gitlab-styles 9.2.0 → 10.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitlab-ci.yml +14 -2
- data/.rubocop.yml +2 -1
- data/.rubocop_todo.yml +12 -0
- data/.tests_mapping.yml +10 -0
- data/Gemfile +9 -4
- data/gitlab-styles.gemspec +7 -7
- data/lefthook.yml +11 -3
- data/lib/gitlab/styles/version.rb +1 -1
- data/lib/rubocop/cop/active_record_dependent.rb +0 -5
- data/lib/rubocop/cop/active_record_serialize.rb +0 -6
- data/lib/rubocop/cop/avoid_return_from_blocks.rb +4 -4
- data/lib/rubocop/cop/gem_fetcher.rb +1 -1
- data/lib/rubocop/cop/gitlab_security/deep_munge.rb +36 -0
- data/lib/rubocop/cop/gitlab_security/json_serialization.rb +133 -0
- data/lib/rubocop/cop/gitlab_security/public_send.rb +47 -0
- data/lib/rubocop/cop/gitlab_security/redirect_to_params_update.rb +38 -0
- data/lib/rubocop/cop/gitlab_security/send_file_params.rb +40 -0
- data/lib/rubocop/cop/gitlab_security/sql_injection.rb +41 -0
- data/lib/rubocop/cop/gitlab_security/system_command_injection.rb +38 -0
- data/lib/rubocop/cop/in_batches.rb +0 -2
- data/lib/rubocop/cop/line_break_after_guard_clauses.rb +3 -5
- data/lib/rubocop/cop/migration/update_large_table.rb +1 -0
- data/lib/rubocop/cop/polymorphic_associations.rb +0 -5
- data/lib/rubocop/cop/rails/include_url_helper.rb +0 -2
- data/lib/rubocop/cop/redirect_with_status.rb +44 -30
- data/rubocop-capybara.yml +8 -0
- data/rubocop-default.yml +1 -1
- data/rubocop-layout.yml +2 -2
- data/rubocop-lint.yml +130 -2
- data/rubocop-naming.yml +5 -0
- data/rubocop-rails.yml +25 -0
- data/rubocop-rspec.yml +0 -5
- data/rubocop-security.yml +19 -1
- data/rubocop-style.yml +18 -3
- metadata +38 -29
- data/lib/gitlab/styles/rubocop/model_helpers.rb +0 -19
@@ -2,44 +2,58 @@
|
|
2
2
|
|
3
3
|
module Rubocop
|
4
4
|
module Cop
|
5
|
-
# Prevents usage of 'redirect_to' in actions 'destroy'
|
5
|
+
# Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
|
6
|
+
# without specifying 'status'.
|
7
|
+
#
|
8
|
+
# @example
|
9
|
+
# # bad
|
10
|
+
#
|
11
|
+
# def destroy
|
12
|
+
# redirect_to root_path
|
13
|
+
# end
|
14
|
+
#
|
15
|
+
# def destroy_all
|
16
|
+
# redirect_to root_path, alert: 'Oh no!'
|
17
|
+
# end
|
18
|
+
#
|
19
|
+
# # good
|
20
|
+
#
|
21
|
+
# def destroy
|
22
|
+
# redirect_to root_path, status: 302
|
23
|
+
# end
|
24
|
+
#
|
25
|
+
# def destroy_all
|
26
|
+
# redirect_to root_path, alert: 'Oh no!', status: 302
|
27
|
+
# end
|
28
|
+
#
|
29
|
+
# def show
|
30
|
+
# redirect_to root_path
|
31
|
+
# end
|
32
|
+
#
|
6
33
|
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/31840
|
7
34
|
class RedirectWithStatus < RuboCop::Cop::Base
|
8
|
-
MSG = 'Do not use "redirect_to" without "status" in "
|
35
|
+
MSG = 'Do not use "redirect_to" without "status" in "%<name>s" action.'
