Showing 222 of 230 total issues
CSRF vulnerability in OmniAuth's request phase Open
omniauth (1.9.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/pull/809
Solution: remove or disable this gem until a patch is available!
Method has too many optional parameters. [4/3] Open
def descendants(limit, account = nil, max_child_id = nil, since_child_id = nil, depth = nil)
find_statuses_from_tree_path(descendant_ids(limit, max_child_id, since_child_id, depth), account, promote: true)
end
- Read upRead up
- Exclude checks
This cop checks for methods with too many parameters.
The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.
Example: Max: 3
# good
def foo(a, b, c = 1)
end
Example: Max: 2
# bad
def foo(a, b, c = 1)
end
Example: CountKeywordArgs: true (default)
# counts keyword args towards the maximum
# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end
# good (assuming Max is 3)
def foo(a, b, c: 1)
end
Example: CountKeywordArgs: false
# don't count keyword args towards the maximum
# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end
This cop also checks for the maximum number of optional parameters.
This can be configured using the MaxOptionalParameters
config option.
Example: MaxOptionalParameters: 3 (default)
# good
def foo(a = 1, b = 2, c = 3)
end
Example: MaxOptionalParameters: 2
# bad
def foo(a = 1, b = 2, c = 3)
end
Avoid parameter lists longer than 5 parameters. [6/5] Open
def request_follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)
- Read upRead up
- Exclude checks
This cop checks for methods with too many parameters.
The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.
Example: Max: 3
# good
def foo(a, b, c = 1)
end
Example: Max: 2
# bad
def foo(a, b, c = 1)
end
Example: CountKeywordArgs: true (default)
# counts keyword args towards the maximum
# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end
# good (assuming Max is 3)
def foo(a, b, c: 1)
end
Example: CountKeywordArgs: false
# don't count keyword args towards the maximum
# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end
This cop also checks for the maximum number of optional parameters.
This can be configured using the MaxOptionalParameters
config option.
Example: MaxOptionalParameters: 3 (default)
# good
def foo(a = 1, b = 2, c = 3)
end
Example: MaxOptionalParameters: 2
# bad
def foo(a = 1, b = 2, c = 3)
end
Avoid parameter lists longer than 5 parameters. [6/5] Open
def follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)
- Read upRead up
- Exclude checks
This cop checks for methods with too many parameters.
The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.
Example: Max: 3
# good
def foo(a, b, c = 1)
end
Example: Max: 2
# bad
def foo(a, b, c = 1)
end
Example: CountKeywordArgs: true (default)
# counts keyword args towards the maximum
# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end
# good (assuming Max is 3)
def foo(a, b, c: 1)
end
Example: CountKeywordArgs: false
# don't count keyword args towards the maximum
# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end
This cop also checks for the maximum number of optional parameters.
This can be configured using the MaxOptionalParameters
config option.
Example: MaxOptionalParameters: 3 (default)
# good
def foo(a = 1, b = 2, c = 3)
end
Example: MaxOptionalParameters: 2
# bad
def foo(a = 1, b = 2, c = 3)
end
Use keyword arguments when defining method with boolean argument. Open
def name_tag_classes(account, inline = false)
- Read upRead up
- Exclude checks
This cop checks for places where keyword arguments can be used instead of
boolean arguments when defining methods. respond_to_missing?
method is allowed by default.
These are customizable with AllowedMethods
option.
Example:
# bad
def some_method(bar = false)
puts bar
end
# bad - common hack before keyword args were introduced
def some_method(options = {})
bar = options.fetch(:bar, false)
puts bar
end
# good
def some_method(bar: false)
puts bar
end
Example: AllowedMethods: ['some_method']
# good
def some_method(bar = false)
puts bar
end
Use empty lines between class definitions. Open
class DimensionsValidationError < ValidationError; end
- Read upRead up
- Exclude checks
This cop checks whether class/module/method definitions are separated by one or more empty lines.
NumberOfEmptyLines
can be an integer (default is 1) or
an array (e.g. [1, 2]) to specify a minimum and maximum
number of empty lines permitted.
AllowAdjacentOneLineDefs
configures whether adjacent
one-line definitions are considered an offense.
