Showing 128 of 128 total issues
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible shell escape sequence injection vulnerability in Rack Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Loofah 2.0.3 is vulnerable (CVE-2018-8048). Upgrade to 2.1.2 Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
rails-html-sanitizer 1.0.3 is vulnerable (CVE-2018-3741). Upgrade to 1.0.4 Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Line contains inconsistent indentation Open
currency: $("#currency").val(),
- Exclude checks
Missing top-level module documentation comment. Open
module ExchangeHelper
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Missing top-level module documentation comment. Open
module Currency
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem listen
should appear before web-console
. Open
gem 'listen', '>= 3.0.5', '< 3.2'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem font-awesome-sass
should appear before jquery-rails
. Open
gem 'font-awesome-sass', '~> 4.7.0'
- Read upRead up
- Exclude checks
Gems should be alphabetically sorted within groups.
Example:
# bad
gem 'rubocop'
gem 'rspec'
# good
gem 'rspec'
gem 'rubocop'
# good
gem 'rubocop'
gem 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'
Line is too long. [93/80] Open
# Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
- Exclude checks
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
gem "codeclimate-test-reporter", "~> 1.0.0"
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Use %i
or %I
for an array of symbols. Open
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
- Read upRead up
- Exclude checks
This cop can check for array literals made up of symbols that are not using the %i() syntax.
Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.
Configuration option: MinSize
If set, arrays with fewer elements than this value will not trigger the
cop. For example, a MinSize of
3` will not enforce a style on an array
of 2 or fewer elements.
Example: EnforcedStyle: percent (default)
# good
%i[foo bar baz]
# bad
[:foo, :bar, :baz]
Example: EnforcedStyle: brackets
# good
[:foo, :bar, :baz]
# bad
%i[foo bar baz]
Use warn
instead of $stderr.puts
to allow such output to be disabled. Open
$stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install"
- Read upRead up
- Exclude checks
This cop identifies places where $stderr.puts
can be replaced by
warn
. The latter has the advantage of easily being disabled by,
e.g. the -W0 interpreter flag, or setting $VERBOSE to nil.
Example:
# bad
$stderr.puts('hello')
# good
warn('hello')
include
is used at the top level. Use inside class
or module
. Open
include FileUtils
- Read upRead up
- Exclude checks
This cop checks that include
, extend
and prepend
exists at
the top level.
Using these at the top level affects the behavior of Object
.
There will not be using include
, extend
and prepend
at
the top level. Let's use it inside class
or module
.
Example:
# bad
include M
class C
end
# bad
extend M
class C
end
# bad
prepend M
class C
end
# good
class C
include M
end
# good
class C
extend M
end
# good
class C
prepend M
end
Extra blank line detected. Open
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
- Read upRead up
- Exclude checks
This cops checks for two or more consecutive blank lines.
Example:
# bad - It has two empty lines.
some_method
# one empty line
# two empty lines
some_method
# good
some_method
# one empty line
some_method
Unnecessary fat arrow Open
$('#change').on 'click', (event) =>
- Exclude checks
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
$stderr.puts "Yarn executable was not detected in the system."
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
$stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install"
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Extra empty line detected at module body beginning. Open
def self.exchange currency, currency_destination, quantity
- Read upRead up
- Exclude checks
This cops checks if empty lines around the bodies of modules match the configuration.
Example: EnforcedStyle: empty_lines
# good
module Foo
def bar
# ...
end
end
Example: EnforcedStyle: emptylinesexcept_namespace
# good
module Foo
module Bar
# ...
end
end
Example: EnforcedStyle: emptylinesspecial
# good
module Foo
def bar; end
end
Example: EnforcedStyle: noemptylines (default)
# good
module Foo
def bar
# ...
end
end