gitlab-styles 9.1.0 → 10.0.0

data/lib/rubocop/cop/gitlab_security/system_command_injection.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GitlabSecurity
+      # Check for use of system("/bin/ls #{params[:file]}")
+      #
+      # Passing user input to system() without sanitization and parameterization can result in command injection
+      #
+      # @example
+      #
+      #   # bad
+      #   system("/bin/ls #{filename}")
+      #
+      #   # good (parameters)
+      #   system("/bin/ls", filename)
+      #   # even better
+      #   exec("/bin/ls", shell_escape(filename))
+      #
+      class SystemCommandInjection < RuboCop::Cop::Base
+        MSG = 'Do not include variables in the command name for system(). ' \
+              'Use parameters "system(cmd, params)" or exec() instead.'
+
+        # @!method system_var?(node)
+        def_node_matcher :system_var?, <<-PATTERN
+          (dstr (str ...) (begin ...) ...)
+        PATTERN
+
+        def on_send(node)
+          return unless node.command?(:system)
+          return unless node.arguments.any? { |e| system_var?(e) }
+
+          add_offense(node.loc.selector)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/in_batches.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     # Cop that prevents the use of `in_batches`

data/lib/rubocop/cop/line_break_after_guard_clauses.rb

@@ -56,6 +56,8 @@ module Rubocop
     #
     #   do_something_more
     class LineBreakAfterGuardClauses < RuboCop::Cop::Base
+      extend RuboCop::Cop::AutoCorrector
+
       MSG = 'Add a line break after guard clauses'
 
       # @!method guard_clause_node?(node)
@@ -68,11 +70,7 @@ module Rubocop
         return unless guard_clause?(node)
         return if next_line(node).blank? || clause_last_line?(next_line(node)) || guard_clause?(next_sibling(node))
 
-        add_offense(node)
-      end
-
-      def autocorrect(node)
-        lambda do |corrector|
+        add_offense(node) do |corrector|
           corrector.insert_after(node.loc.expression, "\n")
         end
       end

data/lib/rubocop/cop/line_break_around_conditional_block.rb

@@ -70,6 +70,7 @@ module Rubocop
       def previous_line_valid?(node)
         previous_line(node).empty? ||
           start_clause_line?(previous_line(node)) ||
+          method_def_end?(node.parent, previous_line(node)) ||
           block_start?(previous_line(node)) ||
           begin_line?(previous_line(node)) ||
           assignment_line?(previous_line(node)) ||
@@ -94,6 +95,10 @@ module Rubocop
         line =~ /^\s*(def|=end|#|module|class|if|unless|else|elsif|ensure|when)/
       end
 
+      def method_def_end?(node, line)
+        node.def_type? && /\)\s*(#.*)?$/.match?(line)
+      end
+
       def end_clause_line?(line)
         line =~ /^\s*(#|rescue|else|elsif|when)/
       end

data/lib/rubocop/cop/migration/update_large_table.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative '../../../gitlab/styles/rubocop/migration_helpers'
 
 module Rubocop

data/lib/rubocop/cop/polymorphic_associations.rb

@@ -1,17 +1,12 @@
 # frozen_string_literal: true
 
-require_relative '../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     # Cop that prevents the use of polymorphic associations
     class PolymorphicAssociations < RuboCop::Cop::Base
-      include Gitlab::Styles::Rubocop::ModelHelpers
-
       MSG = 'Do not use polymorphic associations, use separate tables instead'
 
       def on_send(node)
-        return unless in_model?(node)
         return unless node.children[1] == :belongs_to
 
         node.children.last.each_node(:pair) do |pair|

data/lib/rubocop/cop/rails/include_url_helper.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     module Rails

