Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

Tags

Impact

Clean code attribute

Modules should use "extend self" instead of "module_function"
Code Smell
Array and hash literals should be used instead of constructors when no parameters are needed
Code Smell
Logical operators "and" and "or" should be replaced with "&&" and "||"
Code Smell
Private methods should be declared at the end of Ruby classes
Code Smell
Predicate methods should not use redundant "is_" prefix
Code Smell
Controllers should inherit from appropriate base classes
Code Smell
Rails model callback methods should be private
Code Smell
Rails collections should use "ids" instead of "pluck(:id)" for primary keys
Code Smell
Rails queries should use "find_by" instead of "where.take" for single record retrieval
Code Smell
Safe navigation operator should be preferred over ActiveSupport's "try!"
Code Smell
HTTP status codes should use symbols instead of numeric values
Code Smell
Use "require_relative" instead of "require" for loading local files
Code Smell
Before destroy callbacks should use proper halt mechanism
Bug
Rails applications should define a root route with proper controller#action syntax
Bug
Non-mutating sort methods should have their return values used
Bug
"return" statements should not be used in blocks
Bug
"unless" statements should be used appropriately to avoid confusing logic
Code Smell
Rails API controllers using "respond_to" should include "ActionController::MimeResponds"
Bug
Environment variables should be validated or have default values
Bug
Regular expressions should not be passed to "String#include?"
Bug
Asset compilation should be disabled in production environments
Code Smell
Symbol keys containing hyphens should be quoted
Bug
Enumerable methods should be used instead of "each" with "break" or "return"
Code Smell
Global variables should not be used in Rails applications
Code Smell
Direct "Thread.current" usage should be avoided in favor of safer alternatives
Code Smell
Column names should not use SQL reserved words
Bug
Bare rescue clauses should specify exception types
Code Smell
Require statements should be placed at the top of files
Code Smell
Exception classes should be used instead of raising generic strings
Code Smell
Use "Dir.chdir" instead of system calls for directory changes
Code Smell
Constants in modules should use explicit class scoping when they may be overridden by including classes
Code Smell
ActiveRecord models should override "as_json" instead of "to_json" for custom JSON serialization
Bug
Explicit RuntimeErrors should be omitted in raise statements
Code Smell
Multi-line comments should not be empty
Code Smell
Methods should not have identical implementations
Code Smell
All branches in a conditional structure should not have exactly the same implementation
Bug
Cognitive Complexity of functions should not be too high
Code Smell
Non-existent operators like "=+" should not be used
Bug
Ruby parser failure
Code Smell
Hard-coded credentials are security-sensitive
Security Hotspot
Boolean checks should not be inverted
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Related "if/elsif" statements and "when" in a "case" should not have the same condition
Bug
"case" statements should not be nested
Code Smell
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Variables should not be self-assigned
Bug
Unused local variables should be removed
Code Smell
"case" statements should not have too many "when" clauses
Code Smell
Track lack of copyright and license headers
Code Smell
Functions should not have too many lines of code
Code Smell
Control flow statements "if", "for", "while", "until", "case" and "begin...rescue" should not be nested too deeply
Code Smell
Octal values should not be used
Code Smell
Using hardcoded IP addresses is security-sensitive
Security Hotspot
"case" statements should have "else" clauses
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Statements should be on separate lines
Code Smell
String literals should not be duplicated
Code Smell
Methods should not be empty
Code Smell
Unused function parameters should be removed
Code Smell
Function and block parameter names should comply with a naming convention
Code Smell
"case when" clauses should not have too many lines of code
Code Smell
Useless "if true ..." and "if false ..." blocks should be removed
Bug
Track uses of "TODO" tags
Code Smell
Track uses of "FIXME" tags
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Expressions should not be too complex
Code Smell
Mergeable "if" statements should be combined
Code Smell
Tabulation characters should not be used
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
Class names should comply with a naming convention
Code Smell
Method names should comply with a naming convention
Code Smell

Before destroy callbacks should use proper halt mechanism

intentionality - logical

reliability

Bug

rails
callbacks
data-integrity

This is an issue when a before_destroy callback adds validation errors but fails to properly halt the destruction process.

Why is this an issue?

How can I fix it?

More Info

In Rails applications, before_destroy callbacks are commonly used to validate whether a record can be safely deleted. However, simply adding errors to the model does not automatically prevent destruction.

In Rails versions prior to 5.0, returning false from a callback would halt the callback chain and prevent the destruction. However, this behavior changed in Rails 5.0 for consistency with other callback types.

Starting with Rails 5.0, callbacks must explicitly use throw :abort to halt execution. The return false approach silently fails, allowing records to be destroyed despite validation errors.

When callbacks add errors but fail to halt execution, the destruction proceeds normally. This creates a misleading situation where the model appears to have validation errors, but the record is still deleted from the database. This can lead to data integrity issues, orphaned records, and broken business logic.

What is the potential impact?

Records may be destroyed despite validation failures, leading to data integrity issues and broken business logic. Users may receive error messages but still see their data deleted, creating confusion and potential data loss.

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

In-IDE

SaaS

Self-Hosted