class RuboCop::Cop::Security::CompoundHash
Checks for implementations of the `hash` method which combine values using custom logic instead of delegating to `Array#hash`.
Manually combining hashes is error prone and hard to follow, especially when there are many values. Poor implementations may also introduce performance or security concerns if they are prone to collisions. Delegating to `Array#hash` is clearer, faster, and safer.
@safety
This cop may be unsafe if the application logic depends on the hash value, however this is inadvisable anyway.
@example
# bad def hash @foo ^ @bar end # good def hash [@foo, @bar].hash end
Constants
- COMBINATOR_IN_HASH_MSG
- MONUPLE_HASH_MSG
- REDUNDANT_HASH_MSG
Public Instance Methods
contained_in_hash_method?(node, &block)
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 74 def contained_in_hash_method?(node, &block) node.each_ancestor.any? do |ancestor| hash_method_definition?(ancestor, &block) end end
on_send(node)
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 86 def on_send(node) outer_bad_hash_combinator?(node) do contained_in_hash_method?(node) do add_offense(node, message: COMBINATOR_IN_HASH_MSG) end end monuple_hash?(node) do add_offense(node, message: MONUPLE_HASH_MSG) end redundant_hash?(node) do add_offense(node, message: REDUNDANT_HASH_MSG) end end
Also aliased as: on_op_asgn
outer_bad_hash_combinator?(node) { |true| ... }
click to toggle source
# File lib/rubocop/cop/security/compound_hash.rb, line 80 def outer_bad_hash_combinator?(node) bad_hash_combinator?(node) do yield true if node.each_ancestor.none? { |ancestor| bad_hash_combinator?(ancestor) } end end