gitlab-styles 6.6.0 → 8.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f43bff11daad05b1bb5f442c18f3fa7b8ef871e60f7675dd165f55b1515953f7
-  data.tar.gz: 57317b8cb40639df642e1d058f342eba63979b237f18cc5d5290065aef5a3a5f
+  metadata.gz: 6b56e4d8be26ddd4c64b078c7ba35ee9cde92ee9aa8510303fc8e56f55d76b4c
+  data.tar.gz: 9e3aae79876619f3f189ad51133ad0e5b6c9f2b50a9d08fcaa1d37275bfe4ccc
 SHA512:
-  metadata.gz: bb319a3ada8ae43e77ba1de5aeb4234e9c6d8c97848f3ae3870222a4b0a4f4ae2f8f2d6356f8cd9b9747101482758834ceacb5cd2cef09519fd17e736a272c05
-  data.tar.gz: bb37685d5084df12a4820c47ce43ec0106aa50e05f9a7ddbde97c9956a7ec50e62fac388a968ba909c356c66324511fa5f407455b538ea1d183d2fa2f20367d1
+  metadata.gz: 7bf2ad47042480c6e187b5643c963e8e2560c8f7d38ed9431308902b0074aca0a52f740790fc2cd82e59611e50156b7dc18d89a562b17c1c8cce2c1db3ebe50b
+  data.tar.gz: b97431178490c4344cf1eaec23c1bf2596b7e44a2a8182ea2295add370e7e0c67da6bfa5fc4b213540306a681534e62272736669549e2949168b09bc4b1ddf8d

data/.gitlab/changelog_config.yml

@@ -0,0 +1,13 @@
+---
+# Settings for generating changelogs using the GitLab API. See
+# https://docs.gitlab.com/ee/api/repositories.html#generate-changelog-data for
+# more information.
+categories:
+  added: Added
+  fixed: Fixed
+  changed: Changed
+  deprecated: Deprecated
+  removed: Removed
+  security: Security
+  performance: Performance
+  other: Other

data/.gitlab/merge_request_templates/Release.md

@@ -1,35 +1,13 @@
-<!-- Replace `v4.5.0` with the previous release here, and `e18d76b309e42888759c1effe96767f13e34ae55`
-with the latest commit from https://gitlab.com/gitlab-org/gitlab-styles/commits/master that will be included in the release. -->
-- Diff: https://gitlab.com/gitlab-org/gitlab-styles/compare/v4.5.0...e18d76b309e42888759c1effe96767f13e34ae55
+<!-- Replace `<PREVIOUS_VERSION>` with the previous version number here, `<COMMIT_UPDATING_VERSION>` with the latest
+commit from this merge request, and `<NEW_VERSION>` with the upcoming version number. -->
+## Diff
 
-- Release notes:
+https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/compare/v<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
 
-<!-- Keep the sections order but remove the empty sections -->
+## Checklist
 
-```markdown
-### New features and features updates
+- [ ] Diff link is up-to-date.
+- [ ] Check the release notes: https://gitlab.com/api/v4/projects/4176070/repository/changelog?version=<NEW_VERSION>
+- [ ] Based on the diff and the release notes, `version.rb` is updated, according to [SemVer](https://semver.org).
 
-- !aaa <Title of the aaa MR>.
-
-### Fixes
-
-- !bbb <Title of the bbb MR>.
-
-### Doc changes
-
-- !ccc <Title of the ccc MR>.
-
-### Other changes (tooling, technical debt)
-
-- !ddd <Title of the ddd MR>.
-```
-
-- Checklist before merging:
-  - [ ] Diff link is up-to-date.
-  - [ ] Based on the diff, `lib/gitlab/styles/version.rb` is updated, according to [SemVer](https://semver.org).
-  - [ ] Release notes are accurate.
-
-- Checklist after merging:
-  - [ ] [Update the release notes for the newly created tag](docs/release_process.md#how-to).
-
-/label ~"Engineering Productivity" ~"feature" ~"feature::maintenance" ~"static code analysis"
+/label ~"type::maintenance" ~"static code analysis"

data/.gitlab-ci.yml

@@ -31,4 +31,6 @@ specs:
 
