ezcater_rubocop 6.0.2 → 6.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74dad3c36b4474ebb1ed730e204ed1256715708736a388dc809ae106256b3b08
-  data.tar.gz: 34751bbd4b890ba18a534bc5f47860cc6e00121d43ce3b398ddcb921c56afbb0
+  metadata.gz: 144220e45db4ba03e7754c0f656cafe7650da1669157b65396c818762e7d9185
+  data.tar.gz: b1e19818de9418e2a822ef0d1a3c067870ed36d26c7addb6d831776b4590a25d
 SHA512:
-  metadata.gz: c9762748a349377a1f673572a21e5fd71ad80f4a5213f4fb1b95670c65b6cb7093e77b7d01168d0cd8e2bc6947321ebcf8d888f6f9fe945e9d70daee1ad019b1
-  data.tar.gz: e8da642c516edf9dd7a916ae664261aab3db90873fd68247012a017b22d5affac97f806bc4dbd3a5a2721ab3ebf64d97ade3bf75bc6a872e59b34d01bcfa9d5e
+  metadata.gz: 6da4228e123e62619f9ac2e66f53e766cd8a15160f6362fc7e33009b39749028a6e1dd4d835caa8fa101afe71dc743f6947622e43d2d3530b1ee23b3e539fadc
+  data.tar.gz: 6cbe86a738c2567d5829b58b18cc23e13f05125b4c19ebd7ad41ddbcc5945cc08774740353708488e9c88235bdf85dc5f317f7654322255c8e9bcc10c4489076

data/.github/workflows/codeql.yml

@@ -0,0 +1,71 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+    # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#avoiding-unnecessary-scans-of-pull-requests
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.txt'
+  schedule:
+    - cron: '41 22 * * 5'
+
+jobs:
+  scan:
+    name: Scan
+    runs-on: [ ubuntu-latest ]
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      # Setting fail-fast to false to prevent a failed scan in
+      # any of the matrix.language's from stopping the other scans
+      # If there are multiple offenses, better to find/report them
+      # all at once
+      fail-fast: false
+      matrix:
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]      
+        # https://aka.ms/codeql-docs/language-support
+        language: [ 'ruby' ]
+        
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

data/.github/workflows/dependency-review.yml

@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          # Possible values: "critical", "high", "moderate", "low" 
+          fail-on-severity: high

data/CHANGELOG.md

@@ -6,6 +6,9 @@ This gem is moving onto its own [Semantic Versioning](https://semver.org/) schem
 
 Prior to v1.0.0 this gem was versioned based on the `MAJOR`.`MINOR` version of RuboCop. The first release of the ezcater_rubocop gem was `v0.49.0`.
 
+## 6.0.3
+- Fix `FeatureFlagActive` cop so that it allows feature flag names to be constants and dot method calls in addition to strings.
+
 ## 6.0.2
 - Upgrade rubocop-rspec to v2.22.0 to use the new FactoryBot namespaces.
 - Fix the following wrong namespaces related to `FactoryBot`: `RSpec/FactoryBot/AttributeDefinedStatically`, `RSpec/FactoryBot/CreateList` and `RSpec/FactoryBot/FactoryClassName`.

data/lib/ezcater_rubocop/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module EzcaterRubocop
-  VERSION = "6.0.2"
+  VERSION = "6.0.3"
 end

data/lib/ezcater_rubocop.rb

@@ -23,6 +23,7 @@ require "rubocop/cop/ezcater/rails_configuration"
 require "rubocop/cop/ezcater/rails_env"
 require "rubocop/cop/ezcater/ruby_timeout"
 require "rubocop/cop/ezcater/rails_top_level_sql_execute"
+require "rubocop/cop/ezcater/require_custom_error"
 require "rubocop/cop/ezcater/require_gql_error_helpers"
 require "rubocop/cop/ezcater/rspec_match_ordered_array"
 require "rubocop/cop/ezcater/rspec_require_browser_mock"

