tootsuite/mastodon

View on GitHub

Showing 222 of 230 total issues

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/pull/809

Solution: remove or disable this gem until a patch is available!

Method has too many optional parameters. [4/3]
Open

  def descendants(limit, account = nil, max_child_id = nil, since_child_id = nil, depth = nil)
    find_statuses_from_tree_path(descendant_ids(limit, max_child_id, since_child_id, depth), account, promote: true)
  end

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def request_follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Avoid parameter lists longer than 5 parameters. [6/5]
Open

  def follow!(other_account, reblogs: nil, notify: nil, uri: nil, rate_limit: false, bypass_limit: false)

This cop checks for methods with too many parameters.

The maximum number of parameters is configurable. Keyword arguments can optionally be excluded from the total count, as they add less complexity than positional or optional parameters.

Example: Max: 3

# good
def foo(a, b, c = 1)
end

Example: Max: 2

# bad
def foo(a, b, c = 1)
end

Example: CountKeywordArgs: true (default)

# counts keyword args towards the maximum

# bad (assuming Max is 3)
def foo(a, b, c, d: 1)
end

# good (assuming Max is 3)
def foo(a, b, c: 1)
end

Example: CountKeywordArgs: false

# don't count keyword args towards the maximum

# good (assuming Max is 3)
def foo(a, b, c, d: 1)
end

This cop also checks for the maximum number of optional parameters. This can be configured using the MaxOptionalParameters config option.

Example: MaxOptionalParameters: 3 (default)

# good
def foo(a = 1, b = 2, c = 3)
end

Example: MaxOptionalParameters: 2

# bad
def foo(a = 1, b = 2, c = 3)
end

Use keyword arguments when defining method with boolean argument.
Open

  def name_tag_classes(account, inline = false)

This cop checks for places where keyword arguments can be used instead of boolean arguments when defining methods. respond_to_missing? method is allowed by default. These are customizable with AllowedMethods option.

Example:

# bad
def some_method(bar = false)
  puts bar
end

# bad - common hack before keyword args were introduced
def some_method(options = {})
  bar = options.fetch(:bar, false)
  puts bar
end

# good
def some_method(bar: false)
  puts bar
end

Example: AllowedMethods: ['some_method']

# good
def some_method(bar = false)
  puts bar
end

Use empty lines between class definitions.
Open

  class DimensionsValidationError < ValidationError; end
Severity: Minor
Found in app/lib/exceptions.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Prefer string interpolation to string concatenation.
Open

      preview = preview[0, preview.index("\n").presence || 30] + '…'
Severity: Minor
Found in app/lib/rss/serializer.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Use keyword arguments when defining method with boolean argument.
Open

  def call(parent_status, collection_or_uri, allow_synchronous_requests = true)

This cop checks for places where keyword arguments can be used instead of boolean arguments when defining methods. respond_to_missing? method is allowed by default. These are customizable with AllowedMethods option.

Example:

# bad
def some_method(bar = false)
  puts bar
end

# bad - common hack before keyword args were introduced
def some_method(options = {})
  bar = options.fetch(:bar, false)
  puts bar
end

# good
def some_method(bar: false)
  puts bar
end

Example: AllowedMethods: ['some_method']

# good
def some_method(bar = false)
  puts bar
end

Redundant begin block detected.
Open

      begin

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Use keyword arguments when defining method with boolean argument.
Open

  def perform(follower_account_id, old_target_account_id, new_target_account_id, bypass_locked = false)

This cop checks for places where keyword arguments can be used instead of boolean arguments when defining methods. respond_to_missing? method is allowed by default. These are customizable with AllowedMethods option.

Example:

# bad
def some_method(bar = false)
  puts bar
end

# bad - common hack before keyword args were introduced
def some_method(options = {})
  bar = options.fetch(:bar, false)
  puts bar
end

# good
def some_method(bar: false)
  puts bar
end

Example: AllowedMethods: ['some_method']

# good
def some_method(bar = false)
  puts bar
end

Redundant begin block detected.
Open

            begin
Severity: Minor
Found in lib/mastodon/cli_helper.rb by rubocop

This cop checks for redundant begin blocks.

Currently it checks for code like this:

Example:

# bad
def redundant
  begin
    ala
    bala
  rescue StandardError => e
    something
  end
end

# good
def preferred
  ala
  bala
rescue StandardError => e
  something
end

# bad
begin
  do_something
end

# good
do_something

# bad
# When using Ruby 2.5 or later.
do_something do
  begin
    something
  rescue => ex
    anything
  end
end

# good
# In Ruby 2.5 or later, you can omit `begin` in `do-end` block.
do_something do
  something
rescue => ex
  anything
end

# good
# Stabby lambdas don't support implicit `begin` in `do-end` blocks.
-> do
  begin
    foo
  rescue Bar
    baz
  end
end

Use empty lines between class definitions.
Open

    class ListAccount < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Use empty lines between class definitions.
Open

    class PollVote < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Use empty lines between class definitions.
Open

    class CustomEmoji < ApplicationRecord; end
Severity: Minor
Found in lib/mastodon/maintenance_cli.rb by rubocop

This cop checks whether class/module/method definitions are separated by one or more empty lines.

NumberOfEmptyLines can be an integer (default is 1) or an array (e.g. [1, 2]) to specify a minimum and maximum number of empty lines permitted.

AllowAdjacentOneLineDefs configures whether adjacent one-line definitions are considered an offense.

Example: EmptyLineBetweenMethodDefs: true (default)

# checks for empty lines between method definitions.

# bad
def a
end
def b
end

Example:

# good
def a
end

def b
end

Example: EmptyLineBetweenClassDefs: true (default)

# checks for empty lines between class definitions.

# bad
class A
end
class B
end
def b
end

Example:

# good
class A
end

class B
end

def b
end

Example: EmptyLineBetweenModuleDefs: true (default)

# checks for empty lines between module definitions.

# bad
module A
end
module B
end
def b
end

Example:

# good
module A
end

module B
end

def b
end

Example: AllowAdjacentOneLineDefs: true

# good
class ErrorA < BaseError; end
class ErrorB < BaseError; end
class ErrorC < BaseError; end

Prefer string interpolation to string concatenation.
Open

  port     = ENV.fetch(prefix + 'REDIS_PORT') { 6379 if defaults }
Severity: Minor
Found in lib/mastodon/redis_config.rb by rubocop

This cop checks for places where string concatenation can be replaced with string interpolation.

The cop can autocorrect simple cases but will skip autocorrecting more complex cases where the resulting code would be harder to read. In those cases, it might be useful to extract statements to local variables or methods which you can then interpolate in a string.

NOTE: When concatenation between two strings is broken over multiple lines, this cop does not register an offense; instead, Style/LineEndConcatenation will pick up the offense if enabled.

Example:

# bad
email_with_name = user.name + ' '

# good
email_with_name = "#{user.name} "
email_with_name = format('%s ', user.name, user.email)

# accepted, line-end concatenation
name = 'First' +
  'Last'

Selectors must be placed on new lines
Open

a, abbr, acronym, address, big, cite, code,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

a, abbr, acronym, address, big, cite, code,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

fieldset, form, label, legend,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

table, caption, tbody, tfoot, thead, tr, th, td,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}

Selectors must be placed on new lines
Open

table, caption, tbody, tfoot, thead, tr, th, td,

Single Line Per Selector

Rule single-line-per-selector will enforce whether selectors should be placed on a new line.

Examples

When enabled, the following are allowed:

.foo,
.bar {
  content: 'baz';
}

When enabled, the following are disallowed:

.foo, .bar {
  content: 'baz';
}
Severity
Category
Status
Source
Language