Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

Tags

Impact

Clean code attribute

Modules should use "extend self" instead of "module_function"
Code Smell
Array and hash literals should be used instead of constructors when no parameters are needed
Code Smell
Logical operators "and" and "or" should be replaced with "&&" and "||"
Code Smell
Private methods should be declared at the end of Ruby classes
Code Smell
Predicate methods should not use redundant "is_" prefix
Code Smell
Controllers should inherit from appropriate base classes
Code Smell
Rails model callback methods should be private
Code Smell
Rails collections should use "ids" instead of "pluck(:id)" for primary keys
Code Smell
Rails queries should use "find_by" instead of "where.take" for single record retrieval
Code Smell
Safe navigation operator should be preferred over ActiveSupport's "try!"
Code Smell
HTTP status codes should use symbols instead of numeric values
Code Smell
Use "require_relative" instead of "require" for loading local files
Code Smell
"unless" statements should be used appropriately to avoid confusing logic
Code Smell
Asset compilation should be disabled in production environments
Code Smell
Enumerable methods should be used instead of "each" with "break" or "return"
Code Smell
Global variables should not be used in Rails applications
Code Smell
Direct "Thread.current" usage should be avoided in favor of safer alternatives
Code Smell
Bare rescue clauses should specify exception types
Code Smell
Require statements should be placed at the top of files
Code Smell
Exception classes should be used instead of raising generic strings
Code Smell
Use "Dir.chdir" instead of system calls for directory changes
Code Smell
Constants in modules should use explicit class scoping when they may be overridden by including classes
Code Smell
Explicit RuntimeErrors should be omitted in raise statements
Code Smell
Multi-line comments should not be empty
Code Smell
Methods should not have identical implementations
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
Ruby parser failure
Code Smell
Boolean checks should not be inverted
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
"case" statements should not be nested
Code Smell
Unused local variables should be removed
Code Smell
"case" statements should not have too many "when" clauses
Code Smell
Track lack of copyright and license headers
Code Smell
Functions should not have too many lines of code
Code Smell
Control flow statements "if", "for", "while", "until", "case" and "begin...rescue" should not be nested too deeply
Code Smell
Octal values should not be used
Code Smell
"case" statements should have "else" clauses
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Statements should be on separate lines
Code Smell
String literals should not be duplicated
Code Smell
Methods should not be empty
Code Smell
Unused function parameters should be removed
Code Smell
Function and block parameter names should comply with a naming convention
Code Smell
"case when" clauses should not have too many lines of code
Code Smell
Track uses of "TODO" tags
Code Smell
Track uses of "FIXME" tags
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Expressions should not be too complex
Code Smell
Mergeable "if" statements should be combined
Code Smell
Tabulation characters should not be used
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
Class names should comply with a naming convention
Code Smell
Method names should comply with a naming convention
Code Smell

Rails model callback methods should be private

adaptability - modular

maintainability

Code Smell

rails
convention
encapsulation

This rule raises an issue when a method used as a Rails model callback (such as before_save, after_create, after_update, etc.) is declared as a public method instead of private.

Why is this an issue?

How can I fix it?

More Info

In Rails applications, callback methods are internal implementation details that should not be part of a model’s public interface. When callback methods are declared as public, they can be called directly from outside the model, which violates the principle of encapsulation and can lead to several problems.

Callback methods are designed to be invoked automatically by the Rails framework at specific points in an object’s lifecycle. They often contain logic that assumes certain preconditions or state changes that only occur during the normal Rails callback chain. When these methods are called directly, they may not work as expected or could cause data inconsistency.

Additionally, public callback methods expose internal implementation details that other parts of the application might inadvertently depend on. This creates tight coupling and makes the code harder to refactor or maintain over time.

Following the Rails convention of making callback methods private also improves code readability by clearly distinguishing between the model’s public API and its internal implementation details.

What is the potential impact?

When callback methods are public, they can be called directly from outside the model, potentially bypassing important validation or state management logic. This can lead to data inconsistency, unexpected behavior, or security vulnerabilities if the callback methods contain sensitive operations that should only be triggered through the normal Rails lifecycle.

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

In-IDE

SaaS

Self-Hosted