|
9
36
|
|
10
|
-
|
11
|
-
return unless in_controller?(node)
|
12
|
-
return unless destroy?(node) || destroy_all?(node)
|
37
|
+
RESTRICT_ON_SEND = %i[redirect_to].freeze
|
13
38
|
|
14
|
-
|
15
|
-
next unless redirect_to?(def_node)
|
39
|
+
ACTIONS = %i[destroy destroy_all].to_set.freeze
|
16
40
|
|
17
|
-
|
41
|
+
# @!method redirect_to_with_status?(node)
|
42
|
+
def_node_matcher :redirect_to_with_status?, <<~PATTERN
|
43
|
+
(send nil? :redirect_to ...
|
44
|
+
(hash <(pair (sym :status) _) ...>)
|
45
|
+
)
|
46
|
+
PATTERN
|
18
47
|
|
19
|
-
|
20
|
-
|
21
|
-
end
|
48
|
+
def on_send(node)
|
49
|
+
return if redirect_to_with_status?(node)
|
22
50
|
|
23
|
-
|
24
|
-
|
25
|
-
end
|
26
|
-
|
27
|
-
private
|
28
|
-
|
29
|
-
def in_controller?(node)
|
30
|
-
node.location.expression.source_buffer.name.end_with?('_controller.rb')
|
31
|
-
end
|
51
|
+
node.each_ancestor(:def) do |def_node|
|
52
|
+
next unless ACTIONS.include?(def_node.method_name)
|
32
53
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
def destroy_all?(node)
|
38
|
-
node.children.first == :destroy_all
|
39
|
-
end
|
40
|
-
|
41
|
-
def redirect_to?(node)
|
42
|
-
node.children[1] == :redirect_to
|
54
|
+
message = format(MSG, name: def_node.method_name)
|
55
|
+
add_offense(node.loc.selector, message: message)
|
56
|
+
end
|
43
57
|
end
|
44
58
|
end
|
45
59
|
end
|
data/rubocop-default.yml
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
---
|
2
2
|
require:
|
3
|
-
- rubocop-gitlab-security
|
4
3
|
- rubocop-performance
|
5
4
|
- rubocop-rspec
|
6
5
|
- rubocop-rails
|
@@ -10,6 +9,7 @@ require:
|
|
10
9
|
inherit_from:
|
11
10
|
- rubocop-all.yml
|
12
11
|
- rubocop-bundler.yml
|
12
|
+
- rubocop-capybara.yml
|
13
13
|
- rubocop-fips.yml
|
14
14
|
- rubocop-gemspec.yml
|
15
15
|
- rubocop-graphql.yml
|
data/rubocop-layout.yml
CHANGED
@@ -54,9 +54,9 @@ Layout/DotPosition:
|
|
54
54
|
Layout/ElseAlignment:
|
55
55
|
Enabled: true
|
56
56
|
|
57
|
-
#
|
57
|
+
# Checks for a newline after the final magic comment.
|
58
58
|
Layout/EmptyLineAfterMagicComment:
|
59
|
-
Enabled:
|
59
|
+
Enabled: true
|
60
60
|
|
61
61
|
# Use empty lines between defs.
|
62
62
|
Layout/EmptyLineBetweenDefs:
|
data/rubocop-lint.yml
CHANGED
@@ -1,4 +1,8 @@
|
|
1
1
|
---
|
2
|
+
# Checks for mistyped shorthand assignments.
|
3
|
+
Lint/AmbiguousAssignment:
|
4
|
+
Enabled: true
|
5
|
+
|
2
6
|
# Checks for ambiguous block association with method when param passed without
|
3
7
|
# parentheses.
|
4
8
|
Lint/AmbiguousBlockAssociation:
|
@@ -9,6 +13,15 @@ Lint/AmbiguousBlockAssociation:
|
|
9
13
|
Lint/AmbiguousOperator:
|
10
14
|
Enabled: true
|
11
15
|
|
16
|
+
# Looks for expressions containing multiple binary operators where precedence
|
17
|
+
# is ambiguous due to lack of parentheses.
|
18
|
+
Lint/AmbiguousOperatorPrecedence:
