cookstyle 6.2.9 → 6.7.3

data/lib/cookstyle.rb

@@ -11,7 +11,7 @@ require 'rubocop/monkey_patches/comment_config.rb'
 # monkey patches needed for the TargetChefVersion config option
 require 'rubocop/monkey_patches/config.rb'
 require 'rubocop/monkey_patches/cop.rb'
-require 'rubocop/monkey_patches/commissioner.rb'
+require 'rubocop/monkey_patches/team.rb'
 
 module RuboCop
   class ConfigLoader

data/lib/cookstyle/version.rb

@@ -1,4 +1,4 @@
 module Cookstyle
-  VERSION = "6.2.9".freeze # rubocop: disable Style/StringLiterals
-  RUBOCOP_VERSION = '0.81.0'.freeze
+  VERSION = "6.7.3".freeze # rubocop: disable Style/StringLiterals
+  RUBOCOP_VERSION = '0.85.0'.freeze
 end

data/lib/rubocop/chef/platform_helpers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2019, Chef Software Inc.
+# Copyright:: Copyright 2019-2020, Chef Software Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +32,7 @@ module RuboCop
         'mswin' => 'windows',
         'opensuse' => 'suse',
         'opensuseleap' => 'suse',
+        'oracle' => 'rhel',
         'redhat' => 'rhel',
         'scientific' => 'rhel',
         'sles' => 'suse',

data/lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb

@@ -0,0 +1,77 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # Use valid platform family values in case statements.
+        #
+        # @example
+        #
+        #   # bad
+        #   case node['platform_family']
+        #   when 'redhat'
+        #     puts "I'm on a RHEL-like system"
+        #   end
+        #
+        class InvalidPlatformFamilyInCase < Cop
+          include RangeHelp
+          include ::RuboCop::Chef::PlatformHelpers
+
+          MSG = 'Use valid platform family values in case statements.'.freeze
+
+          def_node_matcher :node_platform_family?, <<-PATTERN
+            (send (send nil? :node) :[] (str "platform_family") )
+          PATTERN
+
+          def on_case(node)
+            node_platform_family?(node.condition) do
+              node.each_when do |when_node|
+                when_node.each_condition do |con|
+                  next unless con.str_type? # if the condition isn't a string we can't check so skip
+
+                  if INVALID_PLATFORM_FAMILIES[con.str_content]
+                    add_offense(con, location: :expression, message: MSG, severity: :refactor)
+                  end
+                end
+              end
+            end
+          end
+
+          def autocorrect(node)
+            new_value = INVALID_PLATFORM_FAMILIES[node.str_content]
+
+            # some invalid platform families have no direct correction value and return nil instead
+            return unless new_value
+
+            # if the correct value already exists in the when statement then we just want to delete this node
+            if node.parent.conditions.any? { |x| x.str_content == new_value }
+              lambda do |corrector|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: node.loc.expression, side: :left), :both)
+                corrector.remove(range)
+              end
+            else
+              lambda do |corrector|
+                corrector.replace(node.loc.expression, "'#{new_value}'")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/invalid_platform_values_in_case.rb

@@ -0,0 +1,77 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # Use valid platform values in case statements.
+        #
+        # @example
+        #
+        #   # bad
+        #   case node['platform']
+        #   when 'rhel'
+        #     puts "I'm on a Red Hat system!"
+        #   end
+        #
+        class InvalidPlatformInCase < Cop
+          include RangeHelp
+          include ::RuboCop::Chef::PlatformHelpers
+
+          MSG = 'Use valid platform values in case statements.'.freeze
+
+          def_node_matcher :node_platform?, <<-PATTERN
+            (send (send nil? :node) :[] (str "platform") )
+          PATTERN
+
+          def on_case(node)
+            node_platform?(node.condition) do
+              node.each_when do |when_node|
+                when_node.each_condition do |con|
+                  next unless con.str_type? # if the condition isn't a string we can't check so skip
+
+                  if INVALID_PLATFORMS[con.str_content]
+                    add_offense(con, location: :expression, message: MSG, severity: :refactor)
+                  end
+                end
+              end
+            end
+          end
+
+          def autocorrect(node)
+            new_value = INVALID_PLATFORMS[node.str_content]
+
+            # some invalid platform have no direct correction value and return nil instead
+            return unless new_value
+
+            # if the correct value already exists in the when statement then we just want to delete this node
+            if node.parent.conditions.any? { |x| x.str_content == new_value }
+              lambda do |corrector|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: node.loc.expression, side: :left), :both)
+                corrector.remove(range)
+              end
+            else
+              lambda do |corrector|
+                corrector.replace(node.loc.expression, "'#{new_value}'")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/lazy_eval_node_attribute_defaults.rb

@@ -0,0 +1,56 @@
+#
+# Copyright:: 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.
+        #
+        # @example
+        #
+        #   # bad
+        #   property :Something, String, default: node['hostname']
+        #
+        #   # good
+        #   property :Something, String, default: lazy { node['hostname'] }
+        #
+        class LazyEvalNodeAttributeDefaults < Cop
+          include RuboCop::Chef::CookbookHelpers
+
+          MSG = 'When setting a node attribute as the default value for a custom resource property, wrap the node attribute in `lazy {}` so that its value is available when the resource executes.'.freeze
+
+          def_node_matcher :non_lazy_node_attribute_default?, <<-PATTERN
+            (send nil? :property (sym _) ... (hash <(pair (sym :default) $(send (send _ :node) :[] _) ) ...>))
+          PATTERN
+
+          def on_send(node)
+            non_lazy_node_attribute_default?(node) do |default|
+              add_offense(default, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              corrector.replace(node.loc.expression, "lazy { #{node.loc.expression.source} }")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/node_normal.rb