 include:
   - project: 'gitlab-org/quality/pipeline-common'
-    file: '/ci/gem-release.yml'
+    file:
+      - '/ci/gem-release.yml'
+      - '/ci/danger-review.yml'

data/Dangerfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'gitlab-dangerfiles'
+
+Gitlab::Dangerfiles.for_project(self, &:import_defaults)

data/gitlab-styles.gemspec

@@ -30,6 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rubocop-rspec', '~> 1.44'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
+  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

data/lib/gitlab/styles/common/banned_constants.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Common
+      module BannedConstants
+        attr_reader :replacements, :message_template, :autocorrect
+
+        def on_const(node)
+          constant = node.source.delete_prefix('::')
+
+          return unless replacements.key?(constant)
+
+          replacement = replacements.fetch(constant)
+          message = format(message_template, { replacement: replacement })
+
+          add_offense(node, message: message) do |corrector|
+            next unless autocorrect
+
+            replacement = "::#{replacement}" if node.source.start_with?("::")
+
+            corrector.replace(node, replacement)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/model_helpers.rb

@@ -3,7 +3,7 @@
 module Gitlab
   module Styles
     module Rubocop
-      module ModelHelpers
+      module Gitlab::Styles::Rubocop::ModelHelpers
         # Returns true if the given node originated from the models directory.
         def in_model?(node)
           path = node.location.expression.source_buffer.name

data/lib/gitlab/styles/rubocop.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-# Auto-require all cops under `gitlab/styles/rubocop/cop/**/*.rb`
-cops_glob = File.join(__dir__, 'rubocop', 'cop', '**', '*.rb')
+# Auto-require all cops under `rubocop/cop/**/*.rb`
+cops_glob = File.join(__dir__, '..', '..', 'rubocop', 'cop', '**', '*.rb')
 Dir[cops_glob].sort.each { |cop| require(cop) }
 
 module Gitlab

data/lib/gitlab/styles/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Styles
-    VERSION = '6.6.0'
+    VERSION = '8.0.0'
   end
 end

data/lib/rubocop/cop/active_record_dependent.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `dependent: ...` in ActiveRecord models.
+    class ActiveRecordDependent < RuboCop::Cop::Cop
+      include Gitlab::Styles::Rubocop::ModelHelpers
+
+      MSG = 'Do not use `dependent:` to remove associated data, ' \
+        'use foreign keys with cascading deletes instead.'
+
+      METHOD_NAMES = [:has_many, :has_one, :belongs_to].freeze
+      ALLOWED_OPTIONS = [:restrict_with_error].freeze
+
+      def on_send(node)
+        return unless in_model?(node)
+        return unless METHOD_NAMES.include?(node.children[1])
+
+        node.children.last.each_node(:pair) do |pair|
+          key_name = pair.children[0].children[0]
+          option_name = pair.children[1].children[0]
+
+          break if ALLOWED_OPTIONS.include?(option_name)
+
+          add_offense(pair) if key_name == :dependent
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/active_record_serialize.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `serialize` in ActiveRecord models.
+    class ActiveRecordSerialize < RuboCop::Cop::Cop
+      include Gitlab::Styles::Rubocop::ModelHelpers
+
+      MSG = 'Do not store serialized data in the database, use separate columns and/or tables instead'
+
+      def on_send(node)
+        return unless in_model?(node)
+
+        add_offense(node, location: :selector) if node.children[1] == :serialize
+      end
+    end
+  end
+end

