tootsuite/mastodon

View on GitHub

Showing 325 of 366 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/pull/809

Solution: remove or disable this gem until a patch is available!

Class has too many lines. [373/300]
Open

  class AccountsCLI < Thor
    include CLIHelper

    def self.exit_on_failure?
      true
Severity: Minor
Found in lib/mastodon/accounts_cli.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [373/300]
Open

class Status < ApplicationRecord
  before_destroy :unlink_from_conversations

  include Discard::Model
  include Paginable
Severity: Minor
Found in app/models/status.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Block has too many lines. [52/35]
Open

  class_methods do
    def following_map(target_account_ids, account_id)
      Follow.where(target_account_id: target_account_ids, account_id: account_id).each_with_object({}) do |follow, mapping|
        mapping[follow.target_account_id] = {
          reblogs: follow.show_reblogs?,

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    if records_continue?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    unless paginated_blocks.empty?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    if records_continue?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    unless @blocks.empty?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Align the keys of a hash literal if they span more than one line.
Open

    unblock:        'http://mastodon.social/schema/1.0/unblock',
Severity: Minor
Found in app/lib/ostatus/tag_manager.rb by rubocop

Check that the keys, separators, and values of a multi-line hash literal are aligned according to configuration. The configuration options are:

- key (left align keys, one space before hash rockets and values)
- separator (align hash rockets and colons, right align keys)
- table (left align keys, hash rockets, and values)

The treatment of hashes passed as the last argument to a method call can also be configured. The options are:

- always_inspect
- always_ignore
- ignore_implicit (without curly braces)

Alternatively you can specify multiple allowed styles. That's done by passing a list of styles to EnforcedStyles.

Example: EnforcedHashRocketStyle: key (default)

# bad
{
  :foo => bar,
   :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
  :ba => baz
}

Example: EnforcedHashRocketStyle: separator

# bad
{
  :foo => bar,
  :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
   :ba => baz
}

Example: EnforcedHashRocketStyle: table

# bad
{
  :foo => bar,
   :ba => baz
}

# good
{
  :foo => bar,
  :ba  => baz
}

Example: EnforcedColonStyle: key (default)

# bad
{
  foo: bar,
   ba: baz
}
{
  foo: bar,
  ba:  baz
}

# good
{
  foo: bar,
  ba: baz
}

Example: EnforcedColonStyle: separator

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
   ba: baz
}

Example: EnforcedColonStyle: table

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
  ba:  baz
}

Example: EnforcedLastArgumentHashStyle: always_inspect (default)

# Inspect both implicit and explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
             bar: 2)

# good
do_something(
  foo: 1,
  bar: 2
)

# good
do_something({foo: 1,
              bar: 2})

# good
do_something({
  foo: 1,
  bar: 2
})

Example: EnforcedLastArgumentHashStyle: always_ignore

# Ignore both implicit and explicit hashes.

# good
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Example: EnforcedLastArgumentHashStyle: ignore_implicit

# Ignore only implicit hashes.

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
  bar: 2)

Example: EnforcedLastArgumentHashStyle: ignore_explicit

# Ignore only explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Specify a :dependent option.
Open

  has_many :users, inverse_of: :invite
Severity: Minor
Found in app/models/invite.rb by rubocop

This cop looks for has_many or has_one associations that don't specify a :dependent option. It doesn't register an offense if :through option was specified.

Example:

# bad
class User < ActiveRecord::Base
  has_many :comments
  has_one :avatar
end

# good
class User < ActiveRecord::Base
  has_many :comments, dependent: :restrict_with_exception
  has_one :avatar, dependent: :destroy
  has_many :patients, through: :appointments
end

Specify an :inverse_of option.
Open

  belongs_to :follow,         foreign_type: 'Follow',        foreign_key: 'activity_id', optional: true
Severity: Minor
Found in app/models/notification.rb by rubocop

This cop looks for has(one|many) and belongsto associations where Active Record can't automatically determine the inverse association because of a scope or the options used. Using the blog with order scope example below, traversing the a Blog's association in both directions with blog.posts.first.blog would cause the blog to be loaded from the database twice.

:inverse_of must be manually specified for Active Record to use the associated object in memory, or set to false to opt-out. Note that setting nil does not stop Active Record from trying to determine the inverse automatically, and is not considered a valid value for this.

Example:

# good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

Example:

# bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: :blog)
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
# When you don't want to use the inverse association.
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: false)
end

Example:

# bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

Example:

# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

@see https://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see https://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

Add empty line after guard clause.
Open

        next if records.key?(key) || default_value.is_a?(Hash)
Severity: Minor
Found in app/models/setting.rb by rubocop

This cop enforces empty line after guard clause

Example:

# bad
def foo
  return if need_return?
  bar
end

# good
def foo
  return if need_return?

  bar
end

# good
def foo
  return if something?
  return if something_different?

  bar
end

# also good
def foo
  if something?
    do_something
    return if need_return?
  end
end

Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    unless paginated_mutes.empty?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Add empty line after guard clause.
Open

      next if parsed_parts.nil? || parsed_parts.size != 3

This cop enforces empty line after guard clause

Example:

