RubyGems - cobalt-rubocop - Versions diffs - 1.0.1 → 1.0.2 - Mend

cobalt-rubocop 1.0.1 → 1.0.2

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +24 -63
data/lib/rubocop/cobalt/version.rb +1 -1
data/lib/rubocop/cop/cobalt/insecure_hash_algorithm.rb +3 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd065596ae4e92888e92dabb5f30c1ef58420633090f455e1b8243ca29a29a9e
-  data.tar.gz: 0d73e78f813543da948d3da9cea85f892f8c80e02866a69ae3f133ac3a3c422b
+  metadata.gz: 5a8b20ef0a6e956161bcf06b505456596556afa73a71c71689546256ec9017b4
+  data.tar.gz: 4309706cb33ccc799053fbdf2b2afdd92e5bfaa740acadfe4abbac026b0ea505
 SHA512:
-  metadata.gz: e5f9fc4099f495a2439da30053e563eb99d18e6cd90d3b5c48cf079ee9dde5bb54b7462765ca4fb1637cb89085dc63a09723a7c418c3a2c77ac6f618696bf1e7
-  data.tar.gz: 2e85d5f9491e17043824a7ec9318da665cc37b4f4bd89466bf7bcec653d78e878871d3e8fb6fed5da404d87cb00882d23529d0b8da809c070423731f841fd689
+  metadata.gz: ce5b1e998d57140cad9de70902ce00c22b6a11072202c6ea90597b7cb6c49bd4108cf912fa90ee082f901b7f52cb3d146f36c0ebba938a0e8b4938a476c20918
+  data.tar.gz: 5760968ed4f9e4f59ee565d9aa0c337d70748a273a804d25c2560c174cf02abcd8cd372c0c1480fb7f53cf1b55f034af1fa27f0484ac52d03ada564fae21fa6f

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,10 @@
 ## main (unreleased)
+## 1.0.2 (2024-02-01)
+* Designate SHA3-256 as a secure hashing algorithm
 ## 1.0.1 (2023-07-13)
 * Disable `RSpec/ScatteredSetup` for specs inside `/api`, since it

data/README.md CHANGED Viewed

@@ -5,8 +5,19 @@
 ![Gem Downloads](https://img.shields.io/gem/dt/cobalt-rubocop)
 [![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop-hq/rubocop)
+## Description
 This repository provides recommended linting rules for Ruby repositories.
+## Contributing
+If you wish to contribute, please check our guidelines in
+[CONTRIBUTING.md]
+## Who to ask for help
+Ask the [CODEOWNERS]
 ## Installation
 ### Gemfile
@@ -28,12 +39,12 @@ gem 'rubocop-rails', require: false
 gem 'rubocop-rspec', require: false
 ```
-[Specific versions](https://github.com/cobalthq/cobalt-rubocop/blob/main/cobalt-rubocop.gemspec) installed for:
+[Specific versions] installed for:
-- [rubocop](https://github.com/rubocop-hq/rubocop)
-- [rubocop-performance](https://github.com/rubocop/rubocop-performance)
-- [rubocop-rails](https://github.com/rubocop/rubocop-rails)
-- [rubocop-rspec](https://github.com/rubocop/rubocop-rspec)
+- [rubocop]
+- [rubocop-performance]
+- [rubocop-rails]
+- [rubocop-rspec]
 ### .rubocop.yml
@@ -66,62 +77,12 @@ The number of offences can be counted:
 grep "Offense count" .rubocop_todo.yml | awk -F: '{sum+=$2} END {print sum}'
 ```
-## Custom Cops
-### InsecureHashAlgorithm
-See [Ruby Docs](https://ruby-doc.org/stdlib-2.7.2/libdoc/openssl/rdoc/OpenSSL/Digest.html) for built in hash functions.
-- Default Configuration:
-  ```yml
-  Cobalt/InsecureHashAlgorithm:
-    Allowed:
-      - SHA256
-      - SHA384
-      - SHA512
-  ```
-  ```ruby
-  # bad
-  OpenSSL::Digest::MD5.digest('abc')
-  OpenSSL::Digest::SHA1.digest('abc')
-  OpenSSL::HMAC.new('abc', 'sha1')
-  # good
-  OpenSSL::Digest::SHA256.digest('abc')
-  OpenSSL::Digest::SHA384.digest('abc')
-  OpenSSL::Digest::SHA512.digest('abc')
-  OpenSSL::HMAC.new('abc', 'sha256')
-  ```
-## Development
-```shell
-git clone git@github.com:cobalthq/cobalt-rubocop.git
-bundle install
-```
-### Testing locally
-In your application, use the `path` attribute to point to your local copy of the gem
-```ruby
-  # Use the relative path from your application, to the cobalt-rubocop folder
-  gem 'cobalt-rubocop', path: '../cobalt-rubocop', require: false
-```
-Alternatively:
-- `rake build`
-- `gem install pkg/cobalt-rubocop-<version_number>.gem`
-## Publish (internal)
-> Note: Publishing a new version of this gem is only meant for maintainers.
+<!-- Links -->
-- Ensure you have access to publish on [rubygems](https://rubygems.org/gems/cobalt-rubocop).
-- Update [CHANGELOG](https://github.com/cobalthq/cobalt-rubocop/blob/main/CHANGELOG.md).
-- Update [`VERSION`](https://github.com/cobalthq/cobalt-rubocop/blob/main/lib/rubocop/cobalt/version.rb).
-- `rake release`
-  - This command builds the gem, creates a tag and publishes to rubygems, see [bundler docs](https://bundler.io/guides/creating_gem.html#releasing-the-gem).
+[CODEOWNERS]: ./CODEOWNERS
+[CONTRIBUTING.md]: ./CONTRIBUTING.md
+[Specific versions]: ./cobalt-rubocop.gemspec
+[rubocop-performance]: https://github.com/rubocop/rubocop-performance
+[rubocop-rails]: https://github.com/rubocop/rubocop-rails
+[rubocop-rspec]: https://github.com/rubocop/rubocop-rspec
+[rubocop]: https://github.com/rubocop-hq/rubocop

data/lib/rubocop/cobalt/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module RuboCop
   module Cobalt
-    VERSION = '1.0.1'
+    VERSION = '1.0.2'
   end
 end

data/lib/rubocop/cop/cobalt/insecure_hash_algorithm.rb CHANGED Viewed

@@ -77,10 +77,13 @@ module RuboCop
           %i[hexencode bubblebabble].include?(val)
         end
+        # SHA3-256 is designated as secure by
+        # https://github.com/cobalthq/cobalt-pentest-api/blob/main/docs/adr/0019_hash_api_tokens.md
         DEFAULT_ALLOWED = %w[
           SHA256
           SHA384
           SHA512
+          SHA3-256
         ].freeze
         def allowed_hash_functions

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cobalt-rubocop
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Cobalt Engineering
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-13 00:00:00.000000000 Z
+date: 2024-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -119,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Cobalt RuboCop