Showing 439 of 439 total issues
Method omniauth_flow
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def omniauth_flow(auth_module, identity_linker: nil)
if current_user
authorize :identity_provider, :link?
identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid too many return
statements within this function. Open
return this.setUnavailableState();
Insufficient validation for 'username' using /
\A # start of string
[a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ # one or more ASCII letters digits with TR characters support
(?:[._-][a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+)* # 0+ sequences of:
# [._-] a . or _ or -
# [a-zA-Z\u011F\u00FC\u015F\u0131\u00F6\u00E7\u011E\u00DC\u015E\u0130\u00D6\u00C70-9]+ one or more ASCII letters digits
\z # end of string
/x. Use \A and \z as anchors Open
length: { in: 3..30 }, format: { with: USERNAME_REGEX }
- Read upRead up
- Exclude checks
Calls to validates_format_of ..., :with => //
which do not use \A
and \z
as anchors will cause this warning. Using ^
and $
is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.
See the Ruby Security Guide for details.
Function usernameBlur
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
usernameBlur() {
const username = this.inputElement.value;
// look parent node (div) for valid state
// for presence, length and format validations we use client_side_validations gem
this.state.valid = !this.inputElement.parentNode.classList.contains(INVALID_FORM_GROUP_CLASS);
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Similar blocks of code found in 2 locations. Consider refactoring. Open
def execute
find_remote_object!
illustration = build_illustration
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 27.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
def execute
find_remote_object!
blueprint = build_blueprint
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 27.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Use module_function
instead of extend self
. Open
extend self
- Read upRead up
- Exclude checks
This cop checks for use of extend self
or module_function
in a
module.
Supported styles are: modulefunction, extendself.
Example: EnforcedStyle: module_function (default)
# bad
module Test
extend self
# ...
end
# good
module Test
module_function
# ...
end
In case there are private methods, the cop won't be activated. Otherwise, it forces to change the flow of the default code.
Example: EnforcedStyle: module_function (default)
# good
module Test
extend self
# ...
private
# ...
end
Example: EnforcedStyle: extend_self
# bad
module Test
module_function
# ...
end
# good
module Test
extend self
# ...
end
These offenses are not safe to auto-correct since there are different implications to each approach.
create
is not explicitly defined on the class. Open
prepend_before_action :check_captcha, only: [:create]
- Read upRead up
- Exclude checks
This cop checks that methods specified in the filter's only
or
except
options are defined within the same class or module.
You can technically specify methods of superclass or methods added by mixins on the filter, but these can confuse developers. If you specify methods that are defined in other classes or modules, you should define the filter in that class or module.
If you rely on behaviour defined in the superclass actions, you must
remember to invoke super
in the subclass actions.
Example:
# bad
class LoginController < ApplicationController
before_action :require_login, only: %i[index settings logout]
def index
end
end
# good
class LoginController < ApplicationController
before_action :require_login, only: %i[index settings logout]
def index
end
def settings
end
def logout
end
end
Example:
# bad
module FooMixin
extend ActiveSupport::Concern
included do
before_action proc { authenticate }, only: :foo
end
end
# good
module FooMixin
extend ActiveSupport::Concern
included do
before_action proc { authenticate }, only: :foo
end
def foo
# something
end
end
Example:
class ContentController < ApplicationController
def update
@content.update(content_attributes)
end
end
class ArticlesController < ContentController
before_action :load_article, only: [:update]
# the cop requires this method, but it relies on behaviour defined
# in the superclass, so needs to invoke `super`
def update
super
end
private
def load_article
@content = Article.find(params[:article_id])
end
end
Line is too long. [112/100] Open
gem 'activerecord-jsonb-associations', github: 'rokumatsumoto/activerecord-jsonb-associations', branch: 'master'
- Exclude checks
Specify a :dependent
option. Open
has_one :design_blueprint
- Read upRead up
- Exclude checks
This cop looks for has_many
or has_one
associations that don't
specify a :dependent
option.
It doesn't register an offense if :through
option was specified.
Example:
# bad
class User < ActiveRecord::Base
has_many :comments
has_one :avatar
end
# good
class User < ActiveRecord::Base
has_many :comments, dependent: :restrict_with_exception
has_one :avatar, dependent: :destroy
has_many :patients, through: :appointments
end
Line is too long. [209/100] Open
# In our scenario user must view the design before async jobs. (download, like, save) When the user views the design, a visit record will be created if 'visit_duration' (4.hours) time expired at that moment.
- Exclude checks
Do not prefix writer method names with set_
. Open
def set_remember_me(user)
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Use nested module/class definitions instead of compact style. Open
class Profiles::PasswordsController < ApplicationController
- Read upRead up
- Exclude checks
This cop checks the style of children definitions at classes and modules. Basically there are two different styles:
Example: EnforcedStyle: nested (default)
# good
# have each child on its own line
class Foo
class Bar
end
end
Example: EnforcedStyle: compact
# good
# combine definitions as much as possible
class Foo::Bar
end
The compact style is only forced for classes/modules with one child.
Assignment Branch Condition size for update is too high. [<2, 17, 3> 17.38/15] Open
def update
respond_to do |format|
result = Users::UpdateService.new(current_user, user_params.merge(user: @user)).execute
if result[:status] == :success
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric and https://en.wikipedia.org/wiki/ABC_Software_Metric.
Line is too long. [107/100] Open
format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
- Exclude checks
Do not prefix writer method names with set_
. Open
def set_design_download_step_to_ready(url)
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Line is too long. [146/100] Open
url_path: "#{illustration_source}/id/#{illustration_id}/#{illustration_large_size}/#{illustration_large_size}.#{illustration_format}",
- Exclude checks
Line is too long. [150/100] Open
medium_url: "#{illustration_source}/id/#{illustration_id}/#{illustration_medium_size}/#{illustration_medium_size}.#{illustration_format}",
- Exclude checks
Line is too long. [117/100] Open
gem 'bootsnap', '~> 1.4', '>= 1.4.5', require: false # Reduces boot times through caching; required in config/boot.rb
- Exclude checks
Line is too long. [203/100] Open
gem 'hamlit-rails', '~> 0.2.0', require: false # Provides hamlit generators for Rails 4. It also enables hamlit as the templating engine and "hamlit:erb2haml" rake task that converts erb files to haml.
- Exclude checks