gitlab-styles 6.5.0 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f15e657637a0d30fed824f3d8312b970b9ee9bebc5a0feb603b83fa884b1705
-  data.tar.gz: fef3baec21ab04501f316d754a02aab77fb4dc816a048f87070d6d1b4a28f74c
+  metadata.gz: bdbe53a3630aedb6f9a4eb87e46ab9becc5b924dbaf2122eca8f8634ffa46d11
+  data.tar.gz: 8b64b09817b3d57edec615305e973f9aa86312bfc19b25cf999111f721d16cf3
 SHA512:
-  metadata.gz: 9954e550cf2ead877c73939a6f20893be5a584eb2c4f0850ea2cb5c8f4e976f3a20d3f910c0a39072c87e666cba51a8f5d283c56e33e2b2db76b1376f18cab7f
-  data.tar.gz: a54833e11f28072707ca11e21428820d888a8c95f89a5577e2633d324311400eca5d277b93311a405239397ca9ad3abac2a9982fcd5ace63f5a4491af970d513
+  metadata.gz: 691d29df5dd389a90f9169e0caa3637c5abad270eeab8e55742b2d45542056d819c18f24723b1e897e1f1cc343d1a6aa740efcb17df1eb6b1517ef580ad2dabd
+  data.tar.gz: e1ceae95be87aec10561836e415f7d12d3e59404d24604097efae1fb99290038eb77d1013f03982fae00d5ad1c819d72385a505b247580b2d16c32c7c390e7c2

data/.gitlab/changelog_config.yml

@@ -0,0 +1,13 @@
+---
+# Settings for generating changelogs using the GitLab API. See
+# https://docs.gitlab.com/ee/api/repositories.html#generate-changelog-data for
+# more information.
+categories:
+  added: Added
+  fixed: Fixed
+  changed: Changed
+  deprecated: Deprecated
+  removed: Removed
+  security: Security
+  performance: Performance
+  other: Other

data/.gitlab/merge_request_templates/Release.md

@@ -1,35 +1,13 @@
-<!-- Replace `v4.5.0` with the previous release here, and `e18d76b309e42888759c1effe96767f13e34ae55`
-with the latest commit from https://gitlab.com/gitlab-org/gitlab-styles/commits/master that will be included in the release. -->
-- Diff: https://gitlab.com/gitlab-org/gitlab-styles/compare/v4.5.0...e18d76b309e42888759c1effe96767f13e34ae55
+<!-- Replace `<PREVIOUS_VERSION>` with the previous version number here, `<COMMIT_UPDATING_VERSION>` with the latest
+commit from this merge request, and `<NEW_VERSION>` with the upcoming version number. -->
+## Diff
 
-- Release notes:
+https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/compare/v<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
 
-<!-- Keep the sections order but remove the empty sections -->
+## Checklist
 
-```markdown
-### New features and features updates
+- [ ] Diff link is up-to-date.
+- [ ] Check the release notes: https://gitlab.com/api/v4/projects/4176070/repository/changelog?version=<NEW_VERSION>
+- [ ] Based on the diff and the release notes, `version.rb` is updated, according to [SemVer](https://semver.org).
 
-- !aaa <Title of the aaa MR>.
-
-### Fixes
-
-- !bbb <Title of the bbb MR>.
-
-### Doc changes
-
-- !ccc <Title of the ccc MR>.
-
-### Other changes (tooling, technical debt)
-
-- !ddd <Title of the ddd MR>.
-```
-
-- Checklist before merging:
-  - [ ] Diff link is up-to-date.
-  - [ ] Based on the diff, `lib/gitlab/styles/version.rb` is updated, according to [SemVer](https://semver.org).
-  - [ ] Release notes are accurate.
-
-- Checklist after merging:
-  - [ ] [Update the release notes for the newly created tag](docs/release_process.md#how-to).
-
-/label ~"Engineering Productivity" ~"feature" ~"feature::maintenance" ~"static code analysis"
+/label ~"type::maintenance" ~"static code analysis"

data/.gitlab-ci.yml

@@ -31,4 +31,6 @@ specs:
 
 include:
   - project: 'gitlab-org/quality/pipeline-common'
-    file: '/ci/gem-release.yml'
+    file:
+      - '/ci/gem-release.yml'
+      - '/ci/danger-review.yml'

data/Dangerfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'gitlab-dangerfiles'
+
+Gitlab::Dangerfiles.for_project(self, &:import_defaults)

