Class: Ducalis::ProtectedScopeCop

Inherits:

RuboCop::Cop::Cop

Object
RuboCop::Cop::Cop
Ducalis::ProtectedScopeCop

show all

Defined in:: lib/ducalis/cops/protected_scope_cop.rb

Constant Summary collapse

OFFENSE =

"  | Seems like you are using `find` on non-protected scope. Potentially it could lead to unauthorized access. It's better to call `find` on authorized resources scopes.\n".gsub(/^ +\|\s/, '').strip

DETAILS =

"  | Example:\n\n  | ```ruby\n  | current_group.employees.find(params[:id])\n  | # better then\n  | Employee.find(params[:id])\n  | ```\n\n".gsub(/^ +\|\s/, '').strip

Instance Method Summary collapse

#on_send(node) ⇒ Object

Instance Method Details

#on_send(node) ⇒ `Object`

# File 'lib/ducalis/cops/protected_scope_cop.rb', line 22

def on_send(node)
  return unless [find_method?(node), find_by_id?(node)].any?
  return unless const_like?(node)

  add_offense(node, :expression, OFFENSE)
end