Cop Suggestion: warn against usage of update_attribute in Rails

[rahulcs]

The update_attribute method skips validations and will save the object to database regardless of its validity.
These methods should be used with caution.

Prefer this:

user.update_attributes(email: '[email protected]')

over:

user.update_attribute(email: '[email protected]')

Bugs resulting from this can be hard to identify, and I cannot see a valid use-case for updating a model attribute without validation.

Is this a reasonable candidate for inclusion as a Rails-specific cop in RuboCop?

[tejasbubane]

Not just update_attribute, I think we should we warn against all of those methods which skip validations. Even save(validate: false).

Is this a reasonable candidate for inclusion as a Rails-specific cop in RuboCop?

Sounds like a pretty reasonable candidate 👍 Let's see what others have to say.

[rrosenblum]

Not just update_attribute, I think we should we warn against all of those methods which skip validations. Even save(validate: false).

I agree that we should warn against all of the methods that skip validations. I don't think that we should warn against save(validate: false) because someone has to explicitly say that they do not want validations. The other ActiveRecord methods are most likely used by mistake.