gitlab-styles 7.0.0 → 9.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9fcbcb3937df65b5a6ef170918f4abd96786642c5ba2e379b4f0c3273cd21411
-  data.tar.gz: dde017a2f0091139175945e0bafd2f0d9c43f2ad280ca9f60c350093fe441dd2
+  metadata.gz: 410e573c3c17d84349a00ff756141e55ece0ba68c0d9aa23b76cfe2a8abde3ae
+  data.tar.gz: a2fb908127f5f31c8d4a235155b4b2ad3208802cfc01bf895321a522a270477b
 SHA512:
-  metadata.gz: ccd9e7b074e48b11b2c9d13f929b2f20d7fcd71e6ad89ae6eaf558d690f1122cbfa78ea145494ada2944ca5f37113ee1ac77fa88679b3194126e24b1c563063c
-  data.tar.gz: c38476316f30eed488850324802911e538369ba88a2110357d5b8c5dbb2be08fdf99119f640b05e2a11d90d703e7f2646425e2083a8d96fa96996bf1f7c2e966
+  metadata.gz: aa3f38ac00b776237c2a497ebb76d36e1ad51addc814ecbba7370a4d4cbeb0f67777131494a825431a2aa592d6597e57eaa83cae86ec452955b0399e1e46e1ec
+  data.tar.gz: 445dfab1d9c2f0874c1c7ddb65426bf32953515fcfe1e96b15a119914acc5258753182318b524ff2d8af86b0fb1769d09f0991ce1aa8d2d24cd2a22cfcbe62fb

data/.rubocop.yml

@@ -4,7 +4,18 @@ inherit_from:
 require:
   - rubocop/cop/internal_affairs
 
+AllCops:
+  NewCops: disable # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/40
+  SuggestExtensions: false # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/39
+
 InternalAffairs/DeprecateCopHelper:
   Enabled: true
   Include:
     - spec/**/*.rb
+
+# This only makes sense for cops that are included with RuboCop. We could add
+# our own config/default.yml and do something like
+# https://github.com/rubocop/rubocop-rspec/blob/master/lib/rubocop/rspec/inject.rb,
+# but realistically this is OK here.
+InternalAffairs/UndefinedConfig:
+  Enabled: false

data/Gemfile

@@ -7,7 +7,7 @@ gemspec
 
 group :test do
   # Pin these dependencies, otherwise a new rule could break the CI pipelines
-  gem 'rubocop', '0.91.1'
-  gem 'rubocop-rspec', '1.44.1'
-  gem 'rspec-parameterized', '0.4.2', require: false
+  gem 'rubocop', '1.36.0'
+  gem 'rubocop-rspec', '2.12.1'
+  gem 'rspec-parameterized', '0.5.2', require: false
 end

data/gitlab-styles.gemspec

@@ -22,15 +22,15 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rubocop', '~> 0.91', '>= 0.91.1'
+  spec.add_dependency 'rubocop', '~> 1.36.0'
   spec.add_dependency 'rubocop-gitlab-security', '~> 0.1.1'
-  spec.add_dependency 'rubocop-graphql', '~> 0.10'
-  spec.add_dependency 'rubocop-performance', '~> 1.9.2'
-  spec.add_dependency 'rubocop-rails', '~> 2.9'
-  spec.add_dependency 'rubocop-rspec', '~> 1.44'
+  spec.add_dependency 'rubocop-graphql', '~> 0.14'
+  spec.add_dependency 'rubocop-performance', '~> 1.14'
+  spec.add_dependency 'rubocop-rails', '~> 2.15'
+  spec.add_dependency 'rubocop-rspec', '~> 2.12'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
-  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.6.1'
+  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

data/lib/gitlab/styles/common/banned_constants.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Common
+      module BannedConstants
+        attr_reader :replacements, :message_template, :autocorrect
+
+        def on_const(node)
+          constant = node.source.delete_prefix('::')
+
+          return unless replacements.key?(constant)
+
+          replacement = replacements.fetch(constant)
+          message = format(message_template, { replacement: replacement })
+
+          add_offense(node, message: message) do |corrector|
+            next unless autocorrect
+
+            replacement = "::#{replacement}" if node.source.start_with?("::")
+
+            corrector.replace(node, replacement)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/model_helpers.rb