data/lib/rubocop/cop/avoid_return_from_blocks.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # Checks for return inside blocks.
+    # For more information see: https://gitlab.com/gitlab-org/gitlab-foss/issues/42889
+    #
+    # @example
+    #   # bad
+    #   call do
+    #     return if something
+    #
+    #     do_something_else
+    #   end
+    #
+    #   # good
+    #   call do
+    #     break if something
+    #
+    #     do_something_else
+    #   end
+    #
+    class AvoidReturnFromBlocks < RuboCop::Cop::Cop
+      MSG = 'Do not return from a block, use next or break instead.'
+      DEF_METHODS = %i[define_method lambda].freeze
+      WHITELISTED_METHODS = %i[each each_filename times loop].freeze
+
+      def on_block(node)
+        block_body = node.body
+
+        return unless block_body
+        return unless top_block?(node)
+
+        block_body.each_node(:return) do |return_node|
+          next if parent_blocks(node, return_node).all? { |block| whitelisted?(block) }
+
+          add_offense(return_node)
+        end
+      end
+
+      private
+
+      def top_block?(node)
+        current_node = node
+        top_block = nil
+
+        while current_node && current_node.type != :def
+          top_block = current_node if current_node.block_type?
+          current_node = current_node.parent
+        end
+
+        top_block == node
+      end
+
+      def parent_blocks(node, current_node)
+        blocks = []
+
+        until node == current_node || def?(current_node)
+          blocks << current_node if current_node.block_type?
+          current_node = current_node.parent
+        end
+
+        blocks << node if node == current_node && !def?(node)
+        blocks
+      end
+
+      def def?(node)
+        node.def_type? || node.defs_type? ||
+          (node.block_type? && DEF_METHODS.include?(node.method_name))
+      end
+
+      def whitelisted?(block_node)
+        WHITELISTED_METHODS.include?(block_node.method_name)
+      end
+    end
+  end
+end

data/lib/rubocop/cop/code_reuse/active_record.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    module CodeReuse
+      # Cop that denies the use of ActiveRecord methods outside of models.
+      class ActiveRecord < RuboCop::Cop::Cop
+        MSG = 'This method can only be used inside an ActiveRecord model: ' \
+    'https://gitlab.com/gitlab-org/gitlab-foss/issues/49653'
+
+        # Various methods from ActiveRecord::Querying that are denied. We
+        # exclude some generic ones such as `any?` and `first`, as these may
+        # lead to too many false positives, since `Array` also supports these
+        # methods.
+        #
+        # The keys of this Hash are the denied method names. The values are
+        # booleans that indicate if the method should only be denied if any
+        # arguments are provided.
+        NOT_ALLOWED = {
+          average: true,
+          calculate: true,
+          count_by_sql: true,
+          create_with: true,
+          distinct: false,
+          eager_load: true,
+          exists?: true,
+          find_by: true,
+          find_by!: true,
+          find_by_sql: true,
+          find_each: true,
+          find_in_batches: true,
+          find_or_create_by: true,
+          find_or_create_by!: true,
+          find_or_initialize_by: true,
+          first!: false,
+          first_or_create: true,
+          first_or_create!: true,
+          first_or_initialize: true,
+          from: true,
+          group: true,
+          having: true,
+          ids: false,
+          includes: true,
+          joins: true,
+          lock: false,
+          many?: false,
+          offset: true,
+          order: true,
+          pluck: true,
+          preload: true,
+          readonly: false,
+          references: true,
+          reorder: true,
+          rewhere: true,
+          take: false,
+          take!: false,
+          unscope: false,
+          where: false,
+          with: true
+        }.freeze
+
+        def on_send(node)
+          receiver = node.children[0]
+          send_name = node.children[1]
+          first_arg = node.children[2]
+
+          return unless receiver && NOT_ALLOWED.key?(send_name)
+
+          # If the rule requires an argument to be given, but none are
+          # provided, we won't register an offense. This prevents us from
+          # adding offenses for `project.group`, while still covering
+          # `Project.group(:name)`.
+          return if NOT_ALLOWED[send_name] && !first_arg
+
+          add_offense(node, location: :selector)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/custom_error_class.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # This cop makes sure that custom error classes, when empty, are declared
+    # with Class.new.
+    #
+    # @example
+    #   # bad
+    #   class FooError < StandardError
+    #   end
+    #
+    #   # okish
+    #   class FooError < StandardError; end
+    #
+    #   # good
+    #   FooError = Class.new(StandardError)
+    class CustomErrorClass < RuboCop::Cop::Cop
+      MSG = 'Use `Class.new(SuperClass)` to define an empty custom error class.'
+
+      def on_class(node)
+        parent = node.parent_class
+        body = node.body
+
+        return if body
+
+        parent_klass = class_name_from_node(parent)
+
+        return unless parent_klass&.to_s&.end_with?('Error')
+
+        add_offense(node)
+      end
+
+      def autocorrect(node)
+        klass = node.identifier
+        parent = node.parent_class
+
+        replacement = "#{class_name_from_node(klass)} = Class.new(#{class_name_from_node(parent)})"
+
+        lambda do |corrector|
+          corrector.replace(node.source_range, replacement)
+        end
+      end
+
+      private
+
+      # The nested constant `Foo::Bar::Baz` looks like:
+      #
+      #   s(:const,
+      #     s(:const,
+      #       s(:const, nil, :Foo), :Bar), :Baz)
+      #
+      # So recurse through that to get the name as written in the source.
+      #
+      def class_name_from_node(node, suffix = nil)
+        return unless node&.type == :const
+
+        name = node.children[1].to_s
+        name = "#{name}::#{suffix}" if suffix
+
+        if node.children[0]
+          class_name_from_node(node.children[0], name)
+        else
+          name
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/md5.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class MD5 < RuboCop::Cop::Base
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'MD5 is not FIPS-compliant. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'OpenSSL::Digest::MD5' => 'OpenSSL::Digest::SHA256',
+          'Digest::MD5' => 'OpenSSL::Digest::SHA256'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = false
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/open_ssl.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class OpenSSL < RuboCop::Cop::Base
+        extend RuboCop::Cop::AutoCorrector
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'Usage of this class is not FIPS-compliant. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'Digest::SHA1' => 'OpenSSL::Digest::SHA1',
+          'Digest::SHA2' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA256' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA384' => 'OpenSSL::Digest::SHA384',
+          'Digest::SHA512' => 'OpenSSL::Digest::SHA512'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = true
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/sha1.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class SHA1 < RuboCop::Cop::Base
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'SHA1 is likely to become non-compliant in the near future. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'OpenSSL::Digest::SHA1' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA1' => 'OpenSSL::Digest::SHA256'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = false
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/gem_fetcher.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # This cop prevents usage of the `git` and `github` arguments to `gem` in a
+    # `Gemfile` in order to avoid additional points of failure beyond
+    # rubygems.org.
+    class GemFetcher < RuboCop::Cop::Cop
+      MSG = 'Do not use gems from git repositories, only use gems from RubyGems.'
+
+      GIT_KEYS = [:git, :github].freeze
+
+      def on_send(node)
+        return unless gemfile?(node)
+
+        func_name = node.children[1]
+        return unless func_name == :gem
+
+        node.children.last.each_node(:pair) do |pair|
+          key_name = pair.children[0].children[0].to_sym
+          add_offense(node, location: pair.source_range) if GIT_KEYS.include?(key_name)
+        end
+      end
+
+      private
+
+      def gemfile?(node)
+        node
+          .location
+          .expression
+          .source_buffer
+          .name
+          .end_with?("Gemfile")
+      end
+    end
+  end
+end

