class RuboCop::Cop::Security::CompoundHash
Checks for implementations of the ‘hash` method which combine values using custom logic instead of delegating to `Array#hash`.
Manually combining hashes is error prone and hard to follow, especially when there are many values. Poor implementations may also introduce performance or security concerns if they are prone to collisions. Delegating to ‘Array#hash` is clearer and safer, although it might be slower depending on the use case.
@safety
This cop may be unsafe if the application logic depends on the hash value, however this is inadvisable anyway.
@example
# bad def hash @foo ^ @bar end # good def hash [@foo, @bar].hash end
Constants
- COMBINATOR_IN_HASH_MSG
- MONUPLE_HASH_MSG
- REDUNDANT_HASH_MSG
Public Instance Methods
contained_in_hash_method?(node, &block)
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 75 def contained_in_hash_method?(node, &block) node.each_ancestor.any? do |ancestor| hash_method_definition?(ancestor, &block) end end
on_send(node)
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 87 def on_send(node) outer_bad_hash_combinator?(node) do contained_in_hash_method?(node) do add_offense(node, message: COMBINATOR_IN_HASH_MSG) end end monuple_hash?(node) do add_offense(node, message: MONUPLE_HASH_MSG) end redundant_hash?(node) do add_offense(node, message: REDUNDANT_HASH_MSG) end end
Also aliased as: on_op_asgn
outer_bad_hash_combinator?(node) { |true| ... }
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 81 def outer_bad_hash_combinator?(node) bad_hash_combinator?(node) do yield true if node.each_ancestor.none? { |ancestor| bad_hash_combinator?(ancestor) } end end