data/gitlab-styles.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['gitlab_rubygems@gitlab.com']
 
   spec.summary       = 'GitLab style guides and shared style configs.'
-  spec.homepage      = 'https://gitlab.com/gitlab-org/gitlab-styles'
+  spec.homepage      = 'https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles'
   spec.license       = 'MIT'
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
@@ -30,6 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rubocop-rspec', '~> 1.44'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
+  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

data/lib/gitlab/styles/common/banned_constants.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Common
+      module BannedConstants
+        attr_reader :replacements, :message_template, :autocorrect
+
+        def on_const(node)
+          constant = node.source.delete_prefix('::')
+
+          return unless replacements.key?(constant)
+
+          replacement = replacements.fetch(constant)
+          message = format(message_template, { replacement: replacement })
+
+          add_offense(node, message: message) do |corrector|
+            next unless autocorrect
+
+            replacement = "::#{replacement}" if node.source.start_with?("::")
+
+            corrector.replace(node, replacement)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/active_record_dependent.rb

@@ -10,10 +10,11 @@ module Gitlab
         class ActiveRecordDependent < RuboCop::Cop::Cop
           include ModelHelpers
 
-          MSG = 'Do not use `dependent: to remove associated data, ' \
-            'use foreign keys with cascading deletes instead'
+          MSG = 'Do not use `dependent:` to remove associated data, ' \
+            'use foreign keys with cascading deletes instead.'
 
           METHOD_NAMES = [:has_many, :has_one, :belongs_to].freeze
+          ALLOWED_OPTIONS = [:restrict_with_error].freeze
 
           def on_send(node)
             return unless in_model?(node)
@@ -21,6 +22,9 @@ module Gitlab
 
             node.children.last.each_node(:pair) do |pair|
               key_name = pair.children[0].children[0]
+              option_name = pair.children[1].children[0]
+
+              break if ALLOWED_OPTIONS.include?(option_name)
 
               add_offense(pair) if key_name == :dependent
             end

data/lib/gitlab/styles/rubocop/cop/avoid_return_from_blocks.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        # Checks for return inside blocks.
+        # For more information see: https://gitlab.com/gitlab-org/gitlab-foss/issues/42889
+        #
+        # @example
+        #   # bad
+        #   call do
+        #     return if something
+        #
+        #     do_something_else
+        #   end
+        #
+        #   # good
+        #   call do
+        #     break if something
+        #
+        #     do_something_else
+        #   end
+        #
+        class AvoidReturnFromBlocks < RuboCop::Cop::Cop
+          MSG = 'Do not return from a block, use next or break instead.'
+          DEF_METHODS = %i[define_method lambda].freeze
+          WHITELISTED_METHODS = %i[each each_filename times loop].freeze
+
+          def on_block(node)
+            block_body = node.body
+
+            return unless block_body
+            return unless top_block?(node)
+
+            block_body.each_node(:return) do |return_node|
+              next if parent_blocks(node, return_node).all? { |block| whitelisted?(block) }
+
+              add_offense(return_node)
+            end
+          end
+
+          private
+
+          def top_block?(node)
+            current_node = node
+            top_block = nil
+
+            while current_node && current_node.type != :def
+              top_block = current_node if current_node.block_type?
+              current_node = current_node.parent
+            end
+
+            top_block == node
+          end
+
+          def parent_blocks(node, current_node)
+            blocks = []
+
+            until node == current_node || def?(current_node)
+              blocks << current_node if current_node.block_type?
+              current_node = current_node.parent
+            end
+
+            blocks << node if node == current_node && !def?(node)
+            blocks
+          end
+
+          def def?(node)
+            node.def_type? || node.defs_type? ||
+              (node.block_type? && DEF_METHODS.include?(node.method_name))
+          end
+
+          def whitelisted?(block_node)
+            WHITELISTED_METHODS.include?(block_node.method_name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/code_reuse/active_record.rb

