cookstyle 6.5.3 → 6.6.9

data/lib/cookstyle/version.rb

@@ -1,4 +1,4 @@
 module Cookstyle
-  VERSION = "6.5.3".freeze # rubocop: disable Style/StringLiterals
+  VERSION = "6.6.9".freeze # rubocop: disable Style/StringLiterals
   RUBOCOP_VERSION = '0.83.0'.freeze
 end

data/lib/rubocop/chef/platform_helpers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright 2019, Chef Software Inc.
+# Copyright:: Copyright 2019-2020, Chef Software Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +32,7 @@ module RuboCop
         'mswin' => 'windows',
         'opensuse' => 'suse',
         'opensuseleap' => 'suse',
+        'oracle' => 'rhel',
         'redhat' => 'rhel',
         'scientific' => 'rhel',
         'sles' => 'suse',

data/lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb

@@ -0,0 +1,77 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # Use valid platform family values in case statements.
+        #
+        # @example
+        #
+        #   # bad
+        #   case node['platform_family']
+        #   when 'redhat'
+        #     puts "I'm on a RHEL-like system"
+        #   end
+        #
+        class InvalidPlatformFamilyInCase < Cop
+          include RangeHelp
+          include ::RuboCop::Chef::PlatformHelpers
+
+          MSG = 'Use valid platform family values in case statements.'.freeze
+
+          def_node_matcher :node_platform_family?, <<-PATTERN
+            (send (send nil? :node) :[] (str "platform_family") )
+          PATTERN
+
+          def on_case(node)
+            node_platform_family?(node.condition) do
+              node.each_when do |when_node|
+                when_node.each_condition do |con|
+                  next unless con.str_type? # if the condition isn't a string we can't check so skip
+
+                  if INVALID_PLATFORM_FAMILIES[con.str_content]
+                    add_offense(con, location: :expression, message: MSG, severity: :refactor)
+                  end
+                end
+              end
+            end
+          end
+
+          def autocorrect(node)
+            new_value = INVALID_PLATFORM_FAMILIES[node.str_content]
+
+            # some invalid platform families have no direct correction value and return nil instead
+            return unless new_value
+
+            # if the correct value already exists in the when statement then we just want to delete this node
+            if node.parent.conditions.any? { |x| x.str_content == new_value }
+              lambda do |corrector|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: node.loc.expression, side: :left), :both)
+                corrector.remove(range)
+              end
+            else
+              lambda do |corrector|
+                corrector.replace(node.loc.expression, "'#{new_value}'")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/invalid_platform_values_in_case.rb

@@ -0,0 +1,77 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # Use valid platform values in case statements.
+        #
+        # @example
+        #
+        #   # bad
+        #   case node['platform']
+        #   when 'rhel'
+        #     puts "I'm on a Red Hat system!"
+        #   end
+        #
+        class InvalidPlatformInCase < Cop
+          include RangeHelp
+          include ::RuboCop::Chef::PlatformHelpers
+
+          MSG = 'Use valid platform values in case statements.'.freeze
+
+          def_node_matcher :node_platform?, <<-PATTERN
+            (send (send nil? :node) :[] (str "platform") )
+          PATTERN
+
+          def on_case(node)
+            node_platform?(node.condition) do
+              node.each_when do |when_node|
+                when_node.each_condition do |con|
+                  next unless con.str_type? # if the condition isn't a string we can't check so skip
+
+                  if INVALID_PLATFORMS[con.str_content]
+                    add_offense(con, location: :expression, message: MSG, severity: :refactor)
+                  end
+                end
+              end
+            end
+          end
+
+          def autocorrect(node)
+            new_value = INVALID_PLATFORMS[node.str_content]
+
+            # some invalid platform have no direct correction value and return nil instead
+            return unless new_value
+
+            # if the correct value already exists in the when statement then we just want to delete this node
+            if node.parent.conditions.any? { |x| x.str_content == new_value }
+              lambda do |corrector|
+                range = range_with_surrounding_comma(range_with_surrounding_space(range: node.loc.expression, side: :left), :both)
+                corrector.remove(range)
+              end
+            else
+              lambda do |corrector|
+                corrector.replace(node.loc.expression, "'#{new_value}'")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/lazy_eval_node_attribute_defaults.rb

@@ -0,0 +1,56 @@
+#
+# Copyright:: 2020, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # When setting a node attribute as a default value for a custom resource property, make sure to wrap the node attribute in `lazy {}` so that the node attribute is available when the resource executes.
+        #
+        # @example
+        #
+        #   # bad
+        #   property :Something, String, default: node['hostname']
+        #
+        #   # good
+        #   property :Something, String, default: lazy { node['hostname'] }
+        #
+        class LazyEvalNodeAttributeDefaults < Cop
+          include RuboCop::Chef::CookbookHelpers
+
+          MSG = 'When setting a node attribute as a default value for a custom resource property, make sure to wrap the node attribute in `lazy {}` so that the node attribute is available when the resource executes.'.freeze
+
+          def_node_matcher :non_lazy_node_attribute_default?, <<-PATTERN
+           (send nil? :property (sym _) ... (hash <(pair (sym :default) $(send (send _ :node) :[] _) ) ...>))
+          PATTERN
+
+          def on_send(node)
+            non_lazy_node_attribute_default?(node) do |default|
+              add_offense(default, location: :expression, message: MSG, severity: :refactor)
+            end
+          end
+
+          def autocorrect(node)
+            lambda do |corrector|
+              corrector.replace(node.loc.expression, "lazy { #{node.loc.expression.source} }")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb

@@ -0,0 +1,45 @@
+
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module ChefCorrectness
+        # The openSSL cookbook provides a deprecated `secure_password` helper in the `Opscode::OpenSSL::Password` class, which should not longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.
+        #
+        #   # bad
+        #   ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
+        #   basic_auth_password = secure_password
+        #
+        class OpenSSLPasswordHelpers < Cop
+          MSG = 'The `secure_password` helper from the openssl cookbooks `Opscode::OpenSSL::Password` class should not be used to generate passwords.'.freeze
+
+          def_node_matcher :openssl_helper?, <<~PATTERN
+            (const
+              (const
+                (const nil? :Opscode) :OpenSSL) :Password)
+          PATTERN
+
+          def on_const(node)
+            openssl_helper?(node) do
+              add_offense(node, location: :expression, message: MSG, severity: :warning)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/deprecation/xml_ruby_recipe.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: 2019, Chef Software, Inc.
+# Copyright:: 2019-2020, Chef Software, Inc.
 # Author:: Tim Smith (<tsmith@chef.io>)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +18,7 @@ module RuboCop
   module Cop
     module Chef
       module ChefDeprecations
-        # Do not include the deprecated xml::ruby recipe to install the nokogiri gem.
-        # Chef Infra Client 12 and later ships with nokogiri included.
+        # Do not include the deprecated xml::ruby recipe to install the nokogiri gem. Chef Infra Client 12 and later ships with nokogiri included.
         #
         # @example
         #
@@ -35,6 +34,7 @@ module RuboCop
 
           def on_send(node)
             xml_ruby_recipe?(node) do
+              node = node.parent if node.parent&.conditional? && node.parent&.single_line_condition? # make sure we catch any inline conditionals
               add_offense(node, location: :expression, message: MSG, severity: :warning)
             end
           end

data/lib/rubocop/cop/chef/modernize/use_multipackage_installs.rb

@@ -47,12 +47,14 @@ module RuboCop
               (send
                 $(array ... ) :each)
               (args ... )
-              (block
+              {(block
                 (send nil? :package
                   (lvar ... ))
                 (args)
                 (send nil? :action
-                  (sym :install)))) nil?)
+                  (sym :install)))
+                (send nil? :package
+                    (lvar _))}) nil?)
           PATTERN
 
           def_node_matcher :package_array_install?, <<-PATTERN
@@ -60,12 +62,14 @@ module RuboCop
             (send
               $(array ... ) :each)
             (args ... )
-            (block
+            {(block
               (send nil? :package
                 (lvar ... ))
               (args)
               (send nil? :action
-                (sym :install))))
+                (sym :install)))
+              (send nil? :package
+                  (lvar _))})
           PATTERN
 
           # see if all platforms in the when condition are multipackage compliant

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cookstyle
 version: !ruby/object:Gem::Version
-  version: 6.5.3
+  version: 6.6.9
 platform: ruby
 authors:
 - Thom May
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-19 00:00:00.000000000 Z
+date: 2020-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -57,17 +57,21 @@ files:
 - lib/rubocop/cop/chef/correctness/incorrect_library_injection.rb
 - lib/rubocop/cop/chef/correctness/invalid_notification_timing.rb
 - lib/rubocop/cop/chef/correctness/invalid_platform_family_helper.rb
+- lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb
 - lib/rubocop/cop/chef/correctness/invalid_platform_helper.rb
 - lib/rubocop/cop/chef/correctness/invalid_platform_metadata.rb
+- lib/rubocop/cop/chef/correctness/invalid_platform_values_in_case.rb
 - lib/rubocop/cop/chef/correctness/invalid_value_for_platform_family_helper.rb
 - lib/rubocop/cop/chef/correctness/invalid_value_for_platform_helper.rb
 - lib/rubocop/cop/chef/correctness/invalid_version_metadata.rb
+- lib/rubocop/cop/chef/correctness/lazy_eval_node_attribute_defaults.rb
 - lib/rubocop/cop/chef/correctness/malformed_value_for_platform.rb
 - lib/rubocop/cop/chef/correctness/metadata_missing_name.rb
 - lib/rubocop/cop/chef/correctness/node_normal.rb
 - lib/rubocop/cop/chef/correctness/node_normal_unless.rb
 - lib/rubocop/cop/chef/correctness/node_save.rb
 - lib/rubocop/cop/chef/correctness/notifies_action_not_symbol.rb
+- lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb
 - lib/rubocop/cop/chef/correctness/powershell_delete_file.rb
 - lib/rubocop/cop/chef/correctness/resource_sets_internal_properties.rb
 - lib/rubocop/cop/chef/correctness/resource_sets_name_property.rb