|
19
|
+
Enabled: true
|
20
|
+
|
21
|
+
# Checks for ambiguous ranges.
|
22
|
+
Lint/AmbiguousRange:
|
23
|
+
Enabled: true
|
24
|
+
|
12
25
|
# This cop checks for ambiguous regexp literals in the first argument of
|
13
26
|
# a method invocation without parentheses.
|
14
27
|
Lint/AmbiguousRegexpLiteral:
|
@@ -31,6 +44,10 @@ Lint/CircularArgumentReference:
|
|
31
44
|
Lint/ConstantDefinitionInBlock: # (new in 0.91)
|
32
45
|
Enabled: true
|
33
46
|
|
47
|
+
# Checks for overwriting an exception with an exception result by use rescue =>.
|
48
|
+
Lint/ConstantOverwrittenInRescue:
|
49
|
+
Enabled: true
|
50
|
+
|
34
51
|
# Check for debugger calls.
|
35
52
|
Lint/Debugger:
|
36
53
|
Enabled: true
|
@@ -39,17 +56,36 @@ Lint/Debugger:
|
|
39
56
|
Lint/DeprecatedClassMethods:
|
40
57
|
Enabled: true
|
41
58
|
|
59
|
+
# Checks for deprecated constants.
|
60
|
+
Lint/DeprecatedConstants:
|
61
|
+
Enabled: true
|
62
|
+
|
42
63
|
# Algorithmic constants for OpenSSL::Cipher and OpenSSL::Digest deprecated since OpenSSL version 2.2.0.
|
43
64
|
# Prefer passing a string instead.
|
44
65
|
# https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintdeprecatedopensslconstant
|
45
66
|
Lint/DeprecatedOpenSSLConstant:
|
46
67
|
Enabled: true
|
47
68
|
|
69
|
+
# Checks that there are no repeated bodies within if/unless, case-when, case-in
|
70
|
+
# and rescue constructs.
|
71
|
+
Lint/DuplicateBranch:
|
72
|
+
Enabled: true
|
73
|
+
IgnoreLiteralBranches: true
|
74
|
+
IgnoreConstantBranches: true
|
75
|
+
|
48
76
|
# Checks that there are no repeated conditions used in if 'elsif'.
|
49
77
|
# https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintduplicateelsifcondition
|
50
78
|
Lint/DuplicateElsifCondition:
|
51
79
|
Enabled: true
|
52
80
|
|
81
|
+
# Checks for duplicated magic comments.
|
82
|
+
Lint/DuplicateMagicComment:
|
83
|
+
Enabled: true
|
84
|
+
|
85
|
+
# Checks for duplicate elements in Regexp character classes.
|
86
|
+
Lint/DuplicateRegexpCharacterClassElement:
|
87
|
+
Enabled: true
|
88
|
+
|
53
89
|
Lint/DuplicateRequire: # (new in 0.90)
|
54
90
|
Enabled: true
|
55
91
|
|
@@ -66,6 +102,17 @@ Lint/EachWithObjectArgument:
|
|
66
102
|
Lint/ElseLayout:
|
67
103
|
Enabled: true
|
68
104
|
|
105
|
+
# Checks for blocks without a body. Such empty blocks are typically an
|
106
|
+
# oversight or we should provide a comment be clearer what we’re aiming for.
|
107
|
+
Lint/EmptyBlock:
|
108
|
+
Enabled: true
|
109
|
+
|
110
|
+
# Checks for classes and metaclasses without a body. Such empty classes and
|
111
|
+
# metaclasses are typically an oversight or we should provide a comment to be
|
112
|
+
# clearer what we’re aiming for.
|
113
|
+
Lint/EmptyClass:
|
114
|
+
Enabled: true
|
115
|
+
|
69
116
|
# Checks for the presence of if, elsif and unless branches without a body.
|
70
117
|
# https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintemptyconditionalbody
|
71
118
|
Lint/EmptyConditionalBody:
|
@@ -78,6 +125,10 @@ Lint/EmptyEnsure:
|
|
78
125
|
Lint/EmptyFile: # (new in 0.90)