@@ -3,7 +3,7 @@
 module Gitlab
   module Styles
     module Rubocop
-      module ModelHelpers
+      module Gitlab::Styles::Rubocop::ModelHelpers
         # Returns true if the given node originated from the models directory.
         def in_model?(node)
           path = node.location.expression.source_buffer.name

data/lib/gitlab/styles/rubocop.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-# Auto-require all cops under `gitlab/styles/rubocop/cop/**/*.rb`
-cops_glob = File.join(__dir__, 'rubocop', 'cop', '**', '*.rb')
+# Auto-require all cops under `rubocop/cop/**/*.rb`
+cops_glob = File.join(__dir__, '..', '..', 'rubocop', 'cop', '**', '*.rb')
 Dir[cops_glob].sort.each { |cop| require(cop) }
 
 module Gitlab

data/lib/gitlab/styles/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Styles
-    VERSION = '7.0.0'
+    VERSION = '9.0.0'
   end
 end

data/lib/rubocop/cop/active_record_dependent.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `dependent: ...` in ActiveRecord models.
+    class ActiveRecordDependent < RuboCop::Cop::Base
+      include Gitlab::Styles::Rubocop::ModelHelpers
+
+      MSG = 'Do not use `dependent:` to remove associated data, ' \
+            'use foreign keys with cascading deletes instead.'
+
+      METHOD_NAMES = [:has_many, :has_one, :belongs_to].freeze
+      ALLOWED_OPTIONS = [:restrict_with_error].freeze
+
+      def on_send(node)
+        return unless in_model?(node)
+        return unless METHOD_NAMES.include?(node.children[1])
+
+        node.children.last.each_node(:pair) do |pair|
+          key_name = pair.children[0].children[0]
+          option_name = pair.children[1].children[0]
+
+          break if ALLOWED_OPTIONS.include?(option_name)
+
+          add_offense(pair) if key_name == :dependent
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/active_record_serialize.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `serialize` in ActiveRecord models.
+    class ActiveRecordSerialize < RuboCop::Cop::Base
+      include Gitlab::Styles::Rubocop::ModelHelpers
+
+      MSG = 'Do not store serialized data in the database, use separate columns and/or tables instead'
+
+      def on_send(node)
+        return unless in_model?(node)
+
+        add_offense(node.loc.selector) if node.children[1] == :serialize
+      end
+    end
+  end
+end

data/lib/rubocop/cop/avoid_return_from_blocks.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # Checks for return inside blocks.
+    # For more information see: https://gitlab.com/gitlab-org/gitlab-foss/issues/42889
+    #
+    # @example
+    #   # bad
+    #   call do
+    #     return if something
+    #
+    #     do_something_else
+    #   end
+    #
+    #   # good
+    #   call do
+    #     break if something
+    #
+    #     do_something_else
+    #   end
+    #
+    class AvoidReturnFromBlocks < RuboCop::Cop::Base
+      MSG = 'Do not return from a block, use next or break instead.'
+      DEF_METHODS = %i[define_method lambda].freeze
+      WHITELISTED_METHODS = %i[each each_filename times loop].freeze
+
+      def on_block(node)
+        block_body = node.body
+
+        return unless block_body
+        return unless top_block?(node)
+
+        block_body.each_node(:return) do |return_node|
+          next if parent_blocks(node, return_node).all? { |block| whitelisted?(block) }
+
+          add_offense(return_node)
+        end
+      end
+
+      alias_method :on_numblock, :on_block
+
+      private
+
+      def top_block?(node)
+        current_node = node
+        top_block = nil
+
+        while current_node && current_node.type != :def
+          top_block = current_node if current_node.block_type?
+          current_node = current_node.parent
+        end
+
+        top_block == node
+      end
+
+      def parent_blocks(node, current_node)
+        blocks = []
+
+        until node == current_node || def?(current_node)
+          blocks << current_node if current_node.block_type?
+          current_node = current_node.parent
+        end
+
+        blocks << node if node == current_node && !def?(node)
+        blocks
+      end
+
+      def def?(node)
+        node.def_type? || node.defs_type? ||
+          (node.block_type? && DEF_METHODS.include?(node.method_name))
+      end
+
+      def whitelisted?(block_node)
+        WHITELISTED_METHODS.include?(block_node.method_name)
+      end
+    end
+  end
+end