Example: EmptyLineBetweenMethodDefs: true (default)
# checks for empty lines between method definitions.
# bad
def a
end
def b
end
Example:
# good
def a
end
def b
end
Example: EmptyLineBetweenClassDefs: true (default)
# checks for empty lines between class definitions.
# bad
class A
end
class B
end
def b
end
Example:
# good
class A
end
class B
end
def b
end
Example: EmptyLineBetweenModuleDefs: true (default)
# checks for empty lines between module definitions.
# bad
module A
end
module B
end
def b
end
Example:
# good
module A
end
module B
end
def b
end
Example: AllowAdjacentOneLineDefs: true
# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end
Prefer string interpolation to string concatenation. Open
preview = preview[0, preview.index("\n").presence || 30] + '…'
- Read upRead up
- Exclude checks
This cop checks for places where string concatenation can be replaced with string interpolation.
The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.
NOTE: When concatenation between two strings is broken over multiple
lines, this cop does not register an offense; instead,
Style/LineEndConcatenation
will pick up the offense if enabled.
Example:
# bad
email_with_name = user.name + ' '
# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)
# accepted, line-end concatenation
name = 'First' +
'Last'
Use keyword arguments when defining method with boolean argument. Open
def call(parent_status, collection_or_uri, allow_synchronous_requests = true)
- Read upRead up
- Exclude checks
This cop checks for places where keyword arguments can be used instead of
boolean arguments when defining methods. respond_to_missing?
method is allowed by default.
These are customizable with AllowedMethods
option.
Example:
# bad
def some_method(bar = false)
puts bar
end
# bad - common hack before keyword args were introduced
def some_method(options = {})
bar = options.fetch(:bar, false)
puts bar
end
# good
def some_method(bar: false)
puts bar
end
Example: AllowedMethods: ['some_method']
# good
def some_method(bar = false)
puts bar
end
Redundant begin
block detected. Open
begin
- Read upRead up
- Exclude checks
This cop checks for redundant begin
blocks.
Currently it checks for code like this:
Example:
# bad
def redundant
begin
ala
bala
rescue StandardError => e
something
end
end
# good
def preferred
ala
bala
rescue StandardError => e
something
end
# bad
begin
do_something
end
# good
do_something
# bad
# When using Ruby 2.5 or later.
do_something do
begin
something
rescue => ex
anything
end
end
# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
something
rescue => ex
anything
end
# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
begin
foo
rescue Bar
baz
end
end
Use keyword arguments when defining method with boolean argument. Open
def perform(follower_account_id, old_target_account_id, new_target_account_id, bypass_locked = false)
- Read upRead up
- Exclude checks
This cop checks for places where keyword arguments can be used instead of
boolean arguments when defining methods. respond_to_missing?
method is allowed by default.
These are customizable with AllowedMethods
option.
Example:
# bad
def some_method(bar = false)
puts bar
end
# bad - common hack before keyword args were introduced
def some_method(options = {})
bar = options.fetch(:bar, false)
puts bar
end
# good
def some_method(bar: false)
puts bar
end
Example: AllowedMethods: ['some_method']
# good
def some_method(bar = false)
puts bar
end
Redundant begin
block detected. Open
begin
- Read upRead up
- Exclude checks
This cop checks for redundant begin
blocks.
Currently it checks for code like this:
Example:
# bad
def redundant
begin
ala
bala
rescue StandardError => e
something
end
end
# good
def preferred
ala
bala
rescue StandardError => e
something
end
# bad
begin
do_something
end
# good
do_something
# bad
# When using Ruby 2.5 or later.
do_something do
begin
something
rescue => ex
anything
end
end
# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
something
rescue => ex
anything
end
# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
begin
foo
rescue Bar
baz
end
end
Use empty lines between class definitions. Open
class ListAccount < ApplicationRecord; end
- Read upRead up
- Exclude checks
This cop checks whether class/module/method definitions are separated by one or more empty lines.
NumberOfEmptyLines
can be an integer (default is 1) or
an array (e.g. [1, 2]) to specify a minimum and maximum
number of empty lines permitted.
AllowAdjacentOneLineDefs
configures whether adjacent
one-line definitions are considered an offense.
Example: EmptyLineBetweenMethodDefs: true (default)
# checks for empty lines between method definitions.
# bad
def a
end
def b
end
Example:
# good
def a
end
def b
end
Example: EmptyLineBetweenClassDefs: true (default)
# checks for empty lines between class definitions.
# bad
class A
end
class B
end
def b
end
Example:
# good
class A
end
class B
end
def b
end
Example: EmptyLineBetweenModuleDefs: true (default)
# checks for empty lines between module definitions.
# bad
module A
end
module B
end
def b
end
Example:
# good
module A
end
module B
end
def b
end
Example: AllowAdjacentOneLineDefs: true
# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end
Use empty lines between class definitions. Open
class PollVote < ApplicationRecord; end
- Read upRead up
- Exclude checks
This cop checks whether class/module/method definitions are separated by one or more empty lines.