|
79
126
|
Enabled: true
|
80
127
|
|
128
|
+
# Checks for the presence of in pattern branches without a body.
|
129
|
+
Lint/EmptyInPattern:
|
130
|
+
Enabled: true
|
131
|
+
|
81
132
|
# Checks for the presence of `when` branches without a body.
|
82
133
|
Lint/EmptyWhen:
|
83
134
|
Enabled: true
|
@@ -111,11 +162,21 @@ Lint/IdentityComparison: # (new in 0.91)
|
|
111
162
|
Lint/ImplicitStringConcatenation:
|
112
163
|
Enabled: true
|
113
164
|
|
165
|
+
# This cop checks for IO.select that is incompatible with Fiber Scheduler since
|
166
|
+
# Ruby 3.0.
|
167
|
+
Lint/IncompatibleIoSelectWithFiberScheduler:
|
168
|
+
Enabled: true
|
169
|
+
|
114
170
|
# Checks for attempts to use `private` or `protected` to set the visibility
|
115
171
|
# of a class method, which does not work.
|
116
172
|
Lint/IneffectiveAccessModifier:
|
117
173
|
Enabled: false
|
118
174
|
|
175
|
+
# Checks uses of lambda without a literal block. It emulates the following
|
176
|
+
# warning in Ruby 3.0:
|
177
|
+
Lint/LambdaWithoutLiteralBlock:
|
178
|
+
Enabled: true
|
179
|
+
|
119
180
|
# Checks of literals used in conditions.
|
120
181
|
Lint/LiteralAsCondition:
|
121
182
|
Enabled: true
|
@@ -147,11 +208,30 @@ Lint/NestedMethodDefinition:
|
|
147
208
|
Lint/NextWithoutAccumulator:
|
148
209
|
Enabled: true
|
149
210
|
|
211
|
+
# Checks for non-atomic file operation. And then replace it with a nearly
|
212
|
+
# equivalent and atomic method.
|
213
|
+
Lint/NonAtomicFileOperation:
|
214
|
+
Enabled: true
|
215
|
+
|
216
|
+
# Checks for the presence of a return inside a begin..end block in assignment
|
217
|
+
# contexts.
|
218
|
+
Lint/NoReturnInBeginEndBlocks:
|
219
|
+
Enabled: true
|
220
|
+
|
221
|
+
# Checks for uses of numbered parameter assignment.
|
222
|
+
# Reason: Ruby >= 3.0 causes an error so no need to enable it.
|
223
|
+
Lint/NumberedParameterAssignment:
|
224
|
+
Enabled: false
|
225
|
+
|
150
226
|
# Looks for references of Regexp captures that are out of range and thus always returns nil.
|
151
227
|
# https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintoutofrangeregexpref
|
152
228
|
Lint/OutOfRangeRegexpRef:
|
153
229
|
Enabled: true
|
154
230
|
|
231
|
+
# Checks for unintended or-assignment to a constant.
|
232
|
+
Lint/OrAssignmentToConstant:
|
233
|
+
Enabled: true
|
234
|
+
|
155
235
|
# Checks for method calls with a space before the opening parenthesis.
|
156
236
|
Lint/ParenthesesAsGroupedExpression:
|
157
237
|
Enabled: true
|
@@ -165,6 +245,11 @@ Lint/RaiseException:
|
|
165
245
|
Lint/RandOne:
|
166
246
|
Enabled: true
|
167
247
|
|
248
|
+
# This cop checks for redundant sort method to Dir.glob and Dir[]. Sort globbed
|
249
|
+
# results by default in Ruby 3.0.
|
250
|
+
Lint/RedundantDirGlobSort:
|
251
|
+
Enabled: true
|
252
|
+
|
168
253
|
# This cop checks for unneeded usages of splat expansion
|
169
254
|
Lint/RedundantSplatExpansion:
|
170
255
|
Enabled: false
|
@@ -173,10 +258,23 @@ Lint/RedundantSplatExpansion:
|
|
173
258
|
Lint/RedundantStringCoercion:
