betterlint 1.0.0

data/lib/rubocop/cop/betterment/site_prism_loaded.rb

@@ -0,0 +1,25 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class SitePrismLoaded < Cop
+        MSG = 'Use `be_loaded` instead of `be_displayed`'.freeze
+
+        def_node_matcher :be_displayed_call?, <<-PATTERN
+          (send (send nil? :expect _) _ (send nil? :be_displayed))
+        PATTERN
+
+        def on_send(node)
+          return unless be_displayed_call?(node)
+
+          add_offense(node, location: node.children[2].loc.expression)
+        end
+
+        def autocorrect(node)
+          lambda do |corrector|
+            corrector.replace(node.children[2].loc.expression, 'be_loaded')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb

@@ -0,0 +1,38 @@
+module RuboCop
+  module Cop
+    module Betterment
+      # If a file requires spec_helper or rails_helper, make sure
+      # it is located in a spec/ directory.
+      #
+      # @example
+      #   # bad
+      #   app/models/whatever_spec.rb
+      #   require 'rails_helper'
+      #
+      #   # good
+      #   spec/models/my_class_spec.rb
+      #   require 'rails_helper'
+      class SpecHelperRequiredOutsideSpecDir < Cop
+        MSG = 'Spec helper required outside of a spec/ directory.'.freeze
+
+        def_node_matcher :requires_spec_helper?, <<-PATTERN
+          (send nil? :require
+            (str {"rails_helper" "spec_helper"}))
+        PATTERN
+
+        def on_send(node)
+          add_offense(node) if requires_spec_helper?(node) && !spec_directory?
+        end
+
+        private
+
+        def spec_directory?
+          Pathname.new(processed_source.buffer.name)
+            .relative_path_from(Pathname.pwd)
+            .to_s
+            .start_with?("spec#{File::SEPARATOR}")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/timeout.rb

@@ -0,0 +1,19 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class Timeout < Cop
+        MSG = 'Using Timeout.timeout without a custom exception can prevent rescue blocks from executing'.freeze
+
+        def_node_matcher :timeout_call?, <<-PATTERN
+          (send (const nil? :Timeout) :timeout _)
+        PATTERN
+
+        def on_send(node)
+          return unless timeout_call?(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/unsafe_job.rb

@@ -0,0 +1,33 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class UnsafeJob < Cop
+        attr_accessor :sensitive_params, :class_regex
+
+        MSG = <<~MSG.freeze
+          This job takes a parameter that will end up serialized in plaintext. Do not pass sensitive data as bare arguments into jobs.
+
+          See here for more information on this error:
+          https://github.com/Betterment/betterlint#bettermentunsafejob
+        MSG
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @sensitive_params = config.fetch("sensitive_params", []).map(&:to_sym)
+          @class_regex = Regexp.new config.fetch("class_regex", ".*Job$")
+        end
+
+        def on_def(node)
+          return unless %i(perform initialize).include?(node.method_name)
+          return unless @class_regex.match(node.parent_module_name)
+
+          node.arguments.any? do |argument|
+            name, = *argument
+            add_offense(argument) if @sensitive_params.include?(name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/unscoped_find.rb

@@ -0,0 +1,87 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class UnscopedFind < Cop
+        attr_accessor :unauthenticated_models
+
+        MSG = <<~MSG.freeze
+          Records are being retrieved directly using user input.
+          Please query for the associated record in a way that enforces authorization (e.g. "trust-root chaining").
+
+          INSTEAD OF THIS:
+          Post.find(params[:post_id])
+
+          DO THIS:
+          current_user.posts.find(params[:post_id])
+
+          See here for more information on this error:
+          https://github.com/Betterment/betterlint/blob/main/README.md#bettermentunscopedfind
+        MSG
+        METHOD_PATTERN = /^find_by_(.+?)(!)?$/.freeze
+        FINDS = %i(find find_by find_by! where).freeze
+
+        def_node_matcher :custom_scope_find?, <<-PATTERN
+          (send (send (const ... _) ...) {#{FINDS.map(&:inspect).join(' ')}} ...)
+        PATTERN
+
+        def_node_matcher :find?, <<-PATTERN
+          (send (const ... _) {#{FINDS.map(&:inspect).join(' ')}} ...)
+        PATTERN
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @unauthenticated_models = config.fetch("unauthenticated_models", []).map(&:to_sym)
+        end
+
+        def on_class(node)
+          Utils::MethodReturnTable.populate_index(node)
+        end
+
+        def on_send(node)
+          _, _, *arg_nodes = *node # rubocop:disable InternalAffairs/NodeDestructuring
+          return unless
+            (
+                find?(node) ||
+                custom_scope_find?(node) ||
+                static_method_name(node.method_name)
+            ) && !@unauthenticated_models.include?(Utils::Parser.get_root_token(node))
+
+          add_offense(node) if find_param_arg(arg_nodes)
+        end
+
+        private
+
+        def find_param_arg(arg_nodes)
+          return unless arg_nodes
+
+          arg_nodes.find do |arg|
+            if arg.hash_type?
+              arg.children.each do |pair|
+                _key, value = *pair.children
+                return arg if uses_params?(value)
+              end
+            end
+
+            uses_params?(arg)
+          end
+        end
+
+        def uses_params?(node)
+          root = Utils::Parser.get_root_token(node)
+          root == :params || Array(Utils::MethodReturnTable.get_method(root)).find do |x|
+            Utils::Parser.get_root_token(x) == :params
+          end
+        end
+
+        # yoinked from Rails/DynamicFindBy
+        def static_method_name(method_name)
+          match = METHOD_PATTERN.match(method_name)
+          return nil unless match
+
+          match[2] ? 'find_by!' : 'find_by'
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/utils/method_return_table.rb

