Sign upLogin

tootsuite/mastodon

View on GitHub
Star

Showing 231 of 239 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)
Severity: Minor
Found in app/models/concerns/account_interactions.rb by rubocop

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Method has too many optional parameters. [4/3]
Open

  def descendants(limit, account = nil, max_child_id = nil, since_child_id = nil, depth = nil)
    find_statuses_from_tree_path(descendant_ids(limit, max_child_id, since_child_id, depth), account, promote: true)
  end
Severity: Minor
Found in app/models/concerns/status_threading_concern.rb by rubocop

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def request_follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)
Severity: Minor
Found in app/models/concerns/account_interactions.rb by rubocop

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Prefer string interpolation to string concatenation.
Open

    actor[:icon][:url]  = 'avatar' + File.extname(actor[:icon][:url])  if actor[:icon]
Severity: Minor
Found in app/services/backup_service.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Prefer string interpolation to string concatenation.
Open

    download_to_tar(tar, account.avatar, 'avatar' + File.extname(account.avatar.path)) if account.avatar.exists?
Severity: Minor
Found in app/services/backup_service.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Redundant begin block detected.
Open

      begin
Severity: Minor
Found in app/workers/post_process_media_worker.rb by rubocop

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Expected 1 empty line between class definitions; found 0.
Open

    class Mute < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Prefer string interpolation to string concatenation.
Open

        attachment.instance.file_file_name    = File.basename(attachment.instance.file_file_name, '.*') + '.mp4'
Severity: Minor
Found in lib/paperclip/gif_transcoder.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Use the new Ruby 1.9 hash syntax.
Open

    render json: ValidationErrorFormatter.new(e, :'account.username' => :username, :'invite_request.text' => :reason).as_json, status: :unprocessable_entity
Severity: Minor
Found in app/controllers/api/v1/accounts_controller.rb by rubocop

This cop checks hash literal syntax.

It can enforce either the use of the class hash rocket syntax or the use of the newer Ruby 1.9 syntax (when applicable).

A separate offense is registered for each problematic pair.

The supported styles are:

  • ruby19 - forces use of the 1.9 syntax (e.g. {a: 1}) when hashes have all symbols for keys
  • hash_rockets - forces use of hash rockets for all hashes
  • nomixedkeys - simply checks for hashes with mixed syntaxes
  • ruby19nomixed_keys - forces use of ruby 1.9 syntax and forbids mixed syntax hashes

Example: EnforcedStyle: ruby19 (default)

# bad
{:a => 2}
{b: 1, :c => 2}

# good
{a: 2, b: 1}
{:c => 2, 'd' => 2} # acceptable since 'd' isn't a symbol
{d: 1, 'e' => 2} # technically not forbidden

Example: EnforcedStyle: hash_rockets

# bad
{a: 1, b: 2}
{c: 1, 'd' => 5}

# good
{:a => 1, :b => 2}

Example: EnforcedStyle: nomixedkeys

# bad
{:a => 1, b: 2}
{c: 1, 'd' => 2}

# good
{:a => 1, :b => 2}
{c: 1, d: 2}

Example: EnforcedStyle: ruby19nomixed_keys

# bad
{:a => 1, :b => 2}
{c: 2, 'd' => 3} # should just use hash rockets

# good
{a: 1, b: 2}
{:c => 3, 'd' => 4}

Redundant begin block detected.
Open

          begin
Severity: Minor
Found in app/lib/request.rb by rubocop

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Prefer string interpolation to string concatenation.
Open

      preview = preview[0, preview.index("\n").presence || 30] + '…'
Severity: Minor
Found in app/lib/rss/serializer.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Expected 1 empty line between class definitions; found 0.
Open

  class NotPermittedError < Error; end
Severity: Minor
Found in lib/exceptions.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Redundant begin block detected.
Open

          begin
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Prefer string interpolation to string concatenation.
Open

cache_namespace   = namespace ? namespace + '_cache' : 'cache'
Severity: Minor
Found in lib/mastodon/redis_config.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Prefer string interpolation to string concatenation.
Open

    @items = @account.followers.where(Account.arel_table[:uri].matches(uri_prefix + '%', false, true)).pluck(:uri)
Severity: Minor
Found in app/controllers/activitypub/followers_synchronizations_controller.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Use keyword arguments when defining method with boolean argument.
Open

  def fetch_resource_without_id_validation(uri, on_behalf_of = nil, raise_on_temporary_error = false)
Severity: Minor
Found in app/helpers/jsonld_helper.rb by rubocop

This cop checks for places where keyword arguments can be used instead of boolean arguments when defining methods. respond_to_missing? method is allowed by default. These are customizable with AllowedMethods option.

Example:

# bad
def some_method(bar = false)
  puts bar
end

# bad - common hack before keyword args were introduced
def some_method(options = {})
  bar = options.fetch(:bar, false)
  puts bar
end

# good
def some_method(bar: false)
  puts bar
end

Example: AllowedMethods: ['some_method']

# good
def some_method(bar = false)
  puts bar
end

Expected 1 empty line between class definitions; found 0.
Open

  class GoneError < Error; end
Severity: Minor
Found in app/lib/webfinger.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Prefer string interpolation to string concatenation.
Open

    Request.new(:get, @url).add_headers('Accept' => 'text/html', 'User-Agent' => Mastodon::Version.user_agent + ' Bot').perform do |res|
Severity: Minor
Found in app/services/fetch_link_card_service.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Prefer string interpolation to string concatenation.
Open

        skip_domains.each { |domain| say('    ' + domain) }
Severity: Minor
Found in lib/mastodon/accounts_cli.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'
Severity
Category
Status
Source
Language