gitlab-styles 9.2.0 → 10.0.0

data/lib/rubocop/cop/rails/include_url_helper.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     module Rails

data/lib/rubocop/cop/redirect_with_status.rb

@@ -2,44 +2,58 @@
 
 module Rubocop
   module Cop
-    # Prevents usage of 'redirect_to' in actions 'destroy' without specifying 'status'.
+    # Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
+    # without specifying 'status'.
+    #
+    # @example
+    #   # bad
+    #
+    #   def destroy
+    #     redirect_to root_path
+    #   end
+    #
+    #   def destroy_all
+    #     redirect_to root_path, alert: 'Oh no!'
+    #   end
+    #
+    #   # good
+    #
+    #   def destroy
+    #     redirect_to root_path, status: 302
+    #   end
+    #
+    #   def destroy_all
+    #     redirect_to root_path, alert: 'Oh no!', status: 302
+    #   end
+    #
+    #   def show
+    #     redirect_to root_path
+    #   end
+    #
     # See https://gitlab.com/gitlab-org/gitlab-ce/issues/31840
     class RedirectWithStatus < RuboCop::Cop::Base
-      MSG = 'Do not use "redirect_to" without "status" in "destroy" action'
+      MSG = 'Do not use "redirect_to" without "status" in "%<name>s" action.'
 
-      def on_def(node)
-        return unless in_controller?(node)
-        return unless destroy?(node) || destroy_all?(node)
+      RESTRICT_ON_SEND = %i[redirect_to].freeze
 
-        node.each_descendant(:send) do |def_node|
-          next unless redirect_to?(def_node)
+      ACTIONS = %i[destroy destroy_all].to_set.freeze
 
-          methods = []
+      # @!method redirect_to_with_status?(node)
+      def_node_matcher :redirect_to_with_status?, <<~PATTERN
+        (send nil? :redirect_to ...
+          (hash <(pair (sym :status) _) ...>)
+        )
+      PATTERN
 
-          def_node.children.last.each_node(:pair) do |pair|
-            methods << pair.children.first.children.first
-          end
+      def on_send(node)
+        return if redirect_to_with_status?(node)
 
-          add_offense(def_node.loc.selector) unless methods.include?(:status)
-        end
-      end
-
-      private
-
-      def in_controller?(node)
-        node.location.expression.source_buffer.name.end_with?('_controller.rb')
-      end
+        node.each_ancestor(:def) do |def_node|
+          next unless ACTIONS.include?(def_node.method_name)
 
-      def destroy?(node)
-        node.children.first == :destroy
-      end
-
-      def destroy_all?(node)
-        node.children.first == :destroy_all
-      end
-
-      def redirect_to?(node)
-        node.children[1] == :redirect_to
+          message = format(MSG, name: def_node.method_name)
+          add_offense(node.loc.selector, message: message)
+        end
       end
     end
   end

data/rubocop-capybara.yml

@@ -0,0 +1,8 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+# Checks if there is a more specific finder offered by Capybara.
+# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
+Capybara/SpecificFinders:
+  Enabled: false

data/rubocop-default.yml

@@ -1,6 +1,5 @@
 ---
 require:
-  - rubocop-gitlab-security
   - rubocop-performance
   - rubocop-rspec
   - rubocop-rails
@@ -10,6 +9,7 @@ require:
 inherit_from:
   - rubocop-all.yml
   - rubocop-bundler.yml
+  - rubocop-capybara.yml
   - rubocop-fips.yml
   - rubocop-gemspec.yml
   - rubocop-graphql.yml

data/rubocop-layout.yml

@@ -54,9 +54,9 @@ Layout/DotPosition:
 Layout/ElseAlignment:
   Enabled: true
 
-# Add an empty line after magic comments to separate them from code.
+# Checks for a newline after the final magic comment.
 Layout/EmptyLineAfterMagicComment:
-  Enabled: false
+  Enabled: true
 
 # Use empty lines between defs.
 Layout/EmptyLineBetweenDefs:

data/rubocop-lint.yml

@@ -1,4 +1,8 @@
 ---
+# Checks for mistyped shorthand assignments.
+Lint/AmbiguousAssignment:
+  Enabled: true
+
 # Checks for ambiguous block association with method when param passed without
 # parentheses.
 Lint/AmbiguousBlockAssociation:
@@ -9,6 +13,15 @@ Lint/AmbiguousBlockAssociation:
 Lint/AmbiguousOperator:
   Enabled: true
 
