gitlab-styles 9.2.0 → 10.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -3
  3. data/.gitlab/merge_request_templates/Release.md +18 -5
  4. data/.gitlab-ci.yml +17 -2
  5. data/.rubocop.yml +6 -1
  6. data/.rubocop_todo.yml +36 -0
  7. data/.tests_mapping.yml +10 -0
  8. data/Gemfile +0 -11
  9. data/Gemfile.lock +227 -0
  10. data/README.md +0 -1
  11. data/gitlab-styles.gemspec +15 -8
  12. data/lefthook.yml +11 -3
  13. data/lib/gitlab/styles/rubocop/migration_helpers.rb +1 -1
  14. data/lib/gitlab/styles/version.rb +1 -1
  15. data/lib/rubocop/cop/active_record_dependent.rb +0 -5
  16. data/lib/rubocop/cop/active_record_serialize.rb +0 -6
  17. data/lib/rubocop/cop/avoid_return_from_blocks.rb +4 -4
  18. data/lib/rubocop/cop/custom_error_class.rb +1 -1
  19. data/lib/rubocop/cop/gem_fetcher.rb +1 -1
  20. data/lib/rubocop/cop/gitlab_security/deep_munge.rb +36 -0
  21. data/lib/rubocop/cop/gitlab_security/json_serialization.rb +133 -0
  22. data/lib/rubocop/cop/gitlab_security/public_send.rb +47 -0
  23. data/lib/rubocop/cop/gitlab_security/redirect_to_params_update.rb +38 -0
  24. data/lib/rubocop/cop/gitlab_security/send_file_params.rb +40 -0
  25. data/lib/rubocop/cop/gitlab_security/sql_injection.rb +41 -0
  26. data/lib/rubocop/cop/gitlab_security/system_command_injection.rb +38 -0
  27. data/lib/rubocop/cop/in_batches.rb +0 -2
  28. data/lib/rubocop/cop/internal_affairs/missing_cop_department.rb +80 -0
  29. data/lib/rubocop/cop/internal_affairs/use_restrict_on_send.rb +99 -0
  30. data/lib/rubocop/cop/line_break_after_guard_clauses.rb +4 -6
  31. data/lib/rubocop/cop/line_break_around_conditional_block.rb +1 -1
  32. data/lib/rubocop/cop/migration/update_large_table.rb +1 -0
  33. data/lib/rubocop/cop/polymorphic_associations.rb +0 -5
  34. data/lib/rubocop/