data/lib/rubocop/cop/redirect_with_status.rb

@@ -2,44 +2,58 @@
 
 module Rubocop
   module Cop
-    # Prevents usage of 'redirect_to' in actions 'destroy' without specifying 'status'.
+    # Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
+    # without specifying 'status'.
+    #
+    # @example
+    #   # bad
+    #
+    #   def destroy
+    #     redirect_to root_path
+    #   end
+    #
+    #   def destroy_all
+    #     redirect_to root_path, alert: 'Oh no!'
+    #   end
+    #
+    #   # good
+    #
+    #   def destroy
+    #     redirect_to root_path, status: 302
+    #   end
+    #
+    #   def destroy_all
+    #     redirect_to root_path, alert: 'Oh no!', status: 302
+    #   end
+    #
+    #   def show
+    #     redirect_to root_path
+    #   end
+    #
     # See https://gitlab.com/gitlab-org/gitlab-ce/issues/31840
     class RedirectWithStatus < RuboCop::Cop::Base
-      MSG = 'Do not use "redirect_to" without "status" in "destroy" action'
+      MSG = 'Do not use "redirect_to" without "status" in "%<name>s" action.'
 
-      def on_def(node)
-        return unless in_controller?(node)
-        return unless destroy?(node) || destroy_all?(node)
+      RESTRICT_ON_SEND = %i[redirect_to].freeze
 
-        node.each_descendant(:send) do |def_node|
-          next unless redirect_to?(def_node)
+      ACTIONS = %i[destroy destroy_all].to_set.freeze
 
-          methods = []
+      # @!method redirect_to_with_status?(node)
+      def_node_matcher :redirect_to_with_status?, <<~PATTERN
+        (send nil? :redirect_to ...
+          (hash <(pair (sym :status) _) ...>)
+        )
+      PATTERN
 
-          def_node.children.last.each_node(:pair) do |pair|
-            methods << pair.children.first.children.first
-          end
+      def on_send(node)
+        return if redirect_to_with_status?(node)
 
-          add_offense(def_node.loc.selector) unless methods.include?(:status)
-        end
-      end
-
-      private
-
-      def in_controller?(node)
-        node.location.expression.source_buffer.name.end_with?('_controller.rb')
-      end
+        node.each_ancestor(:def) do |def_node|
+          next unless ACTIONS.include?(def_node.method_name)
 
-      def destroy?(node)
-        node.children.first == :destroy
-      end
-
-      def destroy_all?(node)
-        node.children.first == :destroy_all
-      end
-
-      def redirect_to?(node)
-        node.children[1] == :redirect_to
+          message = format(MSG, name: def_node.method_name)
+          add_offense(node.loc.selector, message: message)
+        end
       end
     end
   end

data/lib/rubocop/cop/rspec/empty_line_after_shared_example.rb

@@ -45,7 +45,7 @@ module Rubocop
 
         # @!method shared_examples(node)
         def_node_matcher :shared_examples,
-                         block_pattern('{#SharedGroups.all #Includes.all}')
+          block_pattern('{#SharedGroups.all #Includes.all}')
 
         def on_block(node)
           shared_examples(node) do

data/rubocop-bundler.yml

@@ -1,4 +1,14 @@
 ---
+require:
+  - ./lib/rubocop/cop/gem_fetcher
+
 # Gems in consecutive lines should be alphabetically sorted
 Bundler/OrderedGems:
   Enabled: false
+
+Cop/GemFetcher:
+  Enabled: true
+  Include:
+    - '**/*.gemfile'
+    - '**/Gemfile'
+    - '**/gems.rb'

data/rubocop-capybara.yml

@@ -0,0 +1,8 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+# Checks if there is a more specific finder offered by Capybara.
+# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
+Capybara/SpecificFinders:
+  Enabled: false

data/rubocop-default.yml

@@ -1,6 +1,5 @@
 ---
 require:
-  - rubocop-gitlab-security
   - rubocop-performance
   - rubocop-rspec
   - rubocop-rails
@@ -10,6 +9,7 @@ require:
 inherit_from:
   - rubocop-all.yml
   - rubocop-bundler.yml
+  - rubocop-capybara.yml
   - rubocop-fips.yml
   - rubocop-gemspec.yml
   - rubocop-graphql.yml

data/rubocop-layout.yml

@@ -3,9 +3,15 @@
 Layout/AccessModifierIndentation:
   Enabled: true
 
+# Check if the arguments on a multi-line method definition are aligned.
+Layout/ArgumentAlignment:
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: with_fixed_indentation
+
 # Align the elements of an array literal if they span more than one line.
 Layout/ArrayAlignment:
-  Enabled: true
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: with_fixed_indentation
 