data/lib/rubocop/cop/in_batches.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `in_batches`
+    class InBatches < RuboCop::Cop::Cop
+      MSG = 'Do not use `in_batches`, use `each_batch` from the EachBatch module instead'
+
+      def on_send(node)
+        return unless node.children[1] == :in_batches
+
+        add_offense(node, location: :selector)
+      end
+    end
+  end
+end

data/lib/rubocop/cop/internal_affairs/deprecate_cop_helper.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    module InternalAffairs
+      # Cop that denies the use of CopHelper.
+      class DeprecateCopHelper < RuboCop::Cop::Cop
+        MSG = 'Do not use `CopHelper` or methods from it, use improved patterns described in https://www.rubydoc.info/gems/rubocop/RuboCop/RSpec/ExpectOffense'
+
+        def_node_matcher :cop_helper, <<~PATTERN
+          (send nil? ${:include :extend :prepend}
+            (const _ {:CopHelper}))
+        PATTERN
+
+        def_node_search :cop_helper_method, <<~PATTERN
+          (send nil? {:inspect_source :inspect_source_file :parse_source :autocorrect_source_file :autocorrect_source :_investigate} ...)
+        PATTERN
+
+        def_node_search :cop_helper_method_on_instance, <<~PATTERN
+          (send (send nil? _) {:messages :highlights :offenses} ...)
+        PATTERN
+
+        def on_send(node)
+          cop_helper(node) do
+            add_offense(node)
+          end
+
+          cop_helper_method(node) do
+            add_offense(node)
+          end
+
+          cop_helper_method_on_instance(node) do
+            add_offense(node)
+          end
+        end
+      end
+    end
+  end
+end