logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Inappropriate coding practices - Unused properties - Ruby

Need

Elimination of unused properties in the application code

Context

  1. Usage of Ruby version 2.0 or higher for Ruby development
  2. Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations

Description

Insecure Code Example

class User < ApplicationRecord
  attr_accessor :name, :email, :password, :unused_property

  def initialize(name, email, password)
    @name = name
    @email = email
    @password = password
  end
  
  def login
    # Code for login
  end

  def logout
    # Code for logout
  end
  
end

In this Ruby on Rails application, we have a User model that has four properties: `name`, `email`, `password`, and `unused_property`. The first three properties `name`, `email`, and `password` are used in the application, for instance during the initialization of a new User object. However, the property `unused_property` is defined but never used in the application. This is considered a bad coding practice as it adds unnecessary complexity to the source code. Unused properties can lead to confusion for other developers who may wonder what the property is for, and it can potentially affect the application's performance. It's best to remove unused properties to keep the codebase clean and efficient.

Steps

  1. Remove the unused_property attribute from the User class.
  2. Review the codebase to ensure that no other unused properties are present.
  3. Refactor the code to remove any unused properties or variables.
  4. Perform thorough testing to ensure that the removal of unused properties does not introduce any unintended side effects.

Secure Code Example

class User < ApplicationRecord
  attr_accessor :name, :email, :password

  def initialize(name, email, password)
    @name = name
    @email = email
    @password = password
  end
  
  def login
    # Code for login
  end

  def logout
    # Code for logout
  end
  
end

The updated code removes the unused property `unused_property` from the `User` class. This property was not being used anywhere in the class or the application, and its presence was adding unnecessary complexity to the codebase. By removing this unused property, we are simplifying the code and potentially improving the performance of the application. It's important to note that this change should not affect the functionality of the application, as the property was not being used. However, it's always a good practice to perform thorough testing after making changes to the codebase. This will ensure that the removal of the unused property has not introduced any unintended side effects. In addition, it's recommended to review the entire codebase for any other unused properties or variables. Removing these can further simplify the code and improve the application's performance.

References

  • 391 - Inappropriate coding practices - Unused properties

    • Last updated

    2023/09/18