cookstyle 7.25.9 → 7.28.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9eb0efc1571e7c41eb101724d88451edf016e1a7e19ed90a20d72879ee5b08ff
-  data.tar.gz: 02ccfda204d3fa46056c093d1258fa361d730f2da893e39aa4f227ae9105191f
+  metadata.gz: 205f14a7f600dc2fe712e9407e16165b72cadab5624913efba78a6f0748f65ae
+  data.tar.gz: c03813392f90967e5036e49a8886d6c1b7e31ea7319da75c12008d3a01c635f8
 SHA512:
-  metadata.gz: b7531239e1f04dcdee653d5c41c36c1a63b546e5a468ca5688eacda2b126aec1780f97cb49615bbcc5833c4cbbc8aff98833297884ad7d30c02a4ea959b9c291
-  data.tar.gz: cc5742cd59d0c1b416727d7e66eff1c735d485a2261c1dab54d12a8aa716cb1ebd8af1d36a745c45cb08aef876a56efed28c844edd04dd331f5a293694854c05
+  metadata.gz: 6f7f8c8c719dbb83b740882be2f247250c95fb7f330a82a0cf8d7b5b96fa7071ca7b55761a8a599ac4801f2c75eb403f64c04bde4245f31fc12b8f753418d3f5
+  data.tar.gz: 8a32adeedb7654948337162eeb9a8c660f66ab13655ec537aa584b15a156f726130f16630dddb2f1fa0169d10e5dd4a84b7353392591431490f12129ed0245c4

data/config/cookstyle.yml

@@ -506,6 +506,24 @@ Chef/Correctness/MetadataMissingVersion:
   Include:
     - '**/metadata.rb'
 
+Chef/Correctness/InvalidCookbookName:
+  Description: Cookbook names should not contain invalid characters such as periods.
+  StyleGuide: 'chef_correctness_invalidcookbookname'
+  Enabled: true
+  VersionAdded: '7.27'
+  Include:
+    - '**/metadata.rb'
+
+Chef/Correctness/InvalidNotificationResource:
+  Description: The resource to notify when calling `notifies` or `subscribes` must be a string.
+  StyleGuide: 'chef_correctness_invalidnotificationresource'
+  Enabled: true
+  VersionAdded: '7.28'
+  Exclude:
+    - '**/attributes/*.rb'
+    - '**/metadata.rb'
+    - '**/Berksfile'
+
 ###############################
 # Chef/Sharing: Issues that prevent sharing code with other teams or with the Chef community in general
 ###############################
@@ -2281,6 +2299,24 @@ InSpec/Deprecations/AttributeDefault:
   Include:
     - '**/controls/*.rb'
 
+#### Security Cops
+
+Chef/Security:
+  StyleGuideBaseURL: https://docs.chef.io/workstation/cookstyle/
+
+Chef/Security/ :
+  Description: Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
+  StyleGuide: 'chef_security_sshprivatekey'
+  Enabled: true
+  VersionAdded: '7.28'
+  Include:
+    - '**/libraries/*.rb'
+    - '**/resources/*.rb'
+    - '**/providers/*.rb'
+    - '**/recipes/*.rb'
+    - '**/attributes/*.rb'
+    - '**/definitions/*.rb'
+    
 #### The base rubocop 0.37 enabled.yml file we started with ####
 
 Layout/AccessModifierIndentation:
@@ -3035,3 +3071,11 @@ Lint/DeprecatedConstants:
 # always turn on deprecation cops from rubocop
 Lint/ErbNewArguments:
   Enabled: true
+
+# reduce file read complexity
+Style/FileRead:
+  Enabled: true
+
+# reduce file write complexity
+Style/FileWrite:
+  Enabled: true