|
174
259
|
Enabled: true
|
175
260
|
|
261
|
+
# Checks if include or prepend is called in refine block.
|
262
|
+
Lint/RefinementImportMethods:
|
263
|
+
Enabled: true
|
264
|
+
|
176
265
|
# Use parentheses in the method call to avoid confusion about precedence.
|
177
266
|
Lint/RequireParentheses:
|
178
267
|
Enabled: true
|
179
268
|
|
269
|
+
# Checks that a range literal is enclosed in parentheses when the end of the
|
270
|
+
# range is at a line break.
|
271
|
+
Lint/RequireRangeParentheses:
|
272
|
+
Enabled: true
|
273
|
+
|
274
|
+
# Checks for uses a file requiring itself with require_relative.
|
275
|
+
Lint/RequireRelativeSelfPath:
|
276
|
+
Enabled: true
|
277
|
+
|
180
278
|
# Avoid rescuing the Exception class.
|
181
279
|
Lint/RescueException:
|
182
280
|
Enabled: true
|
@@ -207,6 +305,17 @@ Lint/StructNewOverride:
|
|
207
305
|
Lint/SuppressedException:
|
208
306
|
Enabled: false
|
209
307
|
|
308
|
+
# Checks for uses of literal strings converted to a symbol where a literal
|
309
|
+
# symbol could be used instead.
|
310
|
+
Lint/SymbolConversion:
|
311
|
+
Enabled: true
|
312
|
+
EnforcedStyle: strict
|
313
|
+
|
314
|
+
# Ensures that to_enum/enum_for, called for the current method, has correct
|
315
|
+
# arguments.
|
316
|
+
Lint/ToEnumArguments:
|
317
|
+
Enabled: true
|
318
|
+
|
210
319
|
# Checks for top level return with arguments.
|
211
320
|
# https://docs.rubocop.org/rubocop/0.89/cops_lint.html#linttoplevelreturnwithargument
|
212
321
|
Lint/TopLevelReturnWithArgument:
|
@@ -215,10 +324,25 @@ Lint/TopLevelReturnWithArgument:
|
|
215
324
|
Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
|
216
325
|
Enabled: true
|
217
326
|
|
327
|
+
# Checks for "triple quotes" (strings delimited by any odd number of quotes
|
328
|
+
# greater than 1).
|
329
|
+
Lint/TripleQuotes:
|
330
|
+
Enabled: true
|
331
|
+
|
218
332
|
# Do not use prefix `_` for a variable that is used.
|
219
333
|
Lint/UnderscorePrefixedVariableName:
|
220
334
|
Enabled: true
|
221
335
|
|
336
|
+
# Checks for a block that is known to need more positional block arguments than
|
337
|
+
# are given.
|
338
|
+
Lint/UnexpectedBlockArity:
|
339
|
+
Enabled: true
|
340
|
+
|
341
|
+
# Looks for reduce or inject blocks where the value returned (implicitly or
|
342
|
+
# explicitly) does not include the accumulator.
|
343
|
+
Lint/UnmodifiedReduceAccumulator:
|
344
|
+
Enabled: true
|
345
|
+
|
222
346
|
# This cop checks for using Fixnum or Bignum constant
|
223
347
|
Lint/UnifiedInteger:
|
224
348
|
Enabled: true
|
@@ -234,11 +358,11 @@ Lint/UnreachableLoop:
|
|
234
358
|
|
235
359
|
# This cop checks for unused block arguments.
|
236
360
|
Lint/UnusedBlockArgument:
|
237
|
-
Enabled:
|
361
|
+
Enabled: true
|
238
362
|
|
239
363
|
# This cop checks for unused method arguments.
|
240
364
|
Lint/UnusedMethodArgument:
|
241
|
-
Enabled:
|
365
|
+
Enabled: true
|
242
366
|
|
243
367
|
# Checks for useless access modifiers.
|
244
368
|
Lint/UselessAccessModifier:
|
@@ -263,6 +387,10 @@ Lint/UselessSetterCall:
|
|
263
387
|
Lint/UselessTimes: # (new in 0.91)
