class Railroader::CheckUnscopedFind

Checks for unscoped calls to models' find and find_by_id methods.

Public Instance Methods

optional_belongs_to?(exp) click to toggle source
# File lib/railroader/checks/check_unscoped_find.rb, line 46
def optional_belongs_to? exp
  return false unless exp.is_a? Array

  exp.each do |e|
    if hash? e and true? hash_access(e, :optional)
      return true
    end
  end

  false
end
process_result(result) click to toggle source
# File lib/railroader/checks/check_unscoped_find.rb, line 28
def process_result result
  return if duplicate? result or result[:call].original_line

  # Not interested unless argument is user controlled.
  inputs = result[:call].args.map { |arg| include_user_input?(arg) }
  return unless input = inputs.compact.first

  add_result result

  warn :result => result,
    :warning_type => "Unscoped Find",
    :warning_code => :unscoped_find,
    :message      => "Unscoped call to #{result[:target]}##{result[:method]}",
    :code         => result[:call],
    :confidence   => :weak,
    :user_input   => input
end
run_check() click to toggle source
# File lib/railroader/checks/check_unscoped_find.rb, line 9
def run_check
  Railroader.debug("Finding instances of #find on models with associations")

  associated_model_names = active_record_models.keys.select do |name|
    if belongs_to = active_record_models[name].associations[:belongs_to]
      not optional_belongs_to? belongs_to
    else
      false
    end
  end

  calls = tracker.find_call :method => [:find, :find_by_id, :find_by_id!],
                            :targets => associated_model_names

  calls.each do |call|
    process_result call
  end
end