SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Ruby

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

  • All rules 75
  • Bug17
  • Security Hotspot2
  • Code Smell56
 
Tags
    Impact
      Clean code attribute
        1. Modules should use "extend self" instead of "module_function"

           Code Smell
        2. Array and hash literals should be used instead of constructors when no parameters are needed

           Code Smell
        3. Logical operators "and" and "or" should be replaced with "&&" and "||"

           Code Smell
        4. Private methods should be declared at the end of Ruby classes

           Code Smell
        5. Predicate methods should not use redundant "is_" prefix

           Code Smell
        6. Controllers should inherit from appropriate base classes

           Code Smell
        7. Rails model callback methods should be private

           Code Smell
        8. Rails collections should use "ids" instead of "pluck(:id)" for primary keys

           Code Smell
        9. Rails queries should use "find_by" instead of "where.take" for single record retrieval

           Code Smell
        10. Safe navigation operator should be preferred over ActiveSupport's "try!"

           Code Smell
        11. HTTP status codes should use symbols instead of numeric values

           Code Smell
        12. Use "require_relative" instead of "require" for loading local files

           Code Smell
        13. Before destroy callbacks should use proper halt mechanism

           Bug
        14. Rails applications should define a root route with proper controller#action syntax

           Bug
        15. Non-mutating sort methods should have their return values used

           Bug
        16. "return" statements should not be used in blocks

           Bug
        17. "unless" statements should be used appropriately to avoid confusing logic

           Code Smell
        18. Rails API controllers using "respond_to" should include "ActionController::MimeResponds"

           Bug
        19. Environment variables should be validated or have default values

           Bug
        20. Regular expressions should not be passed to "String#include?"

           Bug
        21. Asset compilation should be disabled in production environments

           Code Smell
        22. Symbol keys containing hyphens should be quoted

           Bug
        23. Enumerable methods should be used instead of "each" with "break" or "return"

           Code Smell
        24. Global variables should not be used in Rails applications

           Code Smell
        25. Direct "Thread.current" usage should be avoided in favor of safer alternatives

           Code Smell
        26. Column names should not use SQL reserved words

           Bug
        27. Bare rescue clauses should specify exception types

           Code Smell
        28. Require statements should be placed at the top of files

           Code Smell
        29. Exception classes should be used instead of raising generic strings

           Code Smell
        30. Use "Dir.chdir" instead of system calls for directory changes

           Code Smell
        31. Constants in modules should use explicit class scoping when they may be overridden by including classes

           Code Smell
        32. ActiveRecord models should override "as_json" instead of "to_json" for custom JSON serialization

           Bug
        33. Explicit RuntimeErrors should be omitted in raise statements

           Code Smell
        34. Multi-line comments should not be empty

           Code Smell
        35. Methods should not have identical implementations

           Code Smell
        36. All branches in a conditional structure should not have exactly the same implementation

           Bug
        37. Cognitive Complexity of functions should not be too high

           Code Smell
        38. Non-existent operators like "=+" should not be used

           Bug
        39. Ruby parser failure

           Code Smell
        40. Hard-coded credentials are security-sensitive

           Security Hotspot
        41. Boolean checks should not be inverted

           Code Smell
        42. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        43. Related "if/elsif" statements and "when" in a "case" should not have the same condition

           Bug
        44. "case" statements should not be nested

           Code Smell
        45. Identical expressions should not be used on both sides of a binary operator

           Bug
        46. All code should be reachable

           Bug
        47. Variables should not be self-assigned

           Bug
        48. Unused local variables should be removed

           Code Smell
        49. "case" statements should not have too many "when" clauses

           Code Smell
        50. Track lack of copyright and license headers

           Code Smell
        51. Functions should not have too many lines of code

           Code Smell
        52. Control flow statements "if", "for", "while", "until", "case" and "begin...rescue" should not be nested too deeply

           Code Smell
        53. Octal values should not be used

           Code Smell
        54. Using hardcoded IP addresses is security-sensitive

           Security Hotspot
        55. "case" statements should have "else" clauses

           Code Smell
        56. "if ... else if" constructs should end with "else" clauses

           Code Smell
        57. Statements should be on separate lines

           Code Smell
        58. String literals should not be duplicated

           Code Smell
        59. Methods should not be empty

           Code Smell
        60. Unused function parameters should be removed

           Code Smell
        61. Function and block parameter names should comply with a naming convention

           Code Smell
        62. "case when" clauses should not have too many lines of code

           Code Smell
        63. Useless "if true ..." and "if false ..." blocks should be removed

           Bug
        64. Track uses of "TODO" tags

           Code Smell
        65. Track uses of "FIXME" tags

           Code Smell
        66. Redundant pairs of parentheses should be removed

           Code Smell
        67. Nested blocks of code should not be left empty

           Code Smell
        68. Functions should not have too many parameters

           Code Smell
        69. Expressions should not be too complex

           Code Smell
        70. Mergeable "if" statements should be combined

           Code Smell
        71. Tabulation characters should not be used

           Code Smell
        72. Files should not have too many lines of code

           Code Smell
        73. Lines should not be too long

           Code Smell
        74. Class names should comply with a naming convention

           Code Smell
        75. Method names should comply with a naming convention

           Code Smell

        Asset compilation should be disabled in production environments

        intentionality - efficient
        maintainability
        Code Smell
        • rails
        • performance
        • configuration

        This rule raises an issue when config.assets.compile is set to true in Rails production environment configuration files.

        Why is this an issue?

        How can I fix it?

        More Info

        Enabling asset compilation in production environments creates significant performance problems for Rails applications.

        When config.assets.compile = true is set in production, the Rails asset pipeline compiles assets on-demand during runtime. This means every request for a CSS, JavaScript, or image file must be processed by Sprockets, the Rails asset compilation engine.

        This live compilation approach has several serious drawbacks:

        • Performance overhead: Each asset request requires compilation processing, adding latency to page loads
        • Server resource consumption: The compilation process uses CPU and memory resources that should be dedicated to serving user requests
        • Missing optimizations: Live compilation bypasses important production optimizations like asset minification, compression, and fingerprinting
        • Caching issues: Dynamically compiled assets are harder to cache effectively, both on the server and in browsers
        • Deployment complexity: Production servers need development dependencies like JavaScript runtimes for compilation

        The Rails framework defaults to config.assets.compile = false in production for good reason. Assets should be precompiled during the deployment process using rake assets:precompile, which creates optimized, compressed, and fingerprinted versions that can be served efficiently by web servers.

        What is the potential impact?

        Applications with asset compilation enabled in production will experience slower page load times, increased server resource usage, and reduced scalability. Users will face longer wait times when loading pages, especially those with many CSS and JavaScript files. The server will consume more CPU and memory for asset processing instead of handling user requests, potentially leading to performance bottlenecks under load.

          Available In:
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use