|
264
388
|
Enabled: true
|
265
389
|
|
390
|
+
# Looks for ruby2_keywords calls for methods that do not need it.
|
391
|
+
Lint/UselessRuby2Keywords:
|
392
|
+
Enabled: true
|
393
|
+
|
266
394
|
# Possible use of operator/literal/variable in void context.
|
267
395
|
Lint/Void:
|
268
396
|
Enabled: true
|
data/rubocop-naming.yml
CHANGED
@@ -27,6 +27,11 @@ Naming/FileName:
|
|
27
27
|
Naming/MemoizedInstanceVariableName:
|
28
28
|
Enabled: false
|
29
29
|
|
30
|
+
# Recommends the use of inclusive language instead of problematic terms.
|
31
|
+
Naming/InclusiveLanguage:
|
32
|
+
Enabled: true
|
33
|
+
CheckStrings: true
|
34
|
+
|
30
35
|
# Use the configured style when naming methods.
|
31
36
|
Naming/MethodName:
|
32
37
|
Enabled: true
|
data/rubocop-rails.yml
CHANGED
@@ -3,6 +3,31 @@ require:
|
|
3
3
|
- rubocop-rails
|
4
4
|
- ./lib/gitlab/styles/rubocop
|
5
5
|
|
6
|
+
# Cop that prevents the use of `dependent: ...` in ActiveRecord models.
|
7
|
+
Cop/ActiveRecordDependent:
|
8
|
+
Enabled: true
|
9
|
+
Include:
|
10
|
+
- app/models/**/*.rb
|
11
|
+
|
12
|
+
# Cop that prevents the use of `serialize` in ActiveRecord models.
|
13
|
+
Cop/ActiveRecordSerialize:
|
14
|
+
Enabled: true
|
15
|
+
Include:
|
16
|
+
- app/models/**/*.rb
|
17
|
+
|
18
|
+
# Cop that prevents the use of polymorphic associations.
|
19
|
+
Cop/PolymorphicAssociations:
|
20
|
+
Enabled: true
|
21
|
+
Include:
|
22
|
+
- app/models/**/*.rb
|
23
|
+
|
24
|
+
# Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
|
25
|
+
# without specifying 'status'.
|
26
|
+
Cop/RedirectWithStatus:
|
27
|
+
Enabled: true
|
28
|
+
Include:
|
29
|
+
- app/controllers/**/*.rb
|
30
|
+
|
6
31
|
# Enables Rails cops.
|
7
32
|
Rails:
|
8
33
|
Enabled: true
|
data/rubocop-rspec.yml
CHANGED
@@ -14,11 +14,6 @@ RSpec/BeEql:
|
|
14
14
|
RSpec/BeforeAfterAll:
|
15
15
|
Enabled: false
|
16
16
|
|
17
|
-
# Checks if there is a more specific finder offered by Capybara.
|
18
|
-
# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
|
19
|
-
RSpec/Capybara/SpecificFinders:
|
20
|
-
Enabled: false
|
21
|
-
|
22
17
|
# Enforces consistent use of be_a or be_kind_of.
|
23
18
|
# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141022718
|
24
19
|
RSpec/ClassCheck:
|
data/rubocop-security.yml
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
---
|
2
2
|
require:
|
3
|
-
- rubocop
|
3
|
+
- ./lib/gitlab/styles/rubocop
|
4
|
+
|
5
|
+
# Checks for implementations of the hash method which combine values using
|
6
|
+
# custom logic instead of delegating to Array#hash.
|
7
|
+
Security/CompoundHash:
|
8
|
+
Enabled: true
|
4
9
|
|
5
10
|
# This cop checks for the use of JSON class methods which have potential
|
6
11
|
# security issues.
|
@@ -16,17 +21,23 @@ Security/IoMethods:
|
|
16
21
|
Enabled: true
|
17
22
|
|
18
23
|
GitlabSecurity/DeepMunge:
|
24
|
+
Description: Checks for disabling the deep munge security control.