data/config/disable_all.yml

@@ -19,6 +19,8 @@ Gemspec/DuplicatedAssignment:
   Enabled: false
 Gemspec/OrderedDependencies:
   Enabled: false
+Gemspec/RequireMFA:
+  Enabled: false
 Gemspec/RequiredRubyVersion:
   Enabled: false
 Gemspec/RubyVersionGlobalsUsage:
@@ -459,6 +461,8 @@ Lint/UselessElseWithoutRescue:
   Enabled: false
 Lint/UselessMethodDefinition:
   Enabled: false
+Lint/UselessRuby2Keywords:
+  Enabled: false
 Lint/UselessSetterCall:
   Enabled: false
 Lint/UselessTimes:
@@ -487,6 +491,8 @@ Naming/AccessorMethodName:
   Enabled: false
 Naming/AsciiIdentifiers:
   Enabled: false
+Naming/BlockForwarding:
+  Enabled: false
 Naming/BlockParameterName:
   Enabled: false
 Naming/ClassAndModuleCamelCase:
@@ -637,6 +643,10 @@ Style/ExplicitBlockArgument:
   Enabled: false
 Style/ExponentialNotation:
   Enabled: false
+Style/FileRead:
+  Enabled: false
+Style/FileWrite:
+  Enabled: false
 Style/FloatDivision:
   Enabled: false
 Style/For:
@@ -701,6 +711,8 @@ Style/LambdaCall:
   Enabled: false
 Style/LineEndConcatenation:
   Enabled: false
+Style/MapToHash:
+  Enabled: false
 Style/MethodCallWithoutArgsParentheses:
   Enabled: false
 Style/MethodCallWithArgsParentheses:
@@ -709,6 +721,8 @@ Style/MultilineInPatternThen:
   Enabled: false
 Style/NumberedParameters:
   Enabled: false
+Style/OpenStructUse:
+  Enabled: false
 Style/RedundantAssignment:
   Enabled: false
 Style/RedundantFetchBlock:

data/config/upstream.yml

@@ -78,6 +78,8 @@ AllCops:
   # When specifying style guide URLs, any paths and/or fragments will be
   # evaluated relative to the base URL.
   StyleGuideBaseURL: https://rubystyle.guide
+  # Documentation URLs will be constructed using the base URL.
+  DocumentationBaseURL: https://docs.rubocop.org/rubocop
   # Extra details are not displayed in offense messages by default. Change
   # behavior by overriding ExtraDetails, or by giving the
   # `-E/--extra-details` option.
@@ -150,6 +152,7 @@ AllCops:
     rubocop-minitest: [minitest]
     rubocop-sequel: [sequel]
     rubocop-rake: [rake]
+    rubocop-graphql: [graphql]
 
 #################### Bundler ###############################
 
@@ -258,6 +261,15 @@ Gemspec/OrderedDependencies:
   Include:
     - '**/*.gemspec'
 
+Gemspec/RequireMFA:
+  Description: 'Checks that the gemspec has metadata to require MFA from RubyGems.'
+  Enabled: pending
+  VersionAdded: '1.23'
+  Reference:
+    - https://guides.rubygems.org/mfa-requirement-opt-in/
+  Include:
+    - '**/*.gemspec'
+
 Gemspec/RequiredRubyVersion:
   Description: 'Checks that `required_ruby_version` of gemspec is specified and equal to `TargetRubyVersion` of .rubocop.yml.'
   Enabled: true
@@ -439,7 +451,11 @@ Layout/ClosingParenthesisIndentation:
 Layout/CommentIndentation:
   Description: 'Indentation of comments.'
   Enabled: true
+  # When true, allows comments to have extra indentation if that aligns them
+  # with a comment on the preceding line.
+  AllowForAlignment: false
   VersionAdded: '0.49'
+  VersionChanged: '1.24'
 