data/lib/rubocop/cop/ezcater/feature_flag_active.rb

@@ -12,15 +12,20 @@ module RuboCop
       #   EzFF.active?("FlagName", identifiers: ["user:12345", "user:23456"])
       #   EzFF.active?(defined_flag_name_var, tracking_id: "brand:12345")
       #   EzFF.active?(@flag_name_ivar, tracking_id: "brand:12345")
+      #   EzFF.active?(CONSTANT_NAME, tracking_id: "brand:12345")
+      #   EzFF.active?(config.flag_name, tracking_id: "brand:12345")
       #
       #   # bad
       #   EzFF.active?("FlagName")
       #   EzFF.active?(defined_flag_name_var)
       #   EzFF.active?(@flag_name_ivar)
+      #   EzFF.active?(:symbol_name, tracking_id: "brand:12345")
+      #   EzFF.active?(123, identifiers: ["user:12345"])
 
       class FeatureFlagActive < Cop
         MSG = "`EzFF.active?` must be called with at least one of `tracking_id` or `identifiers`"
-        FIRST_PARAM_MSG = "The first argument to `EzFF.active?` must be a string or predefined variable"
+        FIRST_PARAM_MSG = "The first argument to `EzFF.active?` must be a string literal or a variable " \
+        "or constant assigned to a string"
 
         def_node_matcher :ezff_active_one_arg, <<-PATTERN
           (send
@@ -30,7 +35,7 @@ module RuboCop
         def_node_matcher :args_matcher, <<-PATTERN
           (send
             (_ _ {:EzFF :EzcaterFeatureFlag}) :active?
-              ${str lvar ivar}
+              $_
               (_
                 (pair
                   (sym {:tracking_id :identifiers})
@@ -38,9 +43,9 @@ module RuboCop
                 ...))
         PATTERN
 
-        def_node_matcher :first_param_good, <<-PATTERN
+        def_node_matcher :first_param_bad, <<-PATTERN
           (send
-            (_ _ {:EzFF :EzcaterFeatureFlag}) :active? ${str lvar ivar} ...)
+            (_ _ {:EzFF :EzcaterFeatureFlag}) :active? ${sym int} ...)
         PATTERN
 
         def_node_matcher :method_call_matcher, <<-PATTERN
@@ -51,7 +56,7 @@ module RuboCop
         def on_send(node)
           return unless method_call_matcher(node)
 
-          if !first_param_good(node)
+          if first_param_bad(node)
             add_offense(node, location: :expression, message: FIRST_PARAM_MSG)
           end
 

data/lib/rubocop/cop/ezcater/require_custom_error.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Ezcater
+      # Checks for `raise` on `StandardError` and `ArgumentError`.
+      # We want to be explicit about the error we're raising and use a custom error
+      #
+      # @example
+      #   # bad
+      #   raise StandardError, "You can't do that"
+      #
+      #   # good
+      #   raise OrderActionNotAllowed
+
+      class RequireCustomError < Cop
+        MSG = "Use a custom error class that inherits from StandardError when raising an exception"
+
+        def_node_matcher :raising_standard_or_argument_error,
+                         "(send nil? {:raise :fail} (const nil? {:StandardError :ArgumentError} ...) ...)"
+
+        def_node_matcher :initializing_standard_or_argument_error,
+                         "(send nil? {:raise :fail} (send (const nil? {:StandardError :ArgumentError} ...) ...))"
+
+        def on_send(node)
+          raising_standard_or_argument_error(node) do
+            add_offense(node, message: format(MSG))
+          end
+
+          initializing_standard_or_argument_error(node) do
+            add_offense(node, message: format(MSG))
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ezcater_rubocop
 version: !ruby/object:Gem::Version
-  version: 6.0.2
+  version: 6.0.3
 platform: ruby
 authors:
 - ezCater, Inc
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-09 00:00:00.000000000 Z
+date: 2023-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -198,6 +198,8 @@ extra_rdoc_files: []
 files:
 - ".github/CODEOWNERS"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/codeql.yml"
+- ".github/workflows/dependency-review.yml"
 - ".tool-versions"
 - CHANGELOG.md
 - Gemfile
@@ -217,6 +219,7 @@ files:
 - lib/rubocop/cop/ezcater/rails_configuration.rb
 - lib/rubocop/cop/ezcater/rails_env.rb
 - lib/rubocop/cop/ezcater/rails_top_level_sql_execute.rb
+- lib/rubocop/cop/ezcater/require_custom_error.rb
 - lib/rubocop/cop/ezcater/require_gql_error_helpers.rb
 - lib/rubocop/cop/ezcater/rspec_dot_not_self_dot.rb
 - lib/rubocop/cop/ezcater/rspec_match_ordered_array.rb