protect_from_forgery should be configured with 'with: :exception' Open
require 'custom_errors'
- Read upRead up
- Exclude checks
Cross-site request forgery is #5 on the OWASP Top Ten. CSRF allows an attacker to perform actions on a website as if they are an authenticated user.
This warning is raised when no call to protect_from_forgery
is found in ApplicationController
. This method prevents CSRF.
For Rails 4 applications, it is recommended that you use protect_from_forgery :with => :exception
. This code is inserted into newly generated applications. The default is to nil
out the session object, which has been a source of many CSRF bypasses due to session memoization.
See the Ruby Security Guide for details.
Assignment Branch Condition size for after_sign_in_path_for is too high. [22.36/15] (http://c2.com/cgi/wiki?AbcMetric) Open
def after_sign_in_path_for(resource)
set_flash_warning_reminder_to_update_details resource
return edit_user_path id: current_user.id if session[:pending_organisation_id]
return organisation_path(current_user.organisation) if current_user.organisation
return session[:previous_url] if session[:previous_url]
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [8/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def set_flash_warning_reminder_to_update_details usr
if usr.organisation and not usr.organisation.has_been_updated_recently?
msg = render_to_string(partial: "shared/call_to_action", locals: {org: usr.organisation}).html_safe
if flash[:warning]
flash[:warning] << ' ' << msg
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [7/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def open_graph_tags
{
title: meta_tag_title,
site: 'Harrow Community Network',
reverse: true,
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [7/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def white_listed
%w(
application
contributors
organisations
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [6/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def allow_cookie_policy
response.set_cookie 'cookie_policy_accepted', {
value: 'true',
path: '/',
expires: 1.year.from_now.utc
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [6/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def after_sign_in_path_for(resource)
set_flash_warning_reminder_to_update_details resource
return edit_user_path id: current_user.id if session[:pending_organisation_id]
return organisation_path(current_user.organisation) if current_user.organisation
return session[:previous_url] if session[:previous_url]
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [6/5] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def set_tags
set_meta_tags title: meta_tag_title,
site: 'Harrow volunteering',
reverse: true,
description: meta_tag_description,
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Prefer single-quoted strings when you don't need string interpolation or special symbols. (https://github.com/bbatsov/ruby-style-guide#consistent-string-literals) Open
msg = render_to_string(partial: "shared/call_to_action", locals: {org: usr.organisation}).html_safe
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Unused method argument - resource
. If it's necessary, use _
or _resource
as an argument name to indicate that it won't be used. You can also write as after_accept_path_for(*)
if you want the method to accept any arguments but don't care about them. (https://github.com/bbatsov/ruby-style-guide#underscore-unused-vars) Open
def after_accept_path_for(resource)
- Read upRead up
- Exclude checks
This cop checks for unused method arguments.
Example:
# bad
def some_method(used, unused, _unused_but_allowed)
puts used
end
Example:
# good
def some_method(used, _unused, _unused_but_allowed)
puts used
end
Do not prefix writer method names with set_
. (https://github.com/bbatsov/ruby-style-guide#accessor_mutator_method_names) Open
def set_flash_warning_reminder_to_update_details usr
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Line is too long. [135/90] (https://github.com/bbatsov/ruby-style-guide#80-character-limits) Open
# Devise wiki suggests we need to make this return nil for the after_inactive_signup_path_for to be called in registrationscontroller
- Exclude checks
Line is too long. [125/90] (https://github.com/bbatsov/ruby-style-guide#80-character-limits) Open
return organisation_path(Organisation.find(current_user.pending_organisation_id)) if current_user.pending_organisation_id
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression. (https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals) Open
if request_controller_is(white_listed) && request_verb_is_get?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
%w
-literals should be delimited by [
and ]
. (https://github.com/bbatsov/ruby-style-guide#percent-literal-braces) Open
%w(
application
contributors
organisations
pages
- Read upRead up
- Exclude checks
This cop enforces the consistent usage of %
-literal delimiters.
Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.