 Layout/ConditionPosition:
   Description: >-
@@ -511,13 +527,13 @@ Layout/EmptyLineBetweenDefs:
   StyleGuide: '#empty-lines-between-methods'
   Enabled: true
   VersionAdded: '0.49'
-  VersionChanged: '1.7'
+  VersionChanged: '1.23'
   EmptyLineBetweenMethodDefs: true
   EmptyLineBetweenClassDefs: true
   EmptyLineBetweenModuleDefs: true
-  # If `true`, this parameter means that single line method definitions don't
-  # need an empty line between them.
-  AllowAdjacentOneLineDefs: false
+  # `AllowAdjacentOneLineDefs` means that single line method definitions don't
+  # need an empty line between them. `true` by default.
+  AllowAdjacentOneLineDefs: true
   # Can be array to specify minimum and maximum number of empty lines, e.g. [1, 2]
   NumberOfEmptyLines: 1
 
@@ -1786,7 +1802,9 @@ Lint/ImplicitStringConcatenation:
 Lint/IncompatibleIoSelectWithFiberScheduler:
   Description: 'Checks for `IO.select` that is incompatible with Fiber Scheduler.'
   Enabled: pending
+  SafeAutoCorrect: false
   VersionAdded: '1.21'
+  VersionChanged: '1.24'
 
 Lint/IneffectiveAccessModifier:
   Description: >-
@@ -2308,6 +2326,11 @@ Lint/UselessMethodDefinition:
   Safe: false
   AllowComments: true
 
+Lint/UselessRuby2Keywords:
+  Description: 'Finds unnecessary uses of `ruby2_keywords`.'
+  Enabled: pending
+  VersionAdded: '1.23'
+
 Lint/UselessSetterCall:
   Description: 'Checks for useless setter call to a local variable.'
   Enabled: true
@@ -2464,6 +2487,16 @@ Naming/BinaryOperatorParameterName:
   VersionAdded: '0.50'
   VersionChanged: '1.2'
 
+Naming/BlockForwarding:
+  Description: 'Use anonymous block forwarding.'
+  StyleGuide: '#block-forwarding'
+  Enabled: pending
+  VersionAdded: '1.24'
+  EnforcedStyle: anonymous
+  SupportedStyles:
+    - anonymous
+    - explicit
+
 Naming/BlockParameterName:
   Description: >-
                  Checks for block parameter names that contain capital letters,
@@ -2501,6 +2534,7 @@ Naming/FileName:
   StyleGuide: '#snake-case-files'
   Enabled: true
   VersionAdded: '0.50'
+  VersionChanged: '1.23'
   # Camel case file names listed in `AllCops:Include` and all file names listed
   # in `AllCops:Exclude` are excluded by default. Add extra excludes here.
   Exclude: []
@@ -2513,6 +2547,13 @@ Naming/FileName:
   # whether each source file's class or module name matches the file name --
   # not whether the nested module hierarchy matches the subdirectory path.
   CheckDefinitionPathHierarchy: true
+  # paths that are considered root directories, for example "lib" in most ruby projects
+  # or "app/models" in rails projects
+  CheckDefinitionPathHierarchyRoots:
+    - lib
+    - spec
+    - test
+    - src
   # If non-`nil`, expect all source file names to match the following regex.
   # Only the file name itself is matched, not the entire file path.
   # Use anchors as necessary if you want to match the entire name rather than
@@ -3469,6 +3510,18 @@ Style/ExponentialNotation:
     - engineering
     - integral
 
+Style/FileRead:
+  Description: 'Favor `File.(bin)read` convenience methods.'
+  StyleGuide: '#file-read'
+  Enabled: pending
+  VersionAdded: '1.24'
+
+Style/FileWrite:
+  Description: 'Favor `File.(bin)write` convenience methods.'
+  StyleGuide: '#file-write'
+  Enabled: pending
+  VersionAdded: '1.24'
+
 Style/FloatDivision:
   Description: 'For performing float division, coerce one side only.'
   StyleGuide: '#float-division'
@@ -3627,7 +3680,7 @@ Style/HashSyntax:
   StyleGuide: '#hash-literals'
   Enabled: true
   VersionAdded: '0.9'
-  VersionChanged: '0.43'
+  VersionChanged: '1.24'
   EnforcedStyle: ruby19
   SupportedStyles:
     # checks for 1.9 syntax (e.g. {a: 1}) for all symbol keys
@@ -3638,6 +3691,13 @@ Style/HashSyntax:
     - no_mixed_keys
     # enforces both ruby19 and no_mixed_keys styles
     - ruby19_no_mixed_keys
+  # Force hashes that have a hash value omission
+  EnforcedShorthandSyntax: always
+  SupportedShorthandSyntax:
+    # forces use of the 3.1 syntax (e.g. {foo:}) when the hash key and value are the same.
+    - always
+    # forces use of explicit hash literal value.
+    - never
   # Force hashes that have a symbol value to use hash rockets
   UseHashRocketsWithSymbolValues: false
   # Do not suggest { a?: 1 } over { :a? => 1 } in ruby19 style
@@ -3814,6 +3874,12 @@ Style/LineEndConcatenation:
   VersionAdded: '0.18'
   VersionChanged: '0.64'
 