data/lib/rubocop/cop/code_reuse/active_record.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    module CodeReuse
+      # Cop that denies the use of ActiveRecord methods outside of models.
+      class ActiveRecord < RuboCop::Cop::Base
+        MSG = 'This method can only be used inside an ActiveRecord model: ' \
+              'https://gitlab.com/gitlab-org/gitlab-foss/issues/49653'
+
+        # Various methods from ActiveRecord::Querying that are denied. We
+        # exclude some generic ones such as `any?` and `first`, as these may
+        # lead to too many false positives, since `Array` also supports these
+        # methods.
+        #
+        # The keys of this Hash are the denied method names. The values are
+        # booleans that indicate if the method should only be denied if any
+        # arguments are provided.
+        NOT_ALLOWED = {
+          average: true,
+          calculate: true,
+          count_by_sql: true,
+          create_with: true,
+          distinct: false,
+          eager_load: true,
+          exists?: true,
+          find_by: true,
+          find_by!: true,
+          find_by_sql: true,
+          find_each: true,
+          find_in_batches: true,
+          find_or_create_by: true,
+          find_or_create_by!: true,
+          find_or_initialize_by: true,
+          first!: false,
+          first_or_create: true,
+          first_or_create!: true,
+          first_or_initialize: true,
+          from: true,
+          group: true,
+          having: true,
+          ids: false,
+          includes: true,
+          joins: true,
+          lock: false,
+          many?: false,
+          offset: true,
+          order: true,
+          pluck: true,
+          preload: true,
+          readonly: false,
+          references: true,
+          reorder: true,
+          rewhere: true,
+          take: false,
+          take!: false,
+          unscope: false,
+          where: false,
+          with: true
+        }.freeze
+
+        def on_send(node)
+          receiver = node.children[0]
+          send_name = node.children[1]
+          first_arg = node.children[2]
+
+          return unless receiver && NOT_ALLOWED.key?(send_name)
+
+          # If the rule requires an argument to be given, but none are
+          # provided, we won't register an offense. This prevents us from
+          # adding offenses for `project.group`, while still covering
+          # `Project.group(:name)`.
+          return if NOT_ALLOWED[send_name] && !first_arg
+
+          add_offense(node.loc.selector)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/custom_error_class.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # Makes sure that custom error classes, when empty, are declared
+    # with Class.new.
+    #
+    # @example
+    #   # bad
+    #   class FooError < StandardError
+    #   end
+    #
+    #   # okish
+    #   class FooError < StandardError; end
+    #
+    #   # good
+    #   FooError = Class.new(StandardError)
+    class CustomErrorClass < RuboCop::Cop::Base
+      extend RuboCop::Cop::AutoCorrector
+
+      MSG = 'Use `Class.new(SuperClass)` to define an empty custom error class.'
+
+      def on_class(node)
+        parent = node.parent_class
+        body = node.body
+
+        return if body
+
+        parent_klass = class_name_from_node(parent)
+
+        return unless parent_klass&.to_s&.end_with?('Error')
+
+        add_offense(node) do |corrector|
+          klass = node.identifier
+          parent = node.parent_class
+
+          replacement = "#{class_name_from_node(klass)} = Class.new(#{class_name_from_node(parent)})"
+
+          corrector.replace(node.source_range, replacement)
+        end
+      end
+
+      private
+
+      # The nested constant `Foo::Bar::Baz` looks like:
+      #
+      #   s(:const,
+      #     s(:const,
+      #       s(:const, nil, :Foo), :Bar), :Baz)
+      #
+      # So recurse through that to get the name as written in the source.
+      #
+      def class_name_from_node(node, suffix = nil)
+        return unless node&.type == :const
+
+        name = node.children[1].to_s
+        name = "#{name}::#{suffix}" if suffix
+
+        if node.children[0]
+          class_name_from_node(node.children[0], name)
+        else
+          name
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/md5.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class MD5 < RuboCop::Cop::Base
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'MD5 is not FIPS-compliant. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'OpenSSL::Digest::MD5' => 'OpenSSL::Digest::SHA256',
+          'Digest::MD5' => 'OpenSSL::Digest::SHA256'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = false
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/open_ssl.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class OpenSSL < RuboCop::Cop::Base
+        extend RuboCop::Cop::AutoCorrector
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'Usage of this class is not FIPS-compliant. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'Digest::SHA1' => 'OpenSSL::Digest::SHA1',
+          'Digest::SHA2' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA256' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA384' => 'OpenSSL::Digest::SHA384',
+          'Digest::SHA512' => 'OpenSSL::Digest::SHA512'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = true
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/fips/sha1.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../../../gitlab/styles/common/banned_constants'
+
+module Rubocop
+  module Cop
+    module Fips
+      class SHA1 < RuboCop::Cop::Base
+        include Gitlab::Styles::Common::BannedConstants
+
+        MESSAGE_TEMPLATE = 'SHA1 is likely to become non-compliant in the near future. Use %{replacement} instead.'
+
+        REPLACEMENTS = {
+          'OpenSSL::Digest::SHA1' => 'OpenSSL::Digest::SHA256',
+          'Digest::SHA1' => 'OpenSSL::Digest::SHA256'
+        }.freeze
+
+        def initialize(config = nil, options = nil)
+          @message_template = MESSAGE_TEMPLATE
+          @replacements = REPLACEMENTS
+          @autocorrect = false
+          super(config, options)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/gem_fetcher.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    # Prevents usage of the `git` and `github` arguments to `gem` in a
+    # `Gemfile` in order to avoid additional points of failure beyond
+    # rubygems.org.
+    class GemFetcher < RuboCop::Cop::Base
+      MSG = 'Do not use gems from git repositories, only use gems from RubyGems.'
+
+      GIT_KEYS = [:git, :github].freeze
+
+      def on_send(node)
+        return unless gemfile?(node)
+
+        func_name = node.children[1]
+        return unless func_name == :gem
+
+        node.children.last.each_node(:pair) do |pair|
+          key_name = pair.children[0].children[0].to_sym
+          add_offense(pair.source_range) if GIT_KEYS.include?(key_name)
+        end
+      end
+
+      private
+
+      def gemfile?(node)
+        node
+          .location
+          .expression
+          .source_buffer
+          .name
+          .end_with?("Gemfile")
+      end
+    end
+  end
+end

