app/models/user.rb
Insufficient validation for 'username' using /
\A # start of string
[a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ # one or more ASCII letters digits with TR characters support
(?:[._-][a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+)* # 0+ sequences of:
# [._-] a . or _ or -
# [a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ one or more ASCII letters digits
\z # end of string
/x. Use \A and \z as anchors Open
Open
length: { in: 3..30 }, format: { with: USERNAME_REGEX }
- Read upRead up
- Exclude checks
Calls to validates_format_of ..., :with => //
which do not use \A
and \z
as anchors will cause this warning. Using ^
and $
is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.
See the Ruby Security Guide for details.
Specify a :dependent
option. Open
Open
has_many :designs
- Read upRead up
- Exclude checks
This cop looks for has_many
or has_one
associations that don't
specify a :dependent
option.
It doesn't register an offense if :through
option was specified.
Example:
# bad
class User < ActiveRecord::Base
has_many :comments
has_one :avatar
end
# good
class User < ActiveRecord::Base
has_many :comments, dependent: :restrict_with_exception
has_one :avatar, dependent: :destroy
has_many :patients, through: :appointments
end