+# Looks for expressions containing multiple binary operators where precedence
+# is ambiguous due to lack of parentheses.
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: true
+
+# Checks for ambiguous ranges.
+Lint/AmbiguousRange:
+  Enabled: true
+
 # This cop checks for ambiguous regexp literals in the first argument of
 # a method invocation without parentheses.
 Lint/AmbiguousRegexpLiteral:
@@ -31,6 +44,10 @@ Lint/CircularArgumentReference:
 Lint/ConstantDefinitionInBlock: # (new in 0.91)
   Enabled: true
 
+# Checks for overwriting an exception with an exception result by use rescue =>.
+Lint/ConstantOverwrittenInRescue:
+  Enabled: true
+
 # Check for debugger calls.
 Lint/Debugger:
   Enabled: true
@@ -39,17 +56,36 @@ Lint/Debugger:
 Lint/DeprecatedClassMethods:
   Enabled: true
 
+# Checks for deprecated constants.
+Lint/DeprecatedConstants:
+  Enabled: true
+
 # Algorithmic constants for OpenSSL::Cipher and OpenSSL::Digest deprecated since OpenSSL version 2.2.0.
 # Prefer passing a string instead.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintdeprecatedopensslconstant
 Lint/DeprecatedOpenSSLConstant:
   Enabled: true
 
+# Checks that there are no repeated bodies within if/unless, case-when, case-in
+# and rescue constructs.
+Lint/DuplicateBranch:
+  Enabled: true
+  IgnoreLiteralBranches: true
+  IgnoreConstantBranches: true
+
 # Checks that there are no repeated conditions used in if 'elsif'.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintduplicateelsifcondition
 Lint/DuplicateElsifCondition:
   Enabled: true
 
+# Checks for duplicated magic comments.
+Lint/DuplicateMagicComment:
+  Enabled: true
+
+# Checks for duplicate elements in Regexp character classes.
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: true
+
 Lint/DuplicateRequire: # (new in 0.90)
   Enabled: true
 
@@ -66,6 +102,17 @@ Lint/EachWithObjectArgument:
 Lint/ElseLayout:
   Enabled: true
 
+# Checks for blocks without a body. Such empty blocks are typically an
+# oversight or we should provide a comment be clearer what we’re aiming for.
+Lint/EmptyBlock:
+  Enabled: true
+
+# Checks for classes and metaclasses without a body. Such empty classes and
+# metaclasses are typically an oversight or we should provide a comment to be
+# clearer what we’re aiming for.
+Lint/EmptyClass:
+  Enabled: true
+
 # Checks for the presence of if, elsif and unless branches without a body.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintemptyconditionalbody
 Lint/EmptyConditionalBody:
@@ -78,6 +125,10 @@ Lint/EmptyEnsure:
 Lint/EmptyFile: # (new in 0.90)
   Enabled: true
 
+# Checks for the presence of in pattern branches without a body.
+Lint/EmptyInPattern:
+  Enabled: true
+
 # Checks for the presence of `when` branches without a body.
 Lint/EmptyWhen:
   Enabled: true
@@ -111,11 +162,21 @@ Lint/IdentityComparison: # (new in 0.91)
 Lint/ImplicitStringConcatenation:
   Enabled: true
 
+# This cop checks for IO.select that is incompatible with Fiber Scheduler since
+# Ruby 3.0.
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: true
+
 # Checks for attempts to use `private` or `protected` to set the visibility
 # of a class method, which does not work.
 Lint/IneffectiveAccessModifier:
   Enabled: false
 
+# Checks uses of lambda without a literal block. It emulates the following
+# warning in Ruby 3.0:
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
 # Checks of literals used in conditions.
 Lint/LiteralAsCondition:
   Enabled: true
@@ -147,11 +208,30 @@ Lint/NestedMethodDefinition:
 Lint/NextWithoutAccumulator:
   Enabled: true
 