+Style/MapToHash:
+  Description: 'Prefer `to_h` with a block over `map.to_h`.'
+  Enabled: pending
+  VersionAdded: '1.24'
+  Safe: false
+
 Style/MethodCallWithArgsParentheses:
   Description: 'Use parentheses for method calls with arguments.'
   StyleGuide: '#method-invocation-parens'
@@ -4182,6 +4248,8 @@ Style/NumericLiterals:
   VersionChanged: '0.48'
   MinDigits: 5
   Strict: false
+  # You can specify allowed numbers. (e.g. port number 3000, 8080, and etc)
+  AllowedNumbers: []
 
 Style/NumericPredicate:
   Description: >-
@@ -4216,6 +4284,16 @@ Style/OneLineConditional:
   VersionAdded: '0.9'
   VersionChanged: '0.90'
 
+Style/OpenStructUse:
+  Description: >-
+                 Avoid using OpenStruct. As of Ruby 3.0, use is officially discouraged due to performance,
+                 version compatibility, and potential security issues.
+  Reference:
+    - https://docs.ruby-lang.org/en/3.0.0/OpenStruct.html#class-OpenStruct-label-Caveats
+
+  Enabled: pending
+  VersionAdded: '1.23'
+
 Style/OptionHash:
   Description: "Don't use option hashes when you can use keyword arguments."
   Enabled: false

data/lib/cookstyle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Cookstyle
-  VERSION = "7.25.9" # rubocop: disable Style/StringLiterals
-  RUBOCOP_VERSION = '1.22.3'
+  VERSION = "7.28.2" # rubocop: disable Style/StringLiterals
+  RUBOCOP_VERSION = '1.24.1'
 end

