Sign upLogin

rokumatsumoto/boyutluseyler

View on GitHub
Star
app/models/user.rb

Summary

Maintainability
A
0 mins
Test Coverage

Insufficient validation for 'username' using / \A # start of string [a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ # one or more ASCII letters digits with TR characters support (?:[._-][a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+)* # 0+ sequences of: # [._-] a . or _ or - # [a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ one or more ASCII letters digits \z # end of string /x. Use \A and \z as anchors
Open

                       length: { in: 3..30 }, format: { with: USERNAME_REGEX }
Severity: Critical
Found in app/models/user.rb by brakeman

Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning. Using ^ and $ is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.

See the Ruby Security Guide for details.

Specify a :dependent option.
Open

  has_many :designs
Severity: Minor
Found in app/models/user.rb by rubocop

This cop looks for has_many or has_one associations that don't specify a :dependent option. It doesn't register an offense if :through option was specified.

Example:

# bad
class User < ActiveRecord::Base
  has_many :comments
  has_one :avatar
end

# good
class User < ActiveRecord::Base
  has_many :comments, dependent: :restrict_with_exception
  has_one :avatar, dependent: :destroy
  has_many :patients, through: :appointments
end

There are no issues that match your filters.

Category
Status