Showing 18 of 18 total issues
OS Command Injection in Rake Open
rake (10.4.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (1.8.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
httparty has multipart/form-data request tampering vulnerability Open
httparty (0.13.7)
- Read upRead up
- Exclude checks
Advisory:
Criticality: Medium
URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
Solution: upgrade to >= 0.21.0
RuboCop gem Insecure use of /tmp Open
rubocop (0.35.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
Missing top-level module documentation comment. Open
module Sheetsu
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Add an empty line after magic comments. Open
lib = File.expand_path('../lib', __FILE__)
- Read upRead up
- Exclude checks
Checks for a newline after the final magic comment.
Example:
# good
# frozen_string_literal: true
# Some documentation for Person
class Person
# Some code
end
# bad
# frozen_string_literal: true
# Some documentation for Person
class Person
# Some code
end
Freeze mutable objects assigned to constants. Open
VERSION = '0.1.1'
- Read upRead up
- Exclude checks
This cop checks whether some constant value isn't a mutable literal (e.g. array or hash).
Example:
# bad
CONST = [1, 2, 3]
# good
CONST = [1, 2, 3].freeze
Missing top-level class documentation comment. Open
class ErrorHandler
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Prefer single-quoted strings when you don't need string interpolation or special symbols. Open
self.class.base_uri "https://sheetsu.com/apis"
- Read upRead up
- Exclude checks
Checks if uses of quotes match the configured preference.
Example: EnforcedStyle: single_quotes (default)
# bad
"No special symbols"
"No string interpolation"
"Just text"
# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"
Example: EnforcedStyle: double_quotes
# bad
'Just some text'
'No special chars or interpolation'
# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"
Always use raise
to signal exceptions. Open
fail Error, 'API with given URL is not found'
- Read upRead up
- Exclude checks
This cop checks for uses of fail
and raise
.
Example: EnforcedStyle: only_raise (default)
# The `only_raise` style enforces the sole use of `raise`.
# bad
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
# handle it
end
Kernel.fail
# good
begin
raise
rescue Exception
# handle it
end
def watch_out
raise
rescue Exception
# handle it
end
Kernel.raise
Example: EnforcedStyle: only_fail
# The `only_fail` style enforces the sole use of `fail`.
# bad
begin
raise
rescue Exception
# handle it
end
def watch_out
raise
rescue Exception
# handle it
end
Kernel.raise
# good
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
# handle it
end
Kernel.fail
Example: EnforcedStyle: semantic
# The `semantic` style enforces the use of `fail` to signal an
# exception, then will use `raise` to trigger an offense after
# it has been rescued.
# bad
begin
raise
rescue Exception
# handle it
end
def watch_out
# Error thrown
rescue Exception
fail
end
Kernel.fail
Kernel.raise
# good
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
raise 'Preferably with descriptive message'
end
explicit_receiver.fail
explicit_receiver.raise
Line is too long. [104/80] Open
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
- Exclude checks
Dependencies should be sorted in an alphabetical order within their section of the gemspec. Dependency rubocop
should appear before webmock
. Open
spec.add_development_dependency 'rubocop', '~> 0.35.1'
- Read upRead up
- Exclude checks
Dependencies in the gemspec should be alphabetically sorted.
Example:
# bad
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# good
spec.add_dependency 'rspec'
spec.add_dependency 'rubocop'
# good
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# bad
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# good
spec.add_development_dependency 'rspec'
spec.add_development_dependency 'rubocop'
# good
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# bad
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'
# good
spec.add_runtime_dependency 'rspec'
spec.add_runtime_dependency 'rubocop'
# good
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'
Missing top-level class documentation comment. Open
class Client
- Read upRead up
- Exclude checks
This cop checks for missing top-level documentation of classes and modules. Classes with no body are exempt from the check and so are namespace modules - modules that have nothing in their bodies except classes, other modules, or constant definitions.
The documentation requirement is annulled if the class or module has a "#:nodoc:" comment next to it. Likewise, "#:nodoc: all" does the same for all its children.
Example:
# bad
class Person
# ...
end
# good
# Description/Explanation of Person class
class Person
# ...
end
Dependencies should be sorted in an alphabetical order within their section of the gemspec. Dependency codeclimate-test-reporter
should appear before rubocop
. Open
spec.add_development_dependency 'codeclimate-test-reporter', '~> 0.4.8'
- Read upRead up
- Exclude checks
Dependencies in the gemspec should be alphabetically sorted.
Example:
# bad
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# good
spec.add_dependency 'rspec'
spec.add_dependency 'rubocop'
# good
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# bad
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# good
spec.add_development_dependency 'rspec'
spec.add_development_dependency 'rubocop'
# good
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# bad
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'
# good
spec.add_runtime_dependency 'rspec'
spec.add_runtime_dependency 'rubocop'
# good
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'
# good only if TreatCommentsAsGroupSeparators is true
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'
Unnecessary utf-8 encoding comment. Open
# coding: utf-8
- Exclude checks
Line is too long. [113/80] Open
response = self.class.post("/#{@id}", body: row.to_json, headers: { 'Content-Type' => 'application/json' })
- Exclude checks
Always use raise
to signal exceptions. Open
fail Error, 'Something goes wrong'
- Read upRead up
- Exclude checks
This cop checks for uses of fail
and raise
.
Example: EnforcedStyle: only_raise (default)
# The `only_raise` style enforces the sole use of `raise`.
# bad
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
# handle it
end
Kernel.fail
# good
begin
raise
rescue Exception
# handle it
end
def watch_out
raise
rescue Exception
# handle it
end
Kernel.raise
Example: EnforcedStyle: only_fail
# The `only_fail` style enforces the sole use of `fail`.
# bad
begin
raise
rescue Exception
# handle it
end
def watch_out
raise
rescue Exception
# handle it
end
Kernel.raise
# good
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
# handle it
end
Kernel.fail
Example: EnforcedStyle: semantic
# The `semantic` style enforces the use of `fail` to signal an
# exception, then will use `raise` to trigger an offense after
# it has been rescued.
# bad
begin
raise
rescue Exception
# handle it
end
def watch_out
# Error thrown
rescue Exception
fail
end
Kernel.fail
Kernel.raise
# good
begin
fail
rescue Exception
# handle it
end
def watch_out
fail
rescue Exception
raise 'Preferably with descriptive message'
end
explicit_receiver.fail
explicit_receiver.raise