Sign upLogin

kete/kete

View on GitHub
Star
app/models/oai_pmh_repository_set.rb

Summary

Maintainability
A
0 mins
Test Coverage

Mass assignment is not restricted using attr_accessible
Open

class OaiPmhRepositorySet < ActiveRecord::Base
Severity: Critical
Found in app/models/oai_pmh_repository_set.rb by brakeman

This warning comes up if a model does not limit what attributes can be set through mass assignment.

In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.

Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.

Note that disabling mass assignment globally will suppress these warnings.

Insufficient validation for 'name' using /^[^\'\":<>&,\/\\?]*$/. Use \A and \z as anchors
Open

                      with: /^[^\'\":<>\&,\/\\\?]*$/,
Severity: Critical
Found in app/models/oai_pmh_repository_set.rb by brakeman

Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning. Using ^ and $ is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.

See the Ruby Security Guide for details.

Method has too many lines. [11/10]
Open

  def options_for_generated_sets
    @options_for_generated_sets = []
    return @options_for_generated_sets unless dynamic?

    # because this oai_pmh_repository_set is dynamic
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method has too many lines. [11/10]
Open

  def matching_specs(item)
    values = []
    # dynamic value should return an array of names
    # static should return a string
    if dynamic?
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Useless assignment to variable - sets.
Open

      sets += generate_dynamic_sets
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for every useless assignment to local variable in every scope. The basic idea for this cop was from the warning of ruby -cw:

assigned but unused variable - foo

Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.

Example:

# bad

def some_method
  some_var = 1
  do_something
end

Example:

# good

def some_method
  some_var = 1
  do_something(some_var)
end

The use of eval is a serious security risk.
Open

      values = eval(value)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

The use of eval is a serious security risk.
Open

    eval(value).each do |string|
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

Do not use unless with else. Rewrite these with the positive case first.
Open

    unless dynamic?
      sets << create_set
    else
      sets += generate_dynamic_sets
    end
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop looks for unless expressions with else clauses.

Example:

# bad
unless foo_bar.nil?
  # do something...
else
  # do a different thing...
end

# good
if foo_bar.present?
  # do something...
else
  # do a different thing...
end

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    if ['true', 'false'].include?(for_value)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

Checks for if and unless statements that would fit on one line if written as a modifier if/unless. The maximum line length is configured in the Metrics/LineLength cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

Unused method argument - item. If it's necessary, use _ or _item as an argument name to indicate that it won't be used.
Open

  def test_match_with(item, for_value)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for unused method arguments.

Example:

# bad

def some_method(used, unused, _unused_but_allowed)
  puts used
end

Example:

# good

def some_method(used, _unused, _unused_but_allowed)
  puts used
end

Useless assignment to variable - set.
Open

    set = GeneratedSet.new(this_set)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for every useless assignment to local variable in every scope. The basic idea for this cop was from the warning of ruby -cw:

assigned but unused variable - foo

Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.

Example:

# bad

def some_method
  some_var = 1
  do_something
end

Example:

# good

def some_method
  some_var = 1
  do_something(some_var)
end

Use %r around regular expression.
Open

                      with: /^[^\'\":<>\&,\/\\\?]*$/,
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop enforces using // or %r around regular expressions.

Example: EnforcedStyle: slashes (default)

# bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = %r{
  foo
  (bar)
  (baz)
}x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = /
  foo
  (bar)
  (baz)
/x

Example: EnforcedStyle: percent_r

# bad
snake_case = /^[\dA-Z_]+$/

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = %r{^[\dA-Z_]+$}

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

Example: EnforcedStyle: mixed

# bad
snake_case = %r{^[\dA-Z_]+$}

# bad
regex = /
  foo
  (bar)
  (baz)
/x

# good
snake_case = /^[\dA-Z_]+$/

# good
regex = %r{
  foo
  (bar)
  (baz)
}x

Example: AllowInnerSlashes: false (default)

# If `false`, the cop will always recommend using `%r` if one or more
# slashes are found in the regexp string.

# bad
x =~ /home\//

# good
x =~ %r{home/}

Example: AllowInnerSlashes: true

# good
x =~ /home\//

The use of eval is a serious security risk.
Open

    for_value == eval(code)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

Use the -> { ... } lambda literal syntax for single line lambdas.
Open

                      message: lambda { I18n.t('oai_pmh_repository_set_model.invalid_chars', invalid_chars: "\', \\, /, &, \", ?, <, and >") }
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.

Example: EnforcedStyle: linecountdependent (default)

# bad
f = lambda { |x| x }
f = ->(x) do
      x
    end

# good
f = ->(x) { x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: lambda

# bad
f = ->(x) { x }
f = ->(x) do
      x
    end

# good
f = lambda { |x| x }
f = lambda do |x|
      x
    end

Example: EnforcedStyle: literal

# bad
f = lambda { |x| x }
f = lambda do |x|
      x
    end

# good
f = ->(x) { x }
f = ->(x) do
      x
    end

Do not use unless with else. Rewrite these with the positive case first.
Open

    unless dynamic?
      add_this_set_to(xml_builder)
    else
      dynamic_output_to(xml_builder)
    end
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop looks for unless expressions with else clauses.

Example:

# bad
unless foo_bar.nil?
  # do something...
else
  # do a different thing...
end

# good
if foo_bar.present?
  # do something...
else
  # do a different thing...
end

The use of eval is a serious security risk.
Open

      for_value = eval(for_value)
Severity: Minor
Found in app/models/oai_pmh_repository_set.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

There are no issues that match your filters.

Category
Status