# bad
def foo
  return if need_return?
  bar
end

# good
def foo
  return if need_return?

  bar
end

# good
def foo
  return if something?
  return if something_different?

  bar
end

# also good
def foo
  if something?
    do_something
    return if need_return?
  end
end

Align the keys of a hash literal if they span more than one line.
Open

    reject:         'http://activitystrea.ms/schema/1.0/reject',
Severity: Minor
Found in app/lib/ostatus/tag_manager.rb by rubocop

Check that the keys, separators, and values of a multi-line hash literal are aligned according to configuration. The configuration options are:

- key (left align keys, one space before hash rockets and values)
- separator (align hash rockets and colons, right align keys)
- table (left align keys, hash rockets, and values)

The treatment of hashes passed as the last argument to a method call can also be configured. The options are:

- always_inspect
- always_ignore
- ignore_implicit (without curly braces)

Alternatively you can specify multiple allowed styles. That's done by passing a list of styles to EnforcedStyles.

Example: EnforcedHashRocketStyle: key (default)

# bad
{
  :foo => bar,
   :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
  :ba => baz
}

Example: EnforcedHashRocketStyle: separator

# bad
{
  :foo => bar,
  :ba => baz
}
{
  :foo => bar,
  :ba  => baz
}

# good
{
  :foo => bar,
   :ba => baz
}

Example: EnforcedHashRocketStyle: table

# bad
{
  :foo => bar,
   :ba => baz
}

# good
{
  :foo => bar,
  :ba  => baz
}

Example: EnforcedColonStyle: key (default)

# bad
{
  foo: bar,
   ba: baz
}
{
  foo: bar,
  ba:  baz
}

# good
{
  foo: bar,
  ba: baz
}

Example: EnforcedColonStyle: separator

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
   ba: baz
}

Example: EnforcedColonStyle: table

# bad
{
  foo: bar,
  ba: baz
}

# good
{
  foo: bar,
  ba:  baz
}

Example: EnforcedLastArgumentHashStyle: always_inspect (default)

# Inspect both implicit and explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
             bar: 2)

# good
do_something(
  foo: 1,
  bar: 2
)

# good
do_something({foo: 1,
              bar: 2})

# good
do_something({
  foo: 1,
  bar: 2
})

Example: EnforcedLastArgumentHashStyle: always_ignore

# Ignore both implicit and explicit hashes.

# good
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Example: EnforcedLastArgumentHashStyle: ignore_implicit

# Ignore only implicit hashes.

# bad
do_something({foo: 1,
  bar: 2})

# good
do_something(foo: 1,
  bar: 2)

Example: EnforcedLastArgumentHashStyle: ignore_explicit

# Ignore only explicit hashes.

# bad
do_something(foo: 1,
  bar: 2)

# good
do_something({foo: 1,
  bar: 2})

Avoid rescuing without specifying an error class.
Open

            rescue => e
Severity: Minor
Found in app/lib/request.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Avoid rescuing without specifying an error class.
Open

  rescue => e
Severity: Minor
Found in app/lib/sidekiq_error_handler.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Specify an :inverse_of option.
Open

  has_many :accounts, foreign_key: :domain, primary_key: :domain
Severity: Minor
Found in app/models/domain_block.rb by rubocop

This cop looks for has(one|many) and belongsto associations where Active Record can't automatically determine the inverse association because of a scope or the options used. Using the blog with order scope example below, traversing the a Blog's association in both directions with blog.posts.first.blog would cause the blog to be loaded from the database twice.

:inverse_of must be manually specified for Active Record to use the associated object in memory, or set to false to opt-out. Note that setting nil does not stop Active Record from trying to determine the inverse automatically, and is not considered a valid value for this.

Example:

# good
class Blog < ApplicationRecord
  has_many :posts
end

class Post < ApplicationRecord
  belongs_to :blog
end

Example:

# bad
class Blog < ApplicationRecord
  has_many :posts, -> { order(published_at: :desc) }
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: :blog)
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
class Blog < ApplicationRecord
  with_options inverse_of: :blog do
    has_many :posts, -> { order(published_at: :desc) }
  end
end

class Post < ApplicationRecord
  belongs_to :blog
end

# good
# When you don't want to use the inverse association.
class Blog < ApplicationRecord
  has_many(:posts,
           -> { order(published_at: :desc) },
           inverse_of: false)
end

Example:

# bad
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable
end

# good
class Picture < ApplicationRecord
  belongs_to :imageable, polymorphic: true
end

class Employee < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

class Product < ApplicationRecord
  has_many :pictures, as: :imageable, inverse_of: :imageable
end

Example:

# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

# good
class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end

class Appointment < ApplicationRecord
  belongs_to :physician, inverse_of: :appointments
  belongs_to :patient, inverse_of: :appointments
end

class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end

@see https://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see https://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses

Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    unless @accounts.empty?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

    if records_continue?

Checks for if and unless statements that would fit on one line if written as modifier if/unless. The cop also checks for modifier if/unless lines that exceed the maximum line length.

The maximum line length is configured in the Layout/LineLength cop. The tab size is configured in the IndentationWidth of the Layout/IndentationStyle cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

do_something_in_a_method_with_a_long_name(arg) if long_condition

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?

if long_condition
  do_something_in_a_method_with_a_long_name(arg)
end
Severity
Category
Status
Source
Language