@@ -76,52 +76,6 @@ module Gitlab
 
               add_offense(node, location: :selector)
             end
-
-            # We can not auto correct code like this, as it requires manual
-            # refactoring. Instead, we'll just allow the surrounding scope.
-            #
-            # Despite this method's presence, you should not use it. This method
-            # exists to make it possible to allow large chunks of offenses we
-            # can't fix in the short term. If you are writing new code, follow the
-            # code reuse guidelines, instead of allowing any new offenses.
-            def autocorrect(node)
-              scope = surrounding_scope_of(node)
-              indent = indentation_of(scope)
-
-              lambda do |corrector|
-                # This prevents us from inserting the same enable/disable comment
-                # for a method or block that has multiple offenses.
-                next if allowed_scopes.include?(scope)
-
-                corrector.insert_before(
-                  scope.source_range,
-                  "# rubocop: disable #{cop_name}\n#{indent}"
-                )
-
-                corrector.insert_after(
-                  scope.source_range,
-                  "\n#{indent}# rubocop: enable #{cop_name}"
-                )
-
-                allowed_scopes << scope
-              end
-            end
-
-            def indentation_of(node)
-              ' ' * node.loc.expression.source_line[/\A */].length
-            end
-
-            def surrounding_scope_of(node)
-              %i[def defs block begin].each do |type|
-                if (found = node.each_ancestor(type).first)
-                  return found
-                end
-              end
-            end
-
-            def allowed_scopes
-              @allowed_scopes ||= Set.new
-            end
           end
         end
       end

data/lib/gitlab/styles/rubocop/cop/fips/md5.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class MD5 < RuboCop::Cop::Base
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'MD5 is not FIPS-compliant. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'OpenSSL::Digest::MD5' => 'OpenSSL::Digest::SHA256',
+              'Digest::MD5' => 'OpenSSL::Digest::SHA256'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = false
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/fips/open_ssl.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class OpenSSL < RuboCop::Cop::Base
+            extend RuboCop::Cop::AutoCorrector
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'Usage of this class is not FIPS-compliant. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'Digest::SHA1' => 'OpenSSL::Digest::SHA1',
+              'Digest::SHA2' => 'OpenSSL::Digest::SHA2',
+              'Digest::SHA256' => 'OpenSSL::Digest::SHA256',
+              'Digest::SHA384' => 'OpenSSL::Digest::SHA384',
+              'Digest::SHA512' => 'OpenSSL::Digest::SHA512'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = true
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/fips/sha1.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class SHA1 < RuboCop::Cop::Base
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'SHA1 is likely to become non-compliant in the near future. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'OpenSSL::Digest::SHA1' => 'OpenSSL::Digest::SHA256',
+              'Digest::SHA1' => 'OpenSSL::Digest::SHA256'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = false
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/performance/rubyzip.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Performance
+          # This cop flags inefficient uses of rubyzip's Zip::File, since when instantiated
+          # it reads the file's Central Directory into memory entirely. For zips with many
+          # files and directories, this can be very expensive even when the archive's size
+          # in bytes is small.
+          #
+          # See also:
+          # - https://github.com/rubyzip/rubyzip/issues/506
+          # - https://github.com/rubyzip/rubyzip#notes-on-zipinputstream
+          class Rubyzip < RuboCop::Cop::Cop
+            MSG = 'Be careful when opening or iterating zip files via Zip::File. ' \
+                  'Zip archives may contain many entries, and their file index is ' \
+                  'read into memory upon construction, which can lead to ' \
+                  'high memory use and poor performance. ' \
+                  'Consider iterating archive entries via Zip::InputStream instead.'
+
+            def_node_matcher :reads_central_directory?, <<-PATTERN
+              (send
+                (const
+                  (const {nil? (cbase)} :Zip) :File) {:new :open :foreach} ...)
+            PATTERN
+
+            def on_send(node)
+              return unless reads_central_directory?(node)
+
+              add_offense(node)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Styles
-    VERSION = '6.5.0'
+    VERSION = '7.1.0'
   end
 end

data/rubocop-default.yml

@@ -10,6 +10,7 @@ require:
 inherit_from:
   - rubocop-all.yml
   - rubocop-bundler.yml
+  - rubocop-fips.yml
   - rubocop-gemspec.yml
   - rubocop-graphql.yml
   - rubocop-layout.yml

data/rubocop-fips.yml

@@ -0,0 +1,15 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+# Denies usage of MD5
+Fips/MD5:
+  Enabled: true
+
+# Denies usage of SHA1
+Fips/SHA1:
+  Enabled: true
+
+# Replaces ::Digest with ::OpenSSL::Digest
+Fips/OpenSSL:
+  Enabled: true

data/rubocop-performance.yml

@@ -1,6 +1,7 @@
 ---
 require:
   - rubocop-performance
+  - ./lib/gitlab/styles/rubocop
 
