app/models/user.rb
Insufficient validation for 'username' using /^[a-zA-Z0-9_.]*$/. Use \A and \z as anchors Open
Open
validates_format_of :username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true
- Read upRead up
- Exclude checks
Calls to validates_format_of ..., :with => //
which do not use \A
and \z
as anchors will cause this warning. Using ^
and $
is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.
See the Ruby Security Guide for details.
Use ==
if you meant to do a comparison or wrap the expression in parentheses to indicate you meant to assign in a condition. Open
Open
if login = conditions.delete(:login)
- Read upRead up
- Exclude checks
This cop checks for assignments in the conditions of if/while/until.
Example:
# bad
if some_var = true
do_something
end
Example:
# good
if some_var == true
do_something
end