@@ -18,7 +18,7 @@ module RuboCop
     module Chef
       module ChefCorrectness
         # Normal attributes are discouraged since their semantics differ importantly from the
-        # default and override levels.  Their values persist in the node object even after
+        # default and override levels. Their values persist in the node object even after
         # all code referencing them has been deleted, unlike default and override.
         #
         # Code should be updated to use default or override levels, but this will change

data/lib/rubocop/cop/chef/correctness/node_normal_unless.rb

@@ -18,7 +18,7 @@ module RuboCop
     module Chef
       module ChefCorrectness
         # Normal attributes are discouraged since their semantics differ importantly from the
-        # default and override levels.  Their values persist in the node object even after
+        # default and override levels. Their values persist in the node object even after
         # all code referencing them has been deleted, unlike default and override.
         #
         # Code should be updated to use default or override levels, but this will change

data/lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb

@@ -0,0 +1,45 @@
+
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # The openSSL cookbook provides a deprecated `secure_password` helper in the `Opscode::OpenSSL::Password` class, which should not longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.
+        #
+        #   # bad
+        #   ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
+        #   basic_auth_password = secure_password
+        #
+        class OpenSSLPasswordHelpers < Cop
+          MSG = 'The `secure_password` helper from the openssl cookbooks `Opscode::OpenSSL::Password` class should not be used to generate passwords.'.freeze
+
+          def_node_matcher :openssl_helper?, <<~PATTERN
+            (const
+              (const
+                (const nil? :Opscode) :OpenSSL) :Password)
+          PATTERN
+
+          def on_const(node)
+            openssl_helper?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :warning)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/depends_compat_resource.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't depend on the deprecated compat_resource cookbook made obsolete by Chef 12.19+
+        # Don't depend on the deprecated compat_resource cookbook made obsolete by Chef Infra Client 12.19+
         #
         # @example
         #

data/lib/rubocop/cop/chef/deprecation/depends_partial_search.rb

@@ -18,7 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't depend on the partial_search cookbook made obsolete by Chef 13
+        # Don't depend on the partial_search cookbook made obsolete by Chef Infra Client 13
         #
         # @example
         #

data/lib/rubocop/cop/chef/deprecation/deprecated_chefspec_platform.rb

@@ -47,22 +47,28 @@ module RuboCop
               '> 16.04, < 18.04' => true,
             },
             'fedora' => {
-              '< 30' => '30',
+              '< 31' => '31',
             },
             'freebsd' => {
-              '< 11' => '12',
+              '~> 11.0, < 11.2' => '11',
+              '= 12.0' => '12',
+              '< 11' => true,
             },
             'mac_os_x' => {
               '< 10.12' => '10.15',
             },
+            'suse' => {
+              '~> 12.0, < 12.4' => '12',
+              '< 12' => true,
+            },
             'opensuse' => {
               '< 14' => true,
               '~> 42.0' => true,
             },
             'debian' => {
               '< 8' => true,
-              '> 8.0, < 8.9' => '8',
-              '> 9.0, < 9.8' => '9',
+              '> 8.0, < 8.10' => '8',
+              '> 9.0, < 9.9' => '9',
             },
             'centos' => {
               '< 6.0' => true,

data/lib/rubocop/cop/chef/deprecation/deprecated_shellout_methods.rb

@@ -0,0 +1,65 @@
+#
+# Copyright:: 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefDeprecations
+        # The large number of shell_out helper methods in Chef Infra Client has been reduced to just shell_out and shell_out! methods. The legacy methods were removed in Chef Infra Client and cookbooks using these legacy helpers will need to be updated.
+        #
+        # @example
+        #
+        #   # bad
+        #   shell_out_compact('foo')
+        #   shell_out_compact!('foo')
+        #   shell_out_with_timeout('foo')
+        #   shell_out_with_timeout!('foo')
+        #   shell_out_with_systems_locale('foo')
+        #   shell_out_with_systems_locale!('foo')
+        #   shell_out_compact_timeout('foo')
+        #   shell_out_compact_timeout!('foo')
+        #
+        #   # good
+        #   shell_out('foo')
+        #   shell_out!('foo')
+        #   shell_out!('foo', default_env: false) # replaces shell_out_with_systems_locale
+        #
+        class DeprecatedShelloutMethods < Cop
+          extend TargetChefVersion
+
+          minimum_target_chef_version '14.3'
+
+          DEPRECATED_SHELLOUT_METHODS = %i( shell_out_compact
+                                            shell_out_compact!
+                                            shell_out_compact_timeout
+                                            shell_out_compact_timeout!
+                                            shell_out_with_timeout
+                                            shell_out_with_timeout!
+                                            shell_out_with_systems_locale
+                                            shell_out_with_systems_locale!
+                                          ).freeze
+
+          MSG = 'Many legacy specialized shell_out methods were replaced in Chef Infra Client 14.3 and removed in Chef Infra Client 15. Use shell_out and any additional options if necessary.'.freeze
+
+          def on_send(node)
+            add_offense(node, location: :expression, message: MSG, severity: :warning) if DEPRECATED_SHELLOUT_METHODS.include?(node.method_name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/easy_install.rb

@@ -19,7 +19,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Don't use the deprecated easy_install resource removed in Chef 13
+        # Don't use the deprecated easy_install resource removed in Chef Infra Client 13
         #
         # @example
         #
@@ -29,7 +29,7 @@ module RuboCop
         #   end
         #
         class EasyInstallResource < Cop
-          MSG = "Don't use the deprecated easy_install resource removed in Chef 13".freeze
+          MSG = "Don't use the deprecated easy_install resource removed in Chef Infra Client 13".freeze
 
           def on_send(node)
             add_offense(node, location: :expression, message: MSG, severity: :warning) if node.method_name == :easy_install