 # Used to identify usages of ancestors.include? and change them to use ⇐ instead.
 # https://docs.rubocop.org/rubocop-performance/1.8/cops_performance.html#performanceancestorsinclude
@@ -112,3 +113,9 @@ Performance/Sum:
 # Checks for `.times.map` calls.
 Performance/TimesMap:
   Enabled: true
+
+# Flags potentially expensive operations on ZIP archives.
+Performance/Rubyzip:
+  Enabled: true
+  Exclude:
+    - 'spec/**/*'

data/rubocop-rspec.yml

@@ -95,8 +95,9 @@ RSpec/ImplicitExpect:
   EnforcedStyle: is_expected
 
 # Checks for the usage of instance variables.
+# https://docs.gitlab.com/ee/development/testing_guide/best_practices.html#subject-and-let-variables
 RSpec/InstanceVariable:
-  Enabled: false
+  Enabled: true
 
 # Checks for `subject` definitions that come after `let` definitions.
 RSpec/LeadingSubject:
@@ -157,4 +158,4 @@ RSpec/SubjectStub:
 
 # Prefer using verifying doubles over normal doubles.
 RSpec/VerifiedDoubles:
-  Enabled: false
+  Enabled: true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-styles
 version: !ruby/object:Gem::Version
-  version: 6.5.0
+  version: 7.1.0
 platform: ruby
 authors:
 - GitLab
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-11-17 00:00:00.000000000 Z
+date: 2022-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -114,6 +114,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: gitlab-dangerfiles
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.11.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -152,12 +166,14 @@ files:
 - ".editorconfig"
 - ".gitignore"
 - ".gitlab-ci.yml"
+- ".gitlab/changelog_config.yml"
 - ".gitlab/merge_request_templates/New Static Analysis Check.md"
 - ".gitlab/merge_request_templates/Release.md"
 - ".rspec"
 - ".rubocop.yml"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
+- Dangerfile
 - Gemfile
 - LICENSE.md
 - README.md
@@ -166,17 +182,23 @@ files:
 - bin/setup
 - gitlab-styles.gemspec
 - lib/gitlab/styles.rb
+- lib/gitlab/styles/common/banned_constants.rb
 - lib/gitlab/styles/rubocop.rb
 - lib/gitlab/styles/rubocop/cop/active_record_dependent.rb
 - lib/gitlab/styles/rubocop/cop/active_record_serialize.rb
+- lib/gitlab/styles/rubocop/cop/avoid_return_from_blocks.rb
 - lib/gitlab/styles/rubocop/cop/code_reuse/active_record.rb
 - lib/gitlab/styles/rubocop/cop/custom_error_class.rb
+- lib/gitlab/styles/rubocop/cop/fips/md5.rb
+- lib/gitlab/styles/rubocop/cop/fips/open_ssl.rb
+- lib/gitlab/styles/rubocop/cop/fips/sha1.rb
 - lib/gitlab/styles/rubocop/cop/gem_fetcher.rb
 - lib/gitlab/styles/rubocop/cop/in_batches.rb
 - lib/gitlab/styles/rubocop/cop/internal_affairs/deprecate_cop_helper.rb
 - lib/gitlab/styles/rubocop/cop/line_break_after_guard_clauses.rb
 - lib/gitlab/styles/rubocop/cop/line_break_around_conditional_block.rb
 - lib/gitlab/styles/rubocop/cop/migration/update_large_table.rb
+- lib/gitlab/styles/rubocop/cop/performance/rubyzip.rb
 - lib/gitlab/styles/rubocop/cop/polymorphic_associations.rb
 - lib/gitlab/styles/rubocop/cop/rails/include_url_helper.rb
 - lib/gitlab/styles/rubocop/cop/redirect_with_status.rb
@@ -199,6 +221,7 @@ files:
 - rubocop-bundler.yml
 - rubocop-code_reuse.yml
 - rubocop-default.yml
+- rubocop-fips.yml
 - rubocop-gemspec.yml
 - rubocop-graphql.yml
 - rubocop-layout.yml
@@ -211,7 +234,7 @@ files:
 - rubocop-rspec.yml
 - rubocop-security.yml
 - rubocop-style.yml
-homepage: https://gitlab.com/gitlab-org/gitlab-styles
+homepage: https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles
 licenses:
 - MIT
 metadata: {}