SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Ruby

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

  • All rules 75
  • Bug17
  • Security Hotspot2
  • Code Smell56
 
Tags
    Impact
      Clean code attribute
        1. Modules should use "extend self" instead of "module_function"

           Code Smell
        2. Array and hash literals should be used instead of constructors when no parameters are needed

           Code Smell
        3. Logical operators "and" and "or" should be replaced with "&&" and "||"

           Code Smell
        4. Private methods should be declared at the end of Ruby classes

           Code Smell
        5. Predicate methods should not use redundant "is_" prefix

           Code Smell
        6. Controllers should inherit from appropriate base classes

           Code Smell
        7. Rails model callback methods should be private

           Code Smell
        8. Rails collections should use "ids" instead of "pluck(:id)" for primary keys

           Code Smell
        9. Rails queries should use "find_by" instead of "where.take" for single record retrieval

           Code Smell
        10. Safe navigation operator should be preferred over ActiveSupport's "try!"

           Code Smell
        11. HTTP status codes should use symbols instead of numeric values

           Code Smell
        12. Use "require_relative" instead of "require" for loading local files

           Code Smell
        13. Before destroy callbacks should use proper halt mechanism

           Bug
        14. Rails applications should define a root route with proper controller#action syntax

           Bug
        15. Non-mutating sort methods should have their return values used

           Bug
        16. "return" statements should not be used in blocks

           Bug
        17. "unless" statements should be used appropriately to avoid confusing logic

           Code Smell
        18. Rails API controllers using "respond_to" should include "ActionController::MimeResponds"

           Bug
        19. Environment variables should be validated or have default values

           Bug
        20. Regular expressions should not be passed to "String#include?"

           Bug
        21. Asset compilation should be disabled in production environments

           Code Smell
        22. Symbol keys containing hyphens should be quoted

           Bug
        23. Enumerable methods should be used instead of "each" with "break" or "return"

           Code Smell
        24. Global variables should not be used in Rails applications

           Code Smell
        25. Direct "Thread.current" usage should be avoided in favor of safer alternatives

           Code Smell
        26. Column names should not use SQL reserved words

           Bug
        27. Bare rescue clauses should specify exception types

           Code Smell
        28. Require statements should be placed at the top of files

           Code Smell
        29. Exception classes should be used instead of raising generic strings

           Code Smell
        30. Use "Dir.chdir" instead of system calls for directory changes

           Code Smell
        31. Constants in modules should use explicit class scoping when they may be overridden by including classes

           Code Smell
        32. ActiveRecord models should override "as_json" instead of "to_json" for custom JSON serialization

           Bug
        33. Explicit RuntimeErrors should be omitted in raise statements

           Code Smell
        34. Multi-line comments should not be empty

           Code Smell
        35. Methods should not have identical implementations

           Code Smell
        36. All branches in a conditional structure should not have exactly the same implementation

           Bug
        37. Cognitive Complexity of functions should not be too high

           Code Smell
        38. Non-existent operators like "=+" should not be used

           Bug
        39. Ruby parser failure

           Code Smell
        40. Hard-coded credentials are security-sensitive

           Security Hotspot
        41. Boolean checks should not be inverted

           Code Smell
        42. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        43. Related "if/elsif" statements and "when" in a "case" should not have the same condition

           Bug
        44. "case" statements should not be nested

           Code Smell
        45. Identical expressions should not be used on both sides of a binary operator

           Bug
        46. All code should be reachable

           Bug
        47. Variables should not be self-assigned

           Bug
        48. Unused local variables should be removed

           Code Smell
        49. "case" statements should not have too many "when" clauses

           Code Smell
        50. Track lack of copyright and license headers

           Code Smell
        51. Functions should not have too many lines of code

           Code Smell
        52. Control flow statements "if", "for", "while", "until", "case" and "begin...rescue" should not be nested too deeply

           Code Smell
        53. Octal values should not be used

           Code Smell
        54. Using hardcoded IP addresses is security-sensitive

           Security Hotspot
        55. "case" statements should have "else" clauses

           Code Smell
        56. "if ... else if" constructs should end with "else" clauses

           Code Smell
        57. Statements should be on separate lines

           Code Smell
        58. String literals should not be duplicated

           Code Smell
        59. Methods should not be empty

           Code Smell
        60. Unused function parameters should be removed

           Code Smell
        61. Function and block parameter names should comply with a naming convention

           Code Smell
        62. "case when" clauses should not have too many lines of code

           Code Smell
        63. Useless "if true ..." and "if false ..." blocks should be removed

           Bug
        64. Track uses of "TODO" tags

           Code Smell
        65. Track uses of "FIXME" tags

           Code Smell
        66. Redundant pairs of parentheses should be removed

           Code Smell
        67. Nested blocks of code should not be left empty

           Code Smell
        68. Functions should not have too many parameters

           Code Smell
        69. Expressions should not be too complex

           Code Smell
        70. Mergeable "if" statements should be combined

           Code Smell
        71. Tabulation characters should not be used

           Code Smell
        72. Files should not have too many lines of code

           Code Smell
        73. Lines should not be too long

           Code Smell
        74. Class names should comply with a naming convention

           Code Smell
        75. Method names should comply with a naming convention

           Code Smell

        Direct "Thread.current" usage should be avoided in favor of safer alternatives

        adaptability - modular
        security
        reliability
        maintainability
        Code Smell
        • threading
        • architecture
        • memory-leak

        This rule raises an issue when code directly accesses Thread.current to store or retrieve values, which can lead to testing difficulties, memory leaks, and architectural problems.

        Why is this an issue?

        How can I fix it?

        More Info

        Direct usage of Thread.current creates several problems in Ruby applications:

        Testing Difficulties

        Thread.current creates hidden dependencies that make unit testing harder. Tests become unpredictable because they depend on thread-local state that may not be properly set up or cleaned up between test runs.

        Memory Leak Risks

        In web applications using thread pools (like Puma or Unicorn), threads are reused across requests. If thread-local variables are not properly cleaned up, they can persist between requests, causing memory leaks and potential security issues where one user’s data might leak to another user’s request.

        Architectural Problems

        Using Thread.current violates the Law of Demeter and breaks MVC patterns. It creates tight coupling between different layers of the application, making code harder to understand, maintain, and refactor. Models and services become dependent on global thread state instead of explicit dependencies.

        Concurrency Issues

        Thread-local storage can mask concurrency problems and make debugging more difficult. It’s harder to reason about code behavior when state is stored in thread-local variables rather than being passed explicitly.

        What is the potential impact?

        Using Thread.current can lead to memory leaks in production environments, unpredictable test behavior, security vulnerabilities where user data leaks between requests, and code that is difficult to maintain and debug. In severe cases, it can cause application instability and data corruption.

          Available In:
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use