Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

Tags

Impact

Clean code attribute

Modules should use "extend self" instead of "module_function"
Code Smell
Array and hash literals should be used instead of constructors when no parameters are needed
Code Smell
Logical operators "and" and "or" should be replaced with "&&" and "||"
Code Smell
Private methods should be declared at the end of Ruby classes
Code Smell
Predicate methods should not use redundant "is_" prefix
Code Smell
Controllers should inherit from appropriate base classes
Code Smell
Rails model callback methods should be private
Code Smell
Rails collections should use "ids" instead of "pluck(:id)" for primary keys
Code Smell
Rails queries should use "find_by" instead of "where.take" for single record retrieval
Code Smell
Safe navigation operator should be preferred over ActiveSupport's "try!"
Code Smell
HTTP status codes should use symbols instead of numeric values
Code Smell
Use "require_relative" instead of "require" for loading local files
Code Smell
Before destroy callbacks should use proper halt mechanism
Bug
Rails applications should define a root route with proper controller#action syntax
Bug
Non-mutating sort methods should have their return values used
Bug
"return" statements should not be used in blocks
Bug
"unless" statements should be used appropriately to avoid confusing logic
Code Smell
Rails API controllers using "respond_to" should include "ActionController::MimeResponds"
Bug
Environment variables should be validated or have default values
Bug
Regular expressions should not be passed to "String#include?"
Bug
Asset compilation should be disabled in production environments
Code Smell
Symbol keys containing hyphens should be quoted
Bug
Enumerable methods should be used instead of "each" with "break" or "return"
Code Smell
Global variables should not be used in Rails applications
Code Smell
Direct "Thread.current" usage should be avoided in favor of safer alternatives
Code Smell
Column names should not use SQL reserved words
Bug
Bare rescue clauses should specify exception types
Code Smell
Require statements should be placed at the top of files
Code Smell
Exception classes should be used instead of raising generic strings
Code Smell
Use "Dir.chdir" instead of system calls for directory changes
Code Smell
Constants in modules should use explicit class scoping when they may be overridden by including classes
Code Smell
ActiveRecord models should override "as_json" instead of "to_json" for custom JSON serialization
Bug
Explicit RuntimeErrors should be omitted in raise statements
Code Smell
Multi-line comments should not be empty
Code Smell
Methods should not have identical implementations
Code Smell
All branches in a conditional structure should not have exactly the same implementation
Bug
Cognitive Complexity of functions should not be too high
Code Smell
Non-existent operators like "=+" should not be used
Bug
Ruby parser failure
Code Smell
Hard-coded credentials are security-sensitive
Security Hotspot
Boolean checks should not be inverted
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Related "if/elsif" statements and "when" in a "case" should not have the same condition
Bug
"case" statements should not be nested
Code Smell
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Variables should not be self-assigned
Bug
Unused local variables should be removed
Code Smell
"case" statements should not have too many "when" clauses
Code Smell
Track lack of copyright and license headers
Code Smell
Functions should not have too many lines of code
Code Smell
Control flow statements "if", "for", "while", "until", "case" and "begin...rescue" should not be nested too deeply
Code Smell
Octal values should not be used
Code Smell
Using hardcoded IP addresses is security-sensitive
Security Hotspot
"case" statements should have "else" clauses
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Statements should be on separate lines
Code Smell
String literals should not be duplicated
Code Smell
Methods should not be empty
Code Smell
Unused function parameters should be removed
Code Smell
Function and block parameter names should comply with a naming convention
Code Smell
"case when" clauses should not have too many lines of code
Code Smell
Useless "if true ..." and "if false ..." blocks should be removed
Bug
Track uses of "TODO" tags
Code Smell
Track uses of "FIXME" tags
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Expressions should not be too complex
Code Smell
Mergeable "if" statements should be combined
Code Smell
Tabulation characters should not be used
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
Class names should comply with a naming convention
Code Smell
Method names should comply with a naming convention
Code Smell

HTTP status codes should use symbols instead of numeric values

intentionality - clear

maintainability

Code Smell

rails

This rule raises an issue when numeric HTTP status codes are used in Rails render methods instead of their symbolic equivalents.

Why is this an issue?

How can I fix it?

More Info

Using numeric HTTP status codes like 403, 404, or 500 makes code less readable and more prone to errors. These "magic numbers" require developers to memorize or look up what each code means, reducing code clarity.

Symbolic status codes like :forbidden, :not_found, or :internal_server_error are self-documenting. They immediately convey the meaning without requiring knowledge of HTTP status code numbers. This makes the code more maintainable and easier to understand for developers at all experience levels.

Additionally, symbolic codes reduce the risk of typos. It’s easier to catch a misspelled symbol than an incorrect number, and Ruby will raise an error for undefined symbols, providing immediate feedback during development.

What is the potential impact?

Using numeric status codes reduces code readability and maintainability. While this doesn’t create security vulnerabilities or runtime errors, it makes the codebase harder to understand and maintain. Developers may need to spend extra time looking up status code meanings, and there’s a higher risk of introducing bugs through numeric typos that might not be immediately obvious during code review.

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

In-IDE

SaaS

Self-Hosted