Mass assignment is not restricted using attr_accessible Open
class Topic < ActiveRecord::Base
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Class has too many lines. [154/100] Open
class Topic < ActiveRecord::Base
include PgSearch
include PgSearchCustomisations
multisearchable against: %i[
title
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for updated_since is too high. [31.05/15] Open
def self.updated_since(date)
# Topic.where( <Topic or its join tables is newer than date> )
taggings_sql = Tagging.uniq.select(:taggable_id).where(taggable_type: 'Topic').where('created_at > ?', date).to_sql
contributions_sql = Contribution.uniq.select(:contributed_item_id).where(contributed_item_type: 'Topic').where('updated_at > ?', date).to_sql
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [15/10] Open
def self.updated_since(date)
# Topic.where( <Topic or its join tables is newer than date> )
taggings_sql = Tagging.uniq.select(:taggable_id).where(taggable_type: 'Topic').where('created_at > ?', date).to_sql
contributions_sql = Contribution.uniq.select(:contributed_item_id).where(contributed_item_type: 'Topic').where('updated_at > ?', date).to_sql
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
TODO found Open
# TODO: add validation that prevents markup in short_summary
- Exclude checks
Use the -> { ... }
lambda literal syntax for single line lambdas. Open
scope :recent, lambda { where('1 = 1').order('created_at DESC').limit(5) }
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end
Avoid rescuing without specifying an error class. Open
rescue
- Read upRead up
- Exclude checks
This cop checks for rescuing StandardError
. There are two supported
styles implicit
and explicit
. This cop will not register an offense
if any error other than StandardError
is specified.
Example: EnforcedStyle: implicit
# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.
# bad
begin
foo
rescue StandardError
bar
end
# good
begin
foo
rescue
bar
end
# good
begin
foo
rescue OtherError
bar
end
# good
begin
foo
rescue StandardError, SecurityError
bar
end
Example: EnforcedStyle: explicit (default)
# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.
# bad
begin
foo
rescue
bar
end
# good
begin
foo
rescue StandardError
bar
end
# good
begin
foo
rescue OtherError
bar
end
# good
begin
foo
rescue StandardError, SecurityError
bar
end
Use normalcase for variable numbers. Open
content_item_relations_sql_1 = ContentItemRelation.uniq.select(:related_item_id).where(related_item_type: 'Topic').where('updated_at > ?', date).to_sql
- Read upRead up
- Exclude checks
This cop makes sure that all numbered variables use the configured style, snakecase, normalcase or noninteger, for their numbering.
Example: EnforcedStyle: snake_case
# bad
variable1 = 1
# good
variable_1 = 1
Example: EnforcedStyle: normalcase (default)
# bad
variable_1 = 1
# good
variable1 = 1
Example: EnforcedStyle: non_integer
# bad
variable1 = 1
variable_1 = 1
# good
variableone = 1
variable_one = 1
Pass __FILE__
and __LINE__
to eval
method, as they are used by backtraces. Open
Topic::Version.class_eval <<-RUBY
- Read upRead up
- Exclude checks
This cop checks eval
method usage. eval
can receive source location
metadata, that are filename and line number. The metadata is used by
backtraces. This cop recommends to pass the metadata to eval
method.
Example:
# bad
eval <<-RUBY
def do_something
end
RUBY
# bad
C.class_eval <<-RUBY
def do_something
end
RUBY
# good
eval <<-RUBY, binding, __FILE__, __LINE__ + 1
def do_something
end
RUBY
# good
C.class_eval <<-RUBY, __FILE__, __LINE__ + 1
def do_something
end
RUBY
%w
-literals should be delimited by [
and ]
. Open
%w(url height width).each do |method_stub|
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Use normalcase for variable numbers. Open
deleted_content_item_relations_sql_1 = "SELECT DISTINCT related_item_id FROM deleted_content_item_relations WHERE related_item_type = 'Topic' AND updated_at > ?"
- Read upRead up
- Exclude checks
This cop makes sure that all numbered variables use the configured style, snakecase, normalcase or noninteger, for their numbering.
Example: EnforcedStyle: snake_case
# bad
variable1 = 1
# good
variable_1 = 1
Example: EnforcedStyle: normalcase (default)
# bad
variable_1 = 1
# good
variable1 = 1
Example: EnforcedStyle: non_integer
# bad
variable1 = 1
variable_1 = 1
# good
variableone = 1
variable_one = 1
Use normalcase for variable numbers. Open
deleted_content_item_relations_sql_2 = 'SELECT DISTINCT topic_id FROM deleted_content_item_relations WHERE updated_at > ?'
- Read upRead up
- Exclude checks
This cop makes sure that all numbered variables use the configured style, snakecase, normalcase or noninteger, for their numbering.
Example: EnforcedStyle: snake_case
# bad
variable1 = 1
# good
variable_1 = 1
Example: EnforcedStyle: normalcase (default)
# bad
variable_1 = 1
# good
variable1 = 1
Example: EnforcedStyle: non_integer
# bad
variable1 = 1
variable_1 = 1
# good
variableone = 1
variable_one = 1
Use the -> { ... }
lambda literal syntax for single line lambdas. Open
scope :in_basket, lambda { |basket| { conditions: { basket_id: basket } } }
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end
Method Topic#still_images
is defined at both app/models/topic.rb:91 and app/models/topic.rb:235. Open
def still_images
- Read upRead up
- Exclude checks
This cop checks for duplicated instance (or singleton) method definitions.
Example:
# bad
def duplicated
1
end
def duplicated
2
end
Example:
# bad
def duplicated
1
end
alias duplicated other_duplicated
Example:
# good
def duplicated
1
end
def other_duplicated
2
end
Use normalcase for variable numbers. Open
content_item_relations_sql_2 = ContentItemRelation.uniq.select(:topic_id).where('updated_at > ?', date).to_sql
- Read upRead up
- Exclude checks
This cop makes sure that all numbered variables use the configured style, snakecase, normalcase or noninteger, for their numbering.
Example: EnforcedStyle: snake_case
# bad
variable1 = 1
# good
variable_1 = 1
Example: EnforcedStyle: normalcase (default)
# bad
variable_1 = 1
# good
variable1 = 1
Example: EnforcedStyle: non_integer
# bad
variable1 = 1
variable_1 = 1
# good
variableone = 1
variable_one = 1
Use the -> { ... }
lambda literal syntax for single line lambdas. Open
scope :exclude_baskets_and_id, lambda { |basket_ids, id| where('basket_id NOT IN (?) AND id != ?', basket_ids, id) }
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end
Use the -> { ... }
lambda literal syntax for single line lambdas. Open
scope :public, lambda { where('title != ?', SystemSetting.no_public_version_title) }
- Read upRead up
- Exclude checks
This cop (by default) checks for uses of the lambda literal syntax for single line lambdas, and the method call syntax for multiline lambdas. It is configurable to enforce one of the styles for both single line and multiline lambdas as well.
Example: EnforcedStyle: linecountdependent (default)
# bad
f = lambda { |x| x }
f = ->(x) do
x
end
# good
f = ->(x) { x }
f = lambda do |x|
x
end
Example: EnforcedStyle: lambda
# bad
f = ->(x) { x }
f = ->(x) do
x
end
# good
f = lambda { |x| x }
f = lambda do |x|
x
end
Example: EnforcedStyle: literal
# bad
f = lambda { |x| x }
f = lambda do |x|
x
end
# good
f = ->(x) { x }
f = ->(x) do
x
end