@@ -0,0 +1,48 @@
+module RuboCop
+  module Cop
+    module Utils
+      module MethodReturnTable
+        class << self
+          def populate_index(node)
+            raise "not a class" unless node.class_type?
+
+            get_methods_for_class(node).each do |method|
+              track_method(method.method_name, Utils::Parser.get_return_values(method))
+            end
+
+            node.descendants.each do |descendant|
+              lhs, rhs = *descendant
+              next unless descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
+
+              track_method(lhs, [rhs])
+            end
+          end
+
+          def indexed_methods
+            @indexed_methods ||= {}
+          end
+
+          def get_method(method_name)
+            indexed_methods[method_name]
+          end
+
+          def has_method?(method_name)
+            indexed_methods.include?(method_name)
+          end
+
+          private
+
+          def track_method(method_name, returns)
+            indexed_methods[method_name] = returns
+          end
+
+          def get_methods_for_class(node)
+            return [] unless node.children && node.class_type?
+
+            node.descendants.select(&:def_type?)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/utils/parser.rb

@@ -0,0 +1,115 @@
+module RuboCop
+  module Cop
+    module Utils
+      module Parser
+        def self.get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
+          return nil unless node
+
+          return get_root_token(node.receiver) if node.receiver
+
+          # rubocop:disable InternalAffairs/NodeDestructuring
+          if node.send_type?
+            name = node.method_name
+          elsif node.variable?
+            name, = *node
+          elsif node.literal?
+            _, name = *node
+          elsif node.const_type?
+            name = node.const_name.to_sym
+          elsif node.sym_type?
+            name = node.value
+          elsif node.self_type?
+            name = :self
+          elsif node.block_pass_type?
+            name, = *node.children
+          else
+            name = nil
+          end
+          # rubocop:enable InternalAffairs/NodeDestructuring
+
+          name
+        end
+
+        def self.get_return_values(node) # rubocop:disable Metrics/AbcSize
+          return [] unless node
+          return explicit_returns(node) + get_return_values(node.body) if node.def_type?
+          return [node] if node.literal? || node.variable?
+
+          case node.type
+            when :begin
+              get_return_values(node.children.last)
+            when :block
+              get_return_values(node.body)
+            when :if
+              if_rets = get_return_values(node.if_branch)
+              else_rets = get_return_values(node.else_branch)
+              if_rets + else_rets
+            when :case
+              cases = []
+              node.each_when do |block|
+                cases += get_return_values(block.body)
+              end
+
+              cases + get_return_values(node.else_branch)
+            when :send
+              [node]
+            else
+              []
+          end
+        end
+
+        def self.explicit_returns(node)
+          node.descendants.select(&:return_type?).map { |x|
+            x&.children&.first
+          }.compact
+        end
+
+        def self.params_from_arguments(arguments) # rubocop:disable Metrics/PerceivedComplexity
+          parameter_names = []
+
+          arguments.each do |arg|
+            if arg.hash_type?
+              arg.children.each do |pair|
+                value = pair.value
+                parameter_names << value.value if value.sym_type? || value.str_type?
+              end
+            elsif arg.sym_type? || arg.str_type?
+              parameter_names << arg.value
+            end
+          end
+
+          parameter_names
+        end
+
+        def self.get_extracted_parameters(node, param_aliases: []) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          return [] unless node.send_type?
+
+          parameter_names = []
+          param_aliases << :params
+
+          if node.method?(:[]) && param_aliases.include?(get_root_token(node))
+            return node.arguments.select { |x|
+                     x.sym_type? || x.str_type?
+                   }.map(&:value)
+          end
+
+          children = node.descendants.select do |child|
+            child.send_type? && param_aliases.include?(child.method_name)
+          end
+
+          children.each do |child|
+            ancestors = child.ancestors.select do |ancestor|
+              ancestor.send_type? && ancestor.method?(:permit)
+            end
+
+            ancestors.each do |ancestor|
+              parameter_names += params_from_arguments(ancestor.arguments)
+            end
+          end
+
+          parameter_names.map(&:to_sym)
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: betterlint
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Development
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-04-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Betterment rubocop configuration
+email:
+- development@betterment.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- STYLEGUIDE.md
+- config/default.yml
+- lib/rubocop/cop/betterment.rb
+- lib/rubocop/cop/betterment/active_job_performable.rb
+- lib/rubocop/cop/betterment/allowlist_blocklist.rb
+- lib/rubocop/cop/betterment/authorization_in_controller.rb
+- lib/rubocop/cop/betterment/dynamic_params.rb
+- lib/rubocop/cop/betterment/implicit_redirect_type.rb
+- lib/rubocop/cop/betterment/memoization_with_arguments.rb
+- lib/rubocop/cop/betterment/server_error_assertion.rb
+- lib/rubocop/cop/betterment/site_prism_loaded.rb
+- lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb
+- lib/rubocop/cop/betterment/timeout.rb
+- lib/rubocop/cop/betterment/unsafe_job.rb
+- lib/rubocop/cop/betterment/unscoped_find.rb
+- lib/rubocop/cop/betterment/utils/method_return_table.rb
+- lib/rubocop/cop/betterment/utils/parser.rb
+homepage:
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: Betterment rubocop configuration
+test_files: []