CSC/ECE 517 Spring 2019 - Project E1917. Fix Code Climate issues in controllers with names beginning with P through Z: Difference between revisions
Line 58: | Line 58: | ||
===Issue - Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead.=== | ===Issue - Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead.=== | ||
[[File:Time_zone_and_out_of_condition.png|center]] | |||
===Issue - Move redirect_to "/" out of the conditional.=== | ===Issue - Move redirect_to "/" out of the conditional.=== |
Revision as of 00:51, 26 March 2019
About Expertiza
Expertiza is an open source project based on Ruby on Rails framework. Expertiza allows the instructor to create new assignments and customize new or existing assignments. It also allows the instructor to create a list of topics the students can sign up for. Students can form teams in Expertiza to work on various projects and assignments. Students can also peer review other students' submissions. Expertiza supports submission across various document types, including the URLs and wiki pages[1].
Code Climate Issues and Problem Statements
Codeclimate is a command line interface for the Code Climate analysis platform [2]. It can detect code smells which violate ruby/rails best practices. The task is to fix certain code climate issues detected by Code Climate analysis platform in controllers with the name beginning with P through Z. These issues includes unsafe use of methods, inappropriate syntax, non-optimal code structure which violates the DRY principle and so on. There are 37 different types of issues fixed in this project.
List of Issues
- Unprotected mass assignment
- Use a guard clause instead of wrapping the code inside a conditional expression
- Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead
- Move redirect_to "/" out of the conditional.
- Block has too many lines
- Useless assignment to variable - initheader.
- Replace class var @@assignment_id with a class instance var
- Avoid comparing a variable with multiple items in a conditional, use Array#include? Instead
- Identical blocks of code found in 2 locations. Consider refactoring.
- Favor unless over if for negative conditions.
- Operator = should be surrounded by a single space.
- Line is too long
- Extra empty line detected at method body beginning.
- Unnecessary spacing detected.
- Parameters should be whitelisted for mass assignment
- Avoid using update_attribute because it skips validations.
- end at 44, 4 is not aligned with def at 39, 2.
- Unsafe reflection method const_get called with parameter value
- TODO found
- Convert if nested inside else to elsif
- Similar blocks of code found in 3 locations. Consider refactoring
- User controlled method execution
- Extra blank line detected
- Use empty lines between method definitions.
- Prefer each over for
- Prefer Date or Time over DateTime.
- Omit parentheses for ternary conditions
- Do not place comments on the same line as the end keyword.
- Useless assignment to variable - controllers. Did you mean controller?
- end at 135, 2 is not aligned with class at 1, 0
- Put one space between the method name and the first argument.
- Space missing after colon.
- Use the new Ruby 1.9 hash syntax
- show, edit, update, destroy are not explicitly defined on the controller.
- Rename is_user_ta? to user_ta?
- Avoid comma after the last item of an array
- Move redirect_to view_student_teams_path student_id: student.id out of the conditional
Implementation
There are many minor issues such as unnecessary spacing, extra blank line detected, extra parentheses used and so on. We're not going to show all these minor fixing in this section. The focus would be on some of the important issues listed above that we fixed.
Issue - Unprotected Mass Assignment
Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash. Protection for mass assignment is on by default. Query parameters must be explicitly whitelisted via permit in order to be used in mass assignment.This issue appears in different controller files. An example of how we fixed it in questions_controller.rb is shown below:
Issue - Use a guard clause instead of wrapping the code inside a conditional expression.
Issue - Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead.
Issue - Move redirect_to "/" out of the conditional.
Issue - Avoid comparing a variable with multiple items in a conditional, use Array#include? Instead
Issue - Favor unless over if for negative conditions.
Issue - Unsafe reflection method const_get called with parameter value
Testing
The Expertiza project provides 77 rspec tests under expertiza/spec and 8 of them are related to our controllers files. After modifying those 28 files, we want to make sure these tests could still pass. We passed all the Rspec tests except for "response_controller". However, we were not requirement to fix the issues for this controllers.
Reference
- 1:http://wiki.expertiza.ncsu.edu/index.php/CSC/ECE_517_Fall_2017/E1784_Fix_mass_assignments_reported_by_Brakeman.rb
- 2: https://github.com/codeclimate/codeclimate/blob/master/README.md
- The Class GitHub Repository: https://github.com/expertiza/expertiza
- The Class Code Climate:https://codeclimate.com/github/expertiza/expertiza