NumberOfEmptyLines
can be an integer (default is 1) or
an array (e.g. [1, 2]) to specify a minimum and maximum
number of empty lines permitted.
AllowAdjacentOneLineDefs
configures whether adjacent
one-line definitions are considered an offense.
Example: EmptyLineBetweenMethodDefs: true (default)
# checks for empty lines between method definitions.
# bad
def a
end
def b
end
Example:
# good
def a
end
def b
end
Example: EmptyLineBetweenClassDefs: true (default)
# checks for empty lines between class definitions.
# bad
class A
end
class B
end
def b
end
Example:
# good
class A
end
class B
end
def b
end
Example: EmptyLineBetweenModuleDefs: true (default)
# checks for empty lines between module definitions.
# bad
module A
end
module B
end
def b
end
Example:
# good
module A
end
module B
end
def b
end
Example: AllowAdjacentOneLineDefs: true
# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end
Use empty lines between class definitions. Open
class CustomEmoji < ApplicationRecord; end
- Read upRead up
- Exclude checks
This cop checks whether class/module/method definitions are separated by one or more empty lines.
NumberOfEmptyLines
can be an integer (default is 1) or
an array (e.g. [1, 2]) to specify a minimum and maximum
number of empty lines permitted.
AllowAdjacentOneLineDefs
configures whether adjacent
one-line definitions are considered an offense.
Example: EmptyLineBetweenMethodDefs: true (default)
# checks for empty lines between method definitions.
# bad
def a
end
def b
end
Example:
# good
def a
end
def b
end
Example: EmptyLineBetweenClassDefs: true (default)
# checks for empty lines between class definitions.
# bad
class A
end
class B
end
def b
end
Example:
# good
class A
end
class B
end
def b
end
Example: EmptyLineBetweenModuleDefs: true (default)
# checks for empty lines between module definitions.
# bad
module A
end
module B
end
def b
end
Example:
# good
module A
end
module B
end
def b
end
Example: AllowAdjacentOneLineDefs: true
# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end
Prefer string interpolation to string concatenation. Open
port = ENV.fetch(prefix + 'REDIS_PORT') { 6379 if defaults }
- Read upRead up
- Exclude checks
This cop checks for places where string concatenation can be replaced with string interpolation.
The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.
NOTE: When concatenation between two strings is broken over multiple
lines, this cop does not register an offense; instead,
Style/LineEndConcatenation
will pick up the offense if enabled.
Example:
# bad
email_with_name = user.name + ' '
# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)
# accepted, line-end concatenation
name = 'First' +
'Last'
Selectors must be placed on new lines Open
a, abbr, acronym, address, big, cite, code,
- Read upRead up
- Exclude checks
Single Line Per Selector
Rule single-line-per-selector
will enforce whether selectors should be placed on a new line.
Examples
When enabled, the following are allowed:
.foo,
.bar {
content: 'baz';
}
When enabled, the following are disallowed:
.foo, .bar {
content: 'baz';
}
Selectors must be placed on new lines Open
a, abbr, acronym, address, big, cite, code,
- Read upRead up
- Exclude checks
Single Line Per Selector
Rule single-line-per-selector
will enforce whether selectors should be placed on a new line.
Examples
When enabled, the following are allowed:
.foo,
.bar {
content: 'baz';
}
When enabled, the following are disallowed:
.foo, .bar {
content: 'baz';
}
Selectors must be placed on new lines Open
fieldset, form, label, legend,
- Read upRead up
- Exclude checks
Single Line Per Selector
Rule single-line-per-selector
will enforce whether selectors should be placed on a new line.
Examples
When enabled, the following are allowed:
.foo,
.bar {
content: 'baz';
}
When enabled, the following are disallowed:
.foo, .bar {
content: 'baz';
}
Selectors must be placed on new lines Open
table, caption, tbody, tfoot, thead, tr, th, td,
- Read upRead up
- Exclude checks
Single Line Per Selector
Rule single-line-per-selector
will enforce whether selectors should be placed on a new line.
Examples
When enabled, the following are allowed:
.foo,
.bar {
content: 'baz';
}
When enabled, the following are disallowed:
.foo, .bar {
content: 'baz';
}
Selectors must be placed on new lines Open
table, caption, tbody, tfoot, thead, tr, th, td,
- Read upRead up
- Exclude checks
Single Line Per Selector
Rule single-line-per-selector
will enforce whether selectors should be placed on a new line.
Examples
When enabled, the following are allowed:
.foo,
.bar {
content: 'baz';
}
When enabled, the following are disallowed:
.foo, .bar {
content: 'baz';
}