Sign upLogin

kete/kete

View on GitHub
Star
app/models/import.rb

Summary

Maintainability
A
0 mins
Test Coverage

Insufficient validation for 'directory' using /^[^ \'\"<>&,\/\\?]*$/. Use \A and \z as anchors
Open

  validates_format_of :directory, with: /^[^ \'\"<>\&,\/\\\?]*$/, message: lambda { I18n.t('import_model.invalid_chars', invalid_chars: "spaces and  \', \\, /, &, \", ?, <, and >") }
Severity: Critical
Found in app/models/import.rb by brakeman

Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning. Using ^ and $ is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.

See the Ruby Security Guide for details.

Mass assignment is not restricted using attr_accessible
Open

class Import < ActiveRecord::Base
Severity: Critical
Found in app/models/import.rb by brakeman

This warning comes up if a model does not limit what attributes can be set through mass assignment.

In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.

Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.

Note that disabling mass assignment globally will suppress these warnings.

HACK found
Open

  # HACK: -- directory appears to have become a reserved word in some context
Severity: Minor
Found in app/models/import.rb by fixme

Use the -> { ... } lambda literal syntax for single line lambdas.
Open

  validates_numericality_of :interval_between_records, only_integer: true, message: lambda { I18n.t('import_model.must_be_seconds') }
Severity: Minor
Found in app/models/import.rb by rubocop

This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

Example: EnforcedStyle: linecountdependent (default)

# bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: lambda

# bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: literal

# bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

Use %r around regular expression.
Open

  validates_format_of :directory, with: /^[^ \'\"<>\&,\/\\\?]*$/, message: lambda { I18n.t('import_model.invalid_chars', invalid_chars: "spaces and  \', \\, /, &, \", ?, <, and >") }
Severity: Minor
Found in app/models/import.rb by rubocop

This cop enforces using // or %r around regular expressions.

Example: EnforcedStyle: slashes (default)

# bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = %r{
  foo
  (bar)
  (baz)
}x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = /
  foo
  (bar)
  (baz)
/x

Example: EnforcedStyle: percent_r

# bad
snake_case = /^[\dA-Z_]+$/

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = %r{^[\dA-Z_]+$}

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

Example: EnforcedStyle: mixed

# bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

Example: AllowInnerSlashes: false (default)

# If `false`, the cop will always recommend using `%r` if one or more
# slashes are found in the regexp string.

# bad
x =~ /home\//

# good
x =~ %r{home/}

Example: AllowInnerSlashes: true

# good
x =~ /home\//

Use the -> { ... } lambda literal syntax for single line lambdas.
Open

  validates_format_of :directory, with: /^[^ \'\"<>\&,\/\\\?]*$/, message: lambda { I18n.t('import_model.invalid_chars', invalid_chars: "spaces and  \', \\, /, &, \", ?, <, and >") }
Severity: Minor
Found in app/models/import.rb by rubocop

This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

Example: EnforcedStyle: linecountdependent (default)

# bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: lambda

# bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: literal

# bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

There are no issues that match your filters.

Category
Status