(' ')

    match_keyword = 'LIKE'
    label_sql = 'LOWER(label)'
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    TODO found
    Open

      # TODO: might want to reconsider using subselects here
    Severity: Minor
    Found in app/models/extended_field.rb by fixme

    TODO found
    Open

          # TODO: this is an error, say something meaningful
    Severity: Minor
    Found in app/models/extended_field.rb by fixme

    TODO found
    Open

      # TODO: add validation that prevents adding xsi_type without xml_element_name
    Severity: Minor
    Found in app/models/extended_field.rb by fixme

    Use the -> { ... } lambda literal syntax for single line lambdas.
    Open

      validates_exclusion_of :label, in: invalid_label_names, message: lambda { I18n.t('extended_field_model.already_used', invalid_label_names: invalid_label_names.join(', ')) }
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

    Example: EnforcedStyle: linecountdependent (default)

    # bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: lambda

    # bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: literal

    # bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

    Use safe navigation (&.) instead of checking if an object exists before calling the method.
    Open

        errors.add('label', I18n.t('extended_field_model.label_cant_have')) if label && label.strip =~ /^(form|input|script)$/i
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

    Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

    Example:

    # bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo

foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?

foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }

# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }

foo.nil? || foo.bar
!foo || foo.bar

# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo

    Rename is_required? to required?.
    Open

      def is_required?(controller, topic_type_id = nil)
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop makes sure that predicates are named properly.

    Example:

    # bad
def is_even?(value)
end

# good
def even?(value)
end

# bad
def has_value?
end

# good
def value?
end

    Use attr_writer to define trivial writer methods.
    Open

      def circa=(value)
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop looks for trivial reader/writer methods, that could have been created with the attr_* family of functions automatically.

    Example:

    # bad
def foo
  @foo
end

def bar=(val)
  @bar = val
end

def self.baz
  @baz
end

# good
attr_reader :foo
attr_writer :bar

class << self
  attr_reader :baz
end

    Rename is_a_choice? to a_choice?.
    Open

      def is_a_choice?
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop makes sure that predicates are named properly.

    Example:

    # bad
def is_even?(value)
end

# good
def even?(value)
end

# bad
def has_value?
end

# good
def value?
end

    Use the -> { ... } lambda literal syntax for single line lambdas.
    Open

      validates_format_of :label, with: /^[^\'\":<>\&,\/\\\?\.\-]*$/, message: lambda { I18n.t('extended_field_model.invalid_chars', invalid_chars: ": \', \\, /, &, \", ?, <, >, -, and .") }
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

    Example: EnforcedStyle: linecountdependent (default)

    # bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: lambda

    # bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: literal

    # bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

    Use safe navigation (&.) instead of checking if an object exists before calling the method.
    Open

        circa && circa.param_to_obj_equiv
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

    Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

    Example:

    # bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo

foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?

foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }

# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }

foo.nil? || foo.bar
!foo || foo.bar

# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo

    Use attr_writer to define trivial writer methods.
    Open

      def base_url=(value)
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop looks for trivial reader/writer methods, that could have been created with the attr_* family of functions automatically.

    Example:

    # bad
def foo
  @foo
end

def bar=(val)
  @bar = val
end

def self.baz
  @baz
end

# good
attr_reader :foo
attr_writer :bar

class << self
  attr_reader :baz
end

    Use the -> { ... } lambda literal syntax for single line lambdas.
    Open

      validates_format_of :xml_element_name, :xsi_type, with: /^[^\s]*$/, message: lambda { I18n.t('extended_field_model.no_spaces') }
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

    Example: EnforcedStyle: linecountdependent (default)

    # bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: lambda

    # bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

    Example: EnforcedStyle: literal

    # bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

    Use %r around regular expression.
    Open

      validates_format_of :label, with: /^[^\'\":<>\&,\/\\\?\.\-]*$/, message: lambda { I18n.t('extended_field_model.invalid_chars', invalid_chars: ": \', \\, /, &, \", ?, <, >, -, and .") }
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop enforces using // or %r around regular expressions.

    Example: EnforcedStyle: slashes (default)

    # bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = %r{
  foo
  (bar)
  (baz)
}x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = /
  foo
  (bar)
  (baz)
/x

    Example: EnforcedStyle: percent_r

    # bad
snake_case = /^[\dA-Z_]+$/

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = %r{^[\dA-Z_]+$}

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

    Example: EnforcedStyle: mixed

    # bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

    Example: AllowInnerSlashes: false (default)

    # If `false`, the cop will always recommend using `%r` if one or more
# slashes are found in the regexp string.

# bad
x =~ /home\//

# good
x =~ %r{home/}

    Example: AllowInnerSlashes: true

    # good
x =~ /home\//

    Use attr_writer to define trivial writer methods.
    Open

      def topic_type=(value)
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    This cop looks for trivial reader/writer methods, that could have been created with the attr_* family of functions automatically.

    Example:

    # bad
def foo
  @foo
end

def bar=(val)
  @bar = val
end

def self.baz
  @baz
end

# good
attr_reader :foo
attr_writer :bar

class << self
  attr_reader :baz
end

    Redundant else-clause.
    Open

        else
    Severity: Minor
    Found in app/models/extended_field.rb by rubocop

    Checks for empty else-clauses, possibly including comments and/or an explicit nil depending on the EnforcedStyle.

    Example: EnforcedStyle: empty

    # warn only on empty else

# bad
if condition
  statement
else
end

# good
if condition
  statement
else
  nil
end

# good
if condition
  statement
else
  statement
end

# good
if condition
  statement
end

    Example: EnforcedStyle: nil

    # warn on else with nil in it

# bad
if condition
  statement
else
  nil
end

# good
if condition
  statement
else
end

# good
if condition
  statement
else
  statement
end

# good
if condition
  statement
end

    Example: EnforcedStyle: both (default)

    # warn on empty else and else with nil in it

# bad
if condition
  statement
else
  nil
end

# bad
if condition
  statement
else
end

# good
if condition
  statement
else
  statement
end

# good
if condition
  statement
end

    There are no issues that match your filters.

    Category
    Status