Example:
# Style/PercentLiteralDelimiters:
# PreferredDelimiters:
# default: '[]'
# '%i': '()'
# good
%w[alpha beta] + %i(gamma delta)
# bad
%W(alpha #{beta})
# bad
%I(alpha beta)
Prefer before_action
over before_filter
. Open
before_filter :store_location,
- Read upRead up
- Exclude checks
This cop enforces the consistent use of action filter methods.
The cop is configurable and can enforce the use of the older somethingfilter methods or the newer somethingaction methods.
If the TargetRailsVersion is set to less than 4.0, the cop will enforce the use of filter methods.
Example: EnforcedStyle: action (default)
# bad
after_filter :do_stuff
append_around_filter :do_stuff
skip_after_filter :do_stuff
# good
after_action :do_stuff
append_around_action :do_stuff
skip_after_action :do_stuff
Example: EnforcedStyle: filter
# bad
after_action :do_stuff
append_around_action :do_stuff
skip_after_action :do_stuff
# good
after_filter :do_stuff
append_around_filter :do_stuff
skip_after_filter :do_stuff
Line is too long. [105/90] (https://github.com/bbatsov/ruby-style-guide#80-character-limits) Open
msg = render_to_string(partial: "shared/call_to_action", locals: {org: usr.organisation}).html_safe
- Exclude checks
Use &&
instead of and
. (https://github.com/bbatsov/ruby-style-guide#no-and-or-or) Open
if usr.organisation and not usr.organisation.has_been_updated_recently?
- Read upRead up
- Exclude checks
This cop checks for uses of and
and or
, and suggests using &&
and
|| instead
. It can be configured to check only in conditions, or in
all contexts.
Example: EnforcedStyle: always (default)
# bad
foo.save and return
# bad
if foo and bar
end
# good
foo.save && return
# good
if foo && bar
end
Example: EnforcedStyle: conditionals
# bad
if foo and bar
end
# good
foo.save && return
# good
foo.save and return
# good
if foo && bar
end
Redundant curly braces around a hash parameter. Open
response.set_cookie 'cookie_policy_accepted', {
value: 'true',
path: '/',
expires: 1.year.from_now.utc
}
- Read upRead up
- Exclude checks
This cop checks for braces around the last parameter in a method call
if the last parameter is a hash.
It supports braces
, no_braces
and context_dependent
styles.
Example: EnforcedStyle: braces
# The `braces` style enforces braces around all method
# parameters that are hashes.
# bad
some_method(x, y, a: 1, b: 2)
# good
some_method(x, y, {a: 1, b: 2})
Example: EnforcedStyle: no_braces (default)
# The `no_braces` style checks that the last parameter doesn't
# have braces around it.
# bad
some_method(x, y, {a: 1, b: 2})
# good
some_method(x, y, a: 1, b: 2)
Example: EnforcedStyle: context_dependent
# The `context_dependent` style checks that the last parameter
# doesn't have braces around it, but requires braces if the
# second to last parameter is also a hash literal.
# bad
some_method(x, y, {a: 1, b: 2})
some_method(x, y, {a: 1, b: 2}, a: 1, b: 2)
# good
some_method(x, y, a: 1, b: 2)
some_method(x, y, {a: 1, b: 2}, {a: 1, b: 2})
Use a guard clause instead of wrapping the code inside a conditional expression. (https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals) Open
if usr.organisation and not usr.organisation.has_been_updated_recently?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use a guard clause instead of wrapping the code inside a conditional expression. (https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals) Open
unless superadmin?
- Read upRead up
- Exclude checks
Use a guard clause instead of wrapping the code inside a conditional expression
Example:
# bad
def test
if something
work
end
end
# good
def test
return unless something
work
end
# also good
def test
work if something
end
# bad
if something
raise 'exception'
else
ok
end
# good
raise 'exception' if something
ok
Use !
instead of not
. (https://github.com/bbatsov/ruby-style-guide#bang-not-not) Open
if usr.organisation and not usr.organisation.has_been_updated_recently?
- Read upRead up
- Exclude checks
This cop checks for uses of the keyword not
instead of !
.
Example:
# bad - parentheses are required because of op precedence
x = (not something)
# good
x = !something