Class: Ducalis::ProtectedScopeCop

Inherits:

RuboCop::Cop::Cop

Object
RuboCop::Cop::Cop
Ducalis::ProtectedScopeCop

show all

Defined in:: lib/ducalis/cops/protected_scope_cop.rb

Constant Summary collapse

OFFENSE =

<<-MESSAGE.gsub(/^ +\|\s/, '').strip
  | Seems like you are using `find` on non-protected scope. Potentially it could lead to unauthorized access. It's better to call `find` on authorized resources scopes.
MESSAGE

DETAILS =

<<-MESSAGE.gsub(/^ +\|\s/, '').strip
  | Example:

  | ```ruby
  | current_group.employees.find(params[:id])
  | # better then
  | Employee.find(params[:id])
  | ```

MESSAGE

Instance Method Summary collapse

#on_send(node) ⇒ Object

Instance Method Details

#on_send(node) ⇒ `Object`

# File 'lib/ducalis/cops/protected_scope_cop.rb', line 22

def on_send(node)
  return unless [find_method?(node), find_by_id?(node)].any?
  return unless const_like?(node)

  add_offense(node, :expression, OFFENSE)
end