data/lib/rubocop/cop/chef/correctness/invalid_cookbook_name.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+#
+# Copyright:: 2022, Chef Software Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module Correctness
+        # Cookbook names should not contain invalid characters such as periods.
+        #
+        # @example
+        #
+        #   #### incorrect
+        #   name 'foo.bar'
+        #
+        #   #### correct
+        #   name 'foo_bar'
+        #
+        class InvalidCookbookName < Base
+          RESTRICT_ON_SEND = [:name].freeze
+          MSG = 'Cookbook names should not contain invalid characters such as periods.'
+
+          def_node_matcher :has_name?, '(send nil? :name $str)'
+
+          def on_send(node)
+            has_name?(node) do |val|
+              add_offense(node, message: MSG, severity: :refactor) if val.value.include?('.')
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/correctness/invalid_notification_resource.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+#
+# Copyright:: 2022, Chef Software, Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module Correctness
+        # The resource to notify when calling `notifies` or `subscribes` must be a string.
+        #
+        # @example
+        #
+        #   #### incorrect
+        #
+        #   template '/etc/www/configures-apache.conf' do
+        #     notifies :restart, service['apache'], :immediately
+        #   end
+        #
+        #   template '/etc/www/configures-apache.conf' do
+        #     notifies :restart, service[apache], :immediately
+        #   end
+        #
+        #   #### correct
+        #
+        #   template '/etc/www/configures-apache.conf' do
+        #     notifies :restart, 'service[apache]', :immediately
+        #   end
+        #
+        class InvalidNotificationResource < Base
+          MSG = 'The resource to notify when calling `notifies` or `subscribes` must be a string.'
+          RESTRICT_ON_SEND = [:notifies, :subscribes].freeze
+
+          def_node_matcher :invalid_notification?, <<-PATTERN
+            (send nil? {:notifies :subscribes} (sym _) $(send (send nil? _) :[] ...) ...)
+          PATTERN
+
+          def on_send(node)
+            invalid_notification?(node) do |resource|
+              add_offense(resource, message: MSG, severity: :refactor)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/chef/security/ssh_private_key.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+#
+# Copyright:: 2021-2022, Chef Software, Inc.
+# Author:: Tim Smith (<tsmith@chef.io>)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module RuboCop
+  module Cop
+    module Chef
+      module Security
+        # Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
+        #
+        # @example
+        #
+        #   #### incorrect
+        #   file '/Users/bob_bobberson/.ssh/id_rsa' do
+        #     content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
+        #     mode '600'
+        #   end
+        #
+        class SshPrivateKey < Base
+          MSG = 'Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.'
+
+          def on_send(node)
+            return unless node.arguments?
+            node.arguments.each do |arg|
+              next unless arg.str_type? || arg.dstr_type?
+
+              if arg.value.start_with?('-----BEGIN RSA PRIVATE', '-----BEGIN EC PRIVATE') # cookstyle: disable Chef/Security/SshPrivateKey
+                add_offense(node, message: MSG, severity: :warning)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/monkey_patches/directive_comment.rb

@@ -3,7 +3,7 @@ module RuboCop
   # we're monkey patching the config regex to allow for # cookstyle: disable whatever
   # in addition to the # rubocop: disable whatever that comes with RuboCop
   class DirectiveComment
-    remove_const('DIRECTIVE_COMMENT_REGEXP')
+    remove_const(:DIRECTIVE_COMMENT_REGEXP)
     DIRECTIVE_COMMENT_REGEXP = Regexp.new(
       "# (?:rubocop|cookstyle) : ((?:disable|enable|todo))\\b #{COPS_PATTERN}"
         .gsub(' ', '\s*')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cookstyle
 version: !ruby/object:Gem::Version
-  version: 7.25.9
+  version: 7.28.2
 platform: ruby
 authors:
 - Thom May
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-27 00:00:00.000000000 Z
+date: 2022-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -17,14 +17,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.22.3
+        version: 1.24.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.22.3
+        version: 1.24.1
 description: 
 email:
 - thom@chef.io
@@ -55,7 +55,9 @@ files:
 - lib/rubocop/cop/chef/correctness/conditional_ruby_shellout.rb
 - lib/rubocop/cop/chef/correctness/dnf_package_allow_downgrades.rb
 - lib/rubocop/cop/chef/correctness/incorrect_library_injection.rb
+- lib/rubocop/cop/chef/correctness/invalid_cookbook_name.rb
 - lib/rubocop/cop/chef/correctness/invalid_default_action.rb
+- lib/rubocop/cop/chef/correctness/invalid_notification_resource.rb
 - lib/rubocop/cop/chef/correctness/invalid_notification_timing.rb
 - lib/rubocop/cop/chef/correctness/invalid_platform_family_helper.rb
 - lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb
@@ -273,6 +275,7 @@ files:
 - lib/rubocop/cop/chef/redundant/unnecessary_desired_state.rb
 - lib/rubocop/cop/chef/redundant/unnecessary_name_property.rb
 - lib/rubocop/cop/chef/redundant/use_create_if_missing.rb
+- lib/rubocop/cop/chef/security/ssh_private_key.rb
 - lib/rubocop/cop/chef/sharing/default_maintainer_metadata.rb
 - lib/rubocop/cop/chef/sharing/empty_metadata_field.rb
 - lib/rubocop/cop/chef/sharing/include_property_descriptions.rb