RiskyActiverecordInvocation false positive

Question

RiskyActiverecordInvocation false positive

sk- opened this issue 6 years ago · 3 comments

File.exists? should not be flagged by RiskyActiverecordInvocation.

Answer 1 · 2019-02-25T19:27:16.000Z

It's probably impossible to statically differentiate in x.exists? between x being a file or an activerecord object.

Answer 2 · 2019-02-25T19:47:24.000Z

@ljharb Agree, but at least you could whitelist File.exists? where File is the ruby class and not a variable. That was the reported issue about, sorry if it wasn't clear.

Also, even in the case file.exists? you could apply some heuristics to decide whether the first parameter corresponds to SQL or not.

Answer 3 · 2019-02-26T16:51:36.000Z

Luckily for us, File.exists? is deprecated in favor of File.exist? so I don't think it's necessary to do any work to accommodate it.

The docs say "Deprecated method. Don't use."