data/lib/rubocop/cop/in_batches.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative '../../gitlab/styles/rubocop/model_helpers'
+
+module Rubocop
+  module Cop
+    # Cop that prevents the use of `in_batches`
+    class InBatches < RuboCop::Cop::Base
+      MSG = 'Do not use `in_batches`, use `each_batch` from the EachBatch module instead'
+
+      def on_send(node)
+        return unless node.children[1] == :in_batches
+
+        add_offense(node.loc.selector)
+      end
+    end
+  end
+end

data/lib/rubocop/cop/internal_affairs/deprecate_cop_helper.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Rubocop
+  module Cop
+    module InternalAffairs
+      # Cop that denies the use of CopHelper.
+      class DeprecateCopHelper < RuboCop::Cop::Base
+        MSG = 'Do not use `CopHelper` or methods from it, use improved patterns described in https://www.rubydoc.info/gems/rubocop/RuboCop/RSpec/ExpectOffense'
+
+        # @!method cop_helper(node)
+        def_node_matcher :cop_helper, <<~PATTERN
+          (send nil? ${:include :extend :prepend}
+            (const _ {:CopHelper}))
+        PATTERN
+
+        # @!method cop_helper_method(node)
+        def_node_search :cop_helper_method, <<~PATTERN
+          (send nil? {:inspect_source :inspect_source_file :parse_source :autocorrect_source_file :autocorrect_source :_investigate} ...)
+        PATTERN
+
+        # @!method cop_helper_method_on_instance(node)
+        def_node_search :cop_helper_method_on_instance, <<~PATTERN
+          (send (send nil? _) {:messages :highlights :offenses} ...)
+        PATTERN
+
+        def on_send(node)
+          cop_helper(node) do
+            add_offense(node)
+          end
+
+          cop_helper_method(node) do
+            add_offense(node)
+          end
+
+          cop_helper_method_on_instance(node) do
+            add_offense(node)
+          end
+        end
+      end
+    end
+  end
+end