Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

Before destroy callbacks should use proper halt mechanism

intentionality - logical

reliability

Bug

This is an issue when a before_destroy callback adds validation errors but fails to properly halt the destruction process.

Why is this an issue?

How can I fix it?

More Info

In Rails applications, before_destroy callbacks are commonly used to validate whether a record can be safely deleted. However, simply adding errors to the model does not automatically prevent destruction.

In Rails versions prior to 5.0, returning false from a callback would halt the callback chain and prevent the destruction. However, this behavior changed in Rails 5.0 for consistency with other callback types.

Starting with Rails 5.0, callbacks must explicitly use throw :abort to halt execution. The return false approach silently fails, allowing records to be destroyed despite validation errors.

When callbacks add errors but fail to halt execution, the destruction proceeds normally. This creates a misleading situation where the model appears to have validation errors, but the record is still deleted from the database. This can lead to data integrity issues, orphaned records, and broken business logic.

What is the potential impact?

Records may be destroyed despite validation failures, leading to data integrity issues and broken business logic. Users may receive error messages but still see their data deleted, creating confusion and potential data loss.

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

In-IDE

SaaS

Self-Hosted