+# Checks for non-atomic file operation. And then replace it with a nearly
+# equivalent and atomic method.
+Lint/NonAtomicFileOperation:
+  Enabled: true
+
+# Checks for the presence of a return inside a begin..end block in assignment
+# contexts.
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+# Checks for uses of numbered parameter assignment.
+# Reason: Ruby >= 3.0 causes an error so no need to enable it.
+Lint/NumberedParameterAssignment:
+  Enabled: false
+
 # Looks for references of Regexp captures that are out of range and thus always returns nil.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintoutofrangeregexpref
 Lint/OutOfRangeRegexpRef:
   Enabled: true
 
+# Checks for unintended or-assignment to a constant.
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
 # Checks for method calls with a space before the opening parenthesis.
 Lint/ParenthesesAsGroupedExpression:
   Enabled: true
@@ -165,6 +245,11 @@ Lint/RaiseException:
 Lint/RandOne:
   Enabled: true
 
+# This cop checks for redundant sort method to Dir.glob and Dir[]. Sort globbed
+# results by default in Ruby 3.0.
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
 # This cop checks for unneeded usages of splat expansion
 Lint/RedundantSplatExpansion:
   Enabled: false
@@ -173,10 +258,23 @@ Lint/RedundantSplatExpansion:
 Lint/RedundantStringCoercion:
   Enabled: true
 
+# Checks if include or prepend is called in refine block.
+Lint/RefinementImportMethods:
+  Enabled: true
+
 # Use parentheses in the method call to avoid confusion about precedence.
 Lint/RequireParentheses:
   Enabled: true
 
+# Checks that a range literal is enclosed in parentheses when the end of the
+# range is at a line break.
+Lint/RequireRangeParentheses:
+  Enabled: true
+
+# Checks for uses a file requiring itself with require_relative.
+Lint/RequireRelativeSelfPath:
+  Enabled: true
+
 # Avoid rescuing the Exception class.
 Lint/RescueException:
   Enabled: true
@@ -207,6 +305,17 @@ Lint/StructNewOverride:
 Lint/SuppressedException:
   Enabled: false
 
+# Checks for uses of literal strings converted to a symbol where a literal
+# symbol could be used instead.
+Lint/SymbolConversion:
+  Enabled: true
+  EnforcedStyle: strict
+
+# Ensures that to_enum/enum_for, called for the current method, has correct
+# arguments.
+Lint/ToEnumArguments:
+  Enabled: true
+
 # Checks for top level return with arguments.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#linttoplevelreturnwithargument
 Lint/TopLevelReturnWithArgument:
@@ -215,10 +324,25 @@ Lint/TopLevelReturnWithArgument:
 Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
   Enabled: true
 
+# Checks for "triple quotes" (strings delimited by any odd number of quotes
+# greater than 1).
+Lint/TripleQuotes:
+  Enabled: true
+
 # Do not use prefix `_` for a variable that is used.
 Lint/UnderscorePrefixedVariableName:
   Enabled: true
 
+# Checks for a block that is known to need more positional block arguments than
+# are given.
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+# Looks for reduce or inject blocks where the value returned (implicitly or
+# explicitly) does not include the accumulator.
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
 # This cop checks for using Fixnum or Bignum constant
 Lint/UnifiedInteger:
   Enabled: true
@@ -234,11 +358,11 @@ Lint/UnreachableLoop:
 
 # This cop checks for unused block arguments.
 Lint/UnusedBlockArgument:
-  Enabled: false
+  Enabled: true
 
 # This cop checks for unused method arguments.
 Lint/UnusedMethodArgument:
-  Enabled: false
+  Enabled: true
 
 # Checks for useless access modifiers.
 Lint/UselessAccessModifier:
@@ -263,6 +387,10 @@ Lint/UselessSetterCall:
 Lint/UselessTimes: # (new in 0.91)
   Enabled: true
 
+# Looks for ruby2_keywords calls for methods that do not need it.
+Lint/UselessRuby2Keywords:
+  Enabled: true
+
 # Possible use of operator/literal/variable in void context.
 Lint/Void:
   Enabled: true

data/rubocop-naming.yml

@@ -27,6 +27,11 @@ Naming/FileName:
 Naming/MemoizedInstanceVariableName:
   Enabled: false
 
