class RuboCop::Cop::Security::CompoundHash
Checks for implementations of the ‘hash` method which combine values using custom logic instead of delegating to `Array#hash`.
Manually combining hashes is error prone and hard to follow, especially when there are many values. Poor implementations may also introduce performance or security concerns if they are prone to collisions. Delegating to ‘Array#hash` is clearer and safer, although it might be slower depending on the use case.
@safety
This cop may be unsafe if the application logic depends on the hash value, however this is inadvisable anyway.
@example
# bad def hash @foo ^ @bar end # good def hash [@foo, @bar].hash end
Constants
- COMBINATOR_IN_HASH_MSG
- MONUPLE_HASH_MSG
- REDUNDANT_HASH_MSG
- RESTRICT_ON_SEND
Public Instance Methods
Source
# File lib/rubocop/cop/security/compound_hash.rb, line 76 def contained_in_hash_method?(node, &block) node.each_ancestor.any? do |ancestor| hash_method_definition?(ancestor, &block) end end
Source
# File lib/rubocop/cop/security/compound_hash.rb, line 88 def on_send(node) outer_bad_hash_combinator?(node) do contained_in_hash_method?(node) do add_offense(node, message: COMBINATOR_IN_HASH_MSG) end end monuple_hash?(node) do add_offense(node, message: MONUPLE_HASH_MSG) end redundant_hash?(node) do add_offense(node, message: REDUNDANT_HASH_MSG) end end
Also aliased as: on_csend, on_op_asgn
Source
# File lib/rubocop/cop/security/compound_hash.rb, line 82 def outer_bad_hash_combinator?(node) bad_hash_combinator?(node) do yield true if node.each_ancestor.none? { |ancestor| bad_hash_combinator?(ancestor) } end end