 # Checks the indentation of the first line of the right-hand-side of a
 # multi-line assignment.
@@ -48,9 +54,9 @@ Layout/DotPosition:
 Layout/ElseAlignment:
   Enabled: true
 
-# Add an empty line after magic comments to separate them from code.
+# Checks for a newline after the final magic comment.
 Layout/EmptyLineAfterMagicComment:
-  Enabled: false
+  Enabled: true
 
 # Use empty lines between defs.
 Layout/EmptyLineBetweenDefs:
@@ -102,6 +108,23 @@ Layout/EndOfLine:
 Layout/ExtraSpacing:
   Enabled: true
 
+# Checks the indentation of the first argument in a method call.
+Layout/FirstArgumentIndentation:
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: consistent
+
+# Checks the indentation of the first element in an array literal where the
+# opening bracket and the first element are on separate lines.
+Layout/FirstArrayElementIndentation:
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: consistent
+
+# Checks the indentation of the first key in a hash literal where the opening
+# brace and the first key are on separate lines.
+Layout/FirstHashElementIndentation:
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: consistent
+
 # Checks for a line break before the first parameter in a multi-line method
 # parameter definition.
 Layout/FirstMethodParameterLineBreak:
@@ -137,6 +160,17 @@ Layout/LineLength:
   Max: 120
   AllowedPatterns: ['\s#\srubocop']
 
+# Checks that strings broken over multiple lines (by a backslash) contain
+# trailing spaces instead of leading spaces (default) or leading spaces instead
+# of trailing spaces.
+Layout/LineContinuationLeadingSpace:
+  Enabled: true
+
+# Checks that the backslash of a line continuation is separated from preceding
+# text by exactly one space (default) or zero spaces.
+Layout/LineContinuationSpacing:
+  Enabled: true
+
 # Checks that the closing brace in an array literal is either on the same line
 # as the last array element, or a new line.
 Layout/MultilineArrayBraceLayout:
@@ -147,6 +181,11 @@ Layout/MultilineArrayBraceLayout:
 Layout/MultilineBlockLayout:
   Enabled: true
 
+# Checks the indentation of the next line after a line that ends with a string
+# literal and a backslash.
+Layout/LineEndStringConcatenationIndentation:
+  Enabled: true
+
 # Checks that the closing brace in a hash literal is either on the same line as
 # the last hash element, or a new line.
 Layout/MultilineHashBraceLayout:
@@ -177,7 +216,8 @@ Layout/MultilineOperationIndentation:
 # Here we check if the parameters on a multi-line method call or
 # definition are aligned.
 Layout/ParameterAlignment:
-  Enabled: false
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/42
+  EnforcedStyle: with_fixed_indentation
 
 # Use spaces after colons.
 Layout/SpaceAfterColon:
@@ -223,6 +263,10 @@ Layout/SpaceAroundOperators:
 Layout/SpaceBeforeBlockBraces:
   Enabled: true
 
+# Checks for space between the name of a receiver and a left brackets.
+Layout/SpaceBeforeBrackets:
+  Enabled: true
+
 # No spaces before commas.
 Layout/SpaceBeforeComma:
   Enabled: true

data/rubocop-lint.yml

@@ -1,4 +1,8 @@
 ---
+# Checks for mistyped shorthand assignments.
+Lint/AmbiguousAssignment:
+  Enabled: true
+
 # Checks for ambiguous block association with method when param passed without
 # parentheses.
 Lint/AmbiguousBlockAssociation:
@@ -9,10 +13,19 @@ Lint/AmbiguousBlockAssociation:
 Lint/AmbiguousOperator:
   Enabled: true
 
+# Looks for expressions containing multiple binary operators where precedence
+# is ambiguous due to lack of parentheses.
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: true
+
+# Checks for ambiguous ranges.
+Lint/AmbiguousRange:
+  Enabled: true
+
 # This cop checks for ambiguous regexp literals in the first argument of
 # a method invocation without parentheses.
 Lint/AmbiguousRegexpLiteral:
-  Enabled: false
+  Enabled: true
 