|
19
25
|
Enabled: true
|
26
|
+
StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/DeepMunge
|
20
27
|
Exclude:
|
21
28
|
- 'lib/**/*.rake'
|
22
29
|
- 'spec/**/*'
|
23
30
|
|
24
31
|
# To be enabled by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13610
|
25
32
|
GitlabSecurity/JsonSerialization:
|
33
|
+
Description: Checks for `to_json` / `as_json` without allowing via `only`.
|
26
34
|
Enabled: false
|
35
|
+
StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/JsonSerialization
|
27
36
|
|
28
37
|
GitlabSecurity/PublicSend:
|
38
|
+
Description: Checks for the use of `public_send`, `send`, and `__send__` methods.
|
29
39
|
Enabled: true
|
40
|
+
StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/PublicSend
|
30
41
|
Exclude:
|
31
42
|
- 'config/**/*'
|
32
43
|
- 'db/**/*'
|
@@ -35,19 +46,26 @@ GitlabSecurity/PublicSend:
|
|
35
46
|
- 'qa/**/*'
|
36
47
|
- 'spec/**/*'
|
37
48
|
|
49
|
+
GitlabSecurity/SendFileParams:
|
50
|
+
Description: Check for passing of params hash to send_file()
|
51
|
+
Enabled: true
|
52
|
+
|
38
53
|
GitlabSecurity/RedirectToParamsUpdate:
|
54
|
+
Description: Check for use of redirect_to(params.update())
|
39
55
|
Enabled: true
|
40
56
|
Exclude:
|
41
57
|
- 'lib/**/*.rake'
|
42
58
|
- 'spec/**/*'
|
43
59
|
|
44
60
|
GitlabSecurity/SqlInjection:
|
61
|
+
Description: Check for SQL Injection in where()
|
45
62
|
Enabled: true
|
46
63
|
Exclude:
|
47
64
|
- 'lib/**/*.rake'
|
48
65
|
- 'spec/**/*'
|
49
66
|
|
50
67
|
GitlabSecurity/SystemCommandInjection:
|
68
|
+
Description: Check for Command Injection in System()
|
51
69
|
Enabled: true
|
52
70
|
Exclude:
|
53
71
|
- 'lib/**/*.rake'
|
data/rubocop-style.yml
CHANGED
@@ -18,10 +18,14 @@ Style/AndOr:
|
|
18
18
|
Enabled: true
|
19
19
|
EnforcedStyle: always
|
20
20
|
|
21
|
-
#
|
22
|
-
#
|
21
|
+
# This cop enforces the use of Array() instead of explicit Array check or [*var]
|
22
|
+
# It must remain disabled because of safety concern on Array().
|
23
|
+
# A false positive may occur depending on how the argument is handled by Array()
|
24
|
+
# (which can be different than just wrapping the argument in an array)
|
25
|
+
# As of Rubocop 1.0, this cop has been disabled by default.
|
26
|
+
# https://docs.rubocop.org/rubocop/1.44/cops_style.html#safety-3
|
23
27
|
Style/ArrayCoercion:
|
24
|
-
Enabled:
|
28
|
+
Enabled: false
|
25
29
|
|
26
30
|
# Use `Array#join` instead of `Array#*`.
|
27
31
|
Style/ArrayJoin:
|
@@ -289,6 +293,17 @@ Style/NonNilCheck:
|
|
289
293
|
Style/Not:
|
290
294
|
Enabled: true
|
291
295
|
|
296
|
+
# Checks for numbered parameters. It can either restrict the use of numbered
|
297
|
+
# parameters to single-lined blocks, or disallow completely numbered
|
298
|
+
# parameters.
|
299
|
+
Style/NumberedParameters:
|
300
|
+
EnforcedStyle: disallow
|
301
|
+
Enabled: true
|
302
|
+
|
303
|
+
# Detects use of an excessive amount of numbered parameters in a single block.
|
304
|
+
Style/NumberedParametersLimit:
|
305
|
+
Enabled: false
|
306
|
+
|
292
307
|
# Add underscores to large numeric literals to improve their readability.
|
293
308
|
Style/NumericLiterals:
|
294
309
|
Enabled: false
|