mastodon/mastodon

View on GitHub

Showing 265 of 266 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

Block has too many lines. [433/55]
Open

Rails.application.routes.draw do
  root 'home#index'

  mount LetterOpenerWeb::Engine, at: 'letter_opener' if Rails.env.development?

Severity: Minor
Found in config/routes.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use IgnoredMethods instead.

Example: CountAsOne: ['array', 'heredoc']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <

NOTE: This cop does not apply for Struct definitions.

Block has too many lines. [169/55]
Open

  namespace :api do
    # OEmbed
    get '/oembed', to: 'oembed#show', as: :oembed

    # JSON / REST API
Severity: Minor
Found in config/routes.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use IgnoredMethods instead.

Example: CountAsOne: ['array', 'heredoc']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <

NOTE: This cop does not apply for Struct definitions.

Module has too many lines. [218/200]
Open

module AccountInteractions
  extend ActiveSupport::Concern

  class_methods do
    def following_map(target_account_ids, account_id)

This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

Example: CountAsOne: ['array', 'heredoc']

module M
  ARRAY = [         # +1
    1,
    2
  ]

  HASH = {          # +3
    key: 'value'
  }

  MSG = <

Block has too many lines. [152/55]
Open

    namespace :v1 do
      resources :statuses, only: [:create, :show, :destroy] do
        scope module: :statuses do
          resources :reblogged_by, controller: :reblogged_by_accounts, only: :index
          resources :favourited_by, controller: :favourited_by_accounts, only: :index
Severity: Minor
Found in config/routes.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use IgnoredMethods instead.

Example: CountAsOne: ['array', 'heredoc']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <

NOTE: This cop does not apply for Struct definitions.

Block has too many lines. [116/55]
Open

  namespace :admin do
    get '/dashboard', to: 'dashboard#index'

    resources :domain_allows, only: [:new, :create, :show, :destroy]
    resources :domain_blocks, only: [:new, :create, :show, :destroy, :update, :edit]
Severity: Minor
Found in config/routes.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

NOTE: The ExcludedMethods configuration is deprecated and only kept for backwards compatibility. Please use IgnoredMethods instead.

Example: CountAsOne: ['array', 'heredoc']

something do
  array = [         # +1
    1,
    2
  ]

  hash = {          # +3
    key: 'value'
  }

  msg = <

NOTE: This cop does not apply for Struct definitions.

Perceived complexity for remove_orphans is too high. [26/25]
Open

    def remove_orphans
      progress        = create_progress_bar(nil)
      reclaimed_bytes = 0
      removed         = 0
      dry_run         = options[:dry_run] ? ' (DRY RUN)' : ''
Severity: Minor
Found in lib/mastodon/media_cli.rb by rubocop

This cop tries to produce a complexity score that's a measure of the complexity the reader experiences when looking at a method. For that reason it considers when nodes as something that doesn't add as much complexity as an if or a &&. Except if it's one of those special case/when constructs where there's no expression after case. Then the cop treats it as an if/elsif/elsif... and lets all the when nodes count. In contrast to the CyclomaticComplexity cop, this cop considers else nodes as adding complexity.

Example:

def my_method                   # 1
  if cond                       # 1
    case var                    # 2 (0.8 + 4 * 0.2, rounded)
    when 1 then func_one
    when 2 then func_two
    when 3 then func_three
    when 4..10 then func_other
    end
  else                          # 1
    do_something until a && b   # 2
  end                           # ===
end                             # 7 complexity points

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def request_follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Method has too many optional parameters. [4/3]
Open

  def descendants(limit, account = nil, max_child_id = nil, since_child_id = nil, depth = nil)
    find_statuses_from_tree_path(descendant_ids(limit, max_child_id, since_child_id, depth), account, promote: true)
  end

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Trailing whitespace detected.
Open

      self.expires_at = interval.present? ? interval.to_i.seconds.from_now : nil 
Severity: Minor
Found in app/models/concerns/expireable.rb by rubocop

This cop looks for trailing whitespace in the source code.

Example:

# The line in this example contains spaces after the 0.
# bad
x = 0

# The line in this example ends directly after the 0.
# good
x = 0

Example: AllowInHeredoc: false (default)

# The line in this example contains spaces after the 0.
# bad
code = <

Example: AllowInHeredoc: true

# The line in this example contains spaces after the 0.
# good
code = <

Consider using explicit block argument in the surrounding method's signature over yield.
Open

    I18n.with_locale(locale) do
      yield
    end

This cop enforces the use of explicit block argument to avoid writing block literal that just passes its arguments to another block.

NOTE: This cop only registers an offense if the block args match the yield args exactly.

Example:

# bad
def with_tmp_dir
  Dir.mktmpdir do |tmp_dir|
    Dir.chdir(tmp_dir) { |dir| yield dir } # block just passes arguments
  end
end

# bad
def nine_times
  9.times { yield }
end

# good
def with_tmp_dir(&block)
  Dir.mktmpdir do |tmp_dir|
    Dir.chdir(tmp_dir, &block)
  end
end

with_tmp_dir do |dir|
  puts "dir is accessible as a parameter and pwd is set: #{dir}"
end

# good
def nine_times(&block)
  9.times(&block)
end

Prefer string interpolation to string concatenation.
Open

    archive_filename = ['archive', Time.now.utc.strftime('%Y%m%d%H%M%S'), SecureRandom.hex(16)].join('-') + '.tar.gz'
Severity: Minor
Found in app/services/backup_service.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Expected 1 empty line between class definitions; found 0.
Open

  class RedirectError < StandardError; end
Severity: Minor
Found in app/lib/webfinger.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Redundant begin block detected.
Open

      begin
Severity: Minor
Found in app/workers/backup_worker.rb by rubocop

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Expected 1 empty line between class definitions; found 0.
Open

  class RaceConditionError < Error; end
Severity: Minor
Found in lib/exceptions.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Prefer string interpolation to string concatenation.
Open

          say('    ' + error, :red)
Severity: Minor
Found in lib/mastodon/accounts_cli.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Expected 1 empty line between class definitions; found 0.
Open

    class Poll < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Expected 1 empty line between class definitions; found 0.
Open

    class Tombstone < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Combine this loop with the previous loop.
Open

    custom_emojis.each do |custom_emoji|
      custom_emoji.update(disabled: true)
      log_action :disable, custom_emoji
    end

This cop checks for places where multiple consecutive loops over the same data can be combined into a single loop. It is very likely that combining them will make the code more efficient and more concise.

It is marked as unsafe, because the first loop might modify a state that the second loop depends on; these two aren't combinable.

Example:

# bad
def method
  items.each do |item|
    do_something(item)
  end

  items.each do |item|
    do_something_else(item)
  end
end

# good
def method
  items.each do |item|
    do_something(item)
    do_something_else(item)
  end
end

# bad
def method
  for item in items do
    do_something(item)
  end

  for item in items do
    do_something_else(item)
  end
end

# good
def method
  for item in items do
    do_something(item)
    do_something_else(item)
  end
end

# good
def method
  each_slice(2) { |slice| do_something(slice) }
  each_slice(3) { |slice| do_something(slice) }
end
Severity
Category
Status
Source
Language