 # This cop checks for assignments in the conditions of
 # if/while/until.
@@ -31,6 +44,10 @@ Lint/CircularArgumentReference:
 Lint/ConstantDefinitionInBlock: # (new in 0.91)
   Enabled: true
 
+# Checks for overwriting an exception with an exception result by use rescue =>.
+Lint/ConstantOverwrittenInRescue:
+  Enabled: true
+
 # Check for debugger calls.
 Lint/Debugger:
   Enabled: true
@@ -39,17 +56,36 @@ Lint/Debugger:
 Lint/DeprecatedClassMethods:
   Enabled: true
 
+# Checks for deprecated constants.
+Lint/DeprecatedConstants:
+  Enabled: true
+
 # Algorithmic constants for OpenSSL::Cipher and OpenSSL::Digest deprecated since OpenSSL version 2.2.0.
 # Prefer passing a string instead.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintdeprecatedopensslconstant
 Lint/DeprecatedOpenSSLConstant:
   Enabled: true
 
+# Checks that there are no repeated bodies within if/unless, case-when, case-in
+# and rescue constructs.
+Lint/DuplicateBranch:
+  Enabled: true
+  IgnoreLiteralBranches: true
+  IgnoreConstantBranches: true
+
 # Checks that there are no repeated conditions used in if 'elsif'.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintduplicateelsifcondition
 Lint/DuplicateElsifCondition:
   Enabled: true
 
+# Checks for duplicated magic comments.
+Lint/DuplicateMagicComment:
+  Enabled: true
+
+# Checks for duplicate elements in Regexp character classes.
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: true
+
 Lint/DuplicateRequire: # (new in 0.90)
   Enabled: true
 
@@ -66,6 +102,17 @@ Lint/EachWithObjectArgument:
 Lint/ElseLayout:
   Enabled: true
 
+# Checks for blocks without a body. Such empty blocks are typically an
+# oversight or we should provide a comment be clearer what we’re aiming for.
+Lint/EmptyBlock:
+  Enabled: true
+
+# Checks for classes and metaclasses without a body. Such empty classes and
+# metaclasses are typically an oversight or we should provide a comment to be
+# clearer what we’re aiming for.
+Lint/EmptyClass:
+  Enabled: true
+
 # Checks for the presence of if, elsif and unless branches without a body.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintemptyconditionalbody
 Lint/EmptyConditionalBody:
@@ -78,6 +125,10 @@ Lint/EmptyEnsure:
 Lint/EmptyFile: # (new in 0.90)
   Enabled: true
 
+# Checks for the presence of in pattern branches without a body.
+Lint/EmptyInPattern:
+  Enabled: true
+
 # Checks for the presence of `when` branches without a body.
 Lint/EmptyWhen:
   Enabled: true
@@ -111,11 +162,21 @@ Lint/IdentityComparison: # (new in 0.91)
 Lint/ImplicitStringConcatenation:
   Enabled: true
 
+# This cop checks for IO.select that is incompatible with Fiber Scheduler since
+# Ruby 3.0.
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: true
+
 # Checks for attempts to use `private` or `protected` to set the visibility
 # of a class method, which does not work.
 Lint/IneffectiveAccessModifier:
   Enabled: false
 
+# Checks uses of lambda without a literal block. It emulates the following
+# warning in Ruby 3.0:
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
 # Checks of literals used in conditions.
 Lint/LiteralAsCondition:
   Enabled: true
@@ -147,11 +208,30 @@ Lint/NestedMethodDefinition:
 Lint/NextWithoutAccumulator:
   Enabled: true
 
+# Checks for non-atomic file operation. And then replace it with a nearly
+# equivalent and atomic method.
+Lint/NonAtomicFileOperation:
+  Enabled: true
+
+# Checks for the presence of a return inside a begin..end block in assignment
+# contexts.
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+# Checks for uses of numbered parameter assignment.
+# Reason: Ruby >= 3.0 causes an error so no need to enable it.
+Lint/NumberedParameterAssignment:
+  Enabled: false
+
 # Looks for references of Regexp captures that are out of range and thus always returns nil.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintoutofrangeregexpref
 Lint/OutOfRangeRegexpRef:
   Enabled: true
 
+# Checks for unintended or-assignment to a constant.
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
 # Checks for method calls with a space before the opening parenthesis.
 Lint/ParenthesesAsGroupedExpression:
   Enabled: true
@@ -165,6 +245,11 @@ Lint/RaiseException:
 Lint/RandOne:
   Enabled: true
 
+# This cop checks for redundant sort method to Dir.glob and Dir[]. Sort globbed
+# results by default in Ruby 3.0.
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
 # This cop checks for unneeded usages of splat expansion
 Lint/RedundantSplatExpansion:
   Enabled: false
@@ -173,10 +258,23 @@ Lint/RedundantSplatExpansion:
 Lint/RedundantStringCoercion:
   Enabled: true
 
+# Checks if include or prepend is called in refine block.
+Lint/RefinementImportMethods:
+  Enabled: true
+
 # Use parentheses in the method call to avoid confusion about precedence.
 Lint/RequireParentheses:
   Enabled: true
 
+# Checks that a range literal is enclosed in parentheses when the end of the
+# range is at a line break.
+Lint/RequireRangeParentheses:
+  Enabled: true
+
+# Checks for uses a file requiring itself with require_relative.
+Lint/RequireRelativeSelfPath:
+  Enabled: true
+
 # Avoid rescuing the Exception class.
 Lint/RescueException:
   Enabled: true
@@ -207,6 +305,17 @@ Lint/StructNewOverride:
 Lint/SuppressedException:
   Enabled: false
 
+# Checks for uses of literal strings converted to a symbol where a literal
+# symbol could be used instead.
+Lint/SymbolConversion:
+  Enabled: true
+  EnforcedStyle: strict
+
+# Ensures that to_enum/enum_for, called for the current method, has correct
+# arguments.
+Lint/ToEnumArguments:
+  Enabled: true
+
 # Checks for top level return with arguments.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#linttoplevelreturnwithargument
 Lint/TopLevelReturnWithArgument:
@@ -215,10 +324,25 @@ Lint/TopLevelReturnWithArgument:
 Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
   Enabled: true
 
+# Checks for "triple quotes" (strings delimited by any odd number of quotes
+# greater than 1).
+Lint/TripleQuotes:
+  Enabled: true
+
 # Do not use prefix `_` for a variable that is used.
 Lint/UnderscorePrefixedVariableName:
   Enabled: true
 
+# Checks for a block that is known to need more positional block arguments than
+# are given.
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+# Looks for reduce or inject blocks where the value returned (implicitly or
+# explicitly) does not include the accumulator.
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
 # This cop checks for using Fixnum or Bignum constant
 Lint/UnifiedInteger:
   Enabled: true
@@ -234,11 +358,11 @@ Lint/UnreachableLoop:
 
 # This cop checks for unused block arguments.
 Lint/UnusedBlockArgument:
-  Enabled: false
+  Enabled: true
 
 # This cop checks for unused method arguments.
 Lint/UnusedMethodArgument:
-  Enabled: false
+  Enabled: true
 
 # Checks for useless access modifiers.
 Lint/UselessAccessModifier:
@@ -263,6 +387,10 @@ Lint/UselessSetterCall:
 Lint/UselessTimes: # (new in 0.91)
   Enabled: true
 
+# Looks for ruby2_keywords calls for methods that do not need it.
+Lint/UselessRuby2Keywords:
+  Enabled: true
+
 # Possible use of operator/literal/variable in void context.
 Lint/Void:
   Enabled: true

data/rubocop-naming.yml

@@ -27,6 +27,11 @@ Naming/FileName:
 Naming/MemoizedInstanceVariableName:
   Enabled: false
 
+# Recommends the use of inclusive language instead of problematic terms.
+Naming/InclusiveLanguage:
+  Enabled: true
+  CheckStrings: true
+
 # Use the configured style when naming methods.
 Naming/MethodName:
   Enabled: true