+# Recommends the use of inclusive language instead of problematic terms.
+Naming/InclusiveLanguage:
+  Enabled: true
+  CheckStrings: true
+
 # Use the configured style when naming methods.
 Naming/MethodName:
   Enabled: true

data/rubocop-rails.yml

@@ -3,6 +3,31 @@ require:
   - rubocop-rails
   - ./lib/gitlab/styles/rubocop
 
+# Cop that prevents the use of `dependent: ...` in ActiveRecord models.
+Cop/ActiveRecordDependent:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Cop that prevents the use of `serialize` in ActiveRecord models.
+Cop/ActiveRecordSerialize:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Cop that prevents the use of polymorphic associations.
+Cop/PolymorphicAssociations:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
+# without specifying 'status'.
+Cop/RedirectWithStatus:
+  Enabled: true
+  Include:
+    - app/controllers/**/*.rb
+
 # Enables Rails cops.
 Rails:
   Enabled: true

data/rubocop-rspec.yml

@@ -14,11 +14,6 @@ RSpec/BeEql:
 RSpec/BeforeAfterAll:
   Enabled: false
 
-# Checks if there is a more specific finder offered by Capybara.
-# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
-RSpec/Capybara/SpecificFinders:
-  Enabled: false
-
 # Enforces consistent use of be_a or be_kind_of.
 # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141022718
 RSpec/ClassCheck:

data/rubocop-security.yml

@@ -1,6 +1,11 @@
 ---
 require:
-  - rubocop-gitlab-security
+  - ./lib/gitlab/styles/rubocop
+
+# Checks for implementations of the hash method which combine values using
+# custom logic instead of delegating to Array#hash.
+Security/CompoundHash:
+  Enabled: true
 
 # This cop checks for the use of JSON class methods which have potential
 # security issues.
@@ -16,17 +21,23 @@ Security/IoMethods:
   Enabled: true
 
 GitlabSecurity/DeepMunge:
+  Description: Checks for disabling the deep munge security control.
   Enabled: true
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/DeepMunge
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 # To be enabled by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13610
 GitlabSecurity/JsonSerialization:
+  Description: Checks for `to_json` / `as_json` without allowing via `only`.
   Enabled: false
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/JsonSerialization
 
 GitlabSecurity/PublicSend:
+  Description: Checks for the use of `public_send`, `send`, and `__send__` methods.
   Enabled: true
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/PublicSend
   Exclude:
     - 'config/**/*'
     - 'db/**/*'
@@ -35,19 +46,26 @@ GitlabSecurity/PublicSend:
     - 'qa/**/*'
     - 'spec/**/*'
 
+GitlabSecurity/SendFileParams:
+  Description: Check for passing of params hash to send_file()
+  Enabled: true
+
 GitlabSecurity/RedirectToParamsUpdate:
+  Description: Check for use of redirect_to(params.update())
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 GitlabSecurity/SqlInjection:
+  Description: Check for SQL Injection in where()
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 GitlabSecurity/SystemCommandInjection:
+  Description: Check for Command Injection in System()
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'

data/rubocop-style.yml

@@ -18,10 +18,14 @@ Style/AndOr:
   Enabled: true
   EnforcedStyle: always
 
-# Enforces the use of Array() instead of explicit Array check or [*var]
-# https://docs.rubocop.org/rubocop/0.89/cops_style.html#stylearraycoercion
+# This cop enforces the use of Array() instead of explicit Array check or [*var]
+# It must remain disabled because of safety concern on Array().
+# A false positive may occur depending on how the argument is handled by Array()
+# (which can be different than just wrapping the argument in an array)
+# As of Rubocop 1.0, this cop has been disabled by default.
+# https://docs.rubocop.org/rubocop/1.44/cops_style.html#safety-3
 Style/ArrayCoercion:
-  Enabled: true
+  Enabled: false
 
 # Use `Array#join` instead of `Array#*`.
 Style/ArrayJoin:
@@ -289,6 +293,17 @@ Style/NonNilCheck:
 Style/Not:
   Enabled: true
 
+# Checks for numbered parameters. It can either restrict the use of numbered
+# parameters to single-lined blocks, or disallow completely numbered
+# parameters.
+Style/NumberedParameters:
+  EnforcedStyle: disallow
+  Enabled: true
+
+# Detects use of an excessive amount of numbered parameters in a single block.
+Style/NumberedParametersLimit:
+  Enabled: false
+
 # Add underscores to large numeric literals to improve their readability.
 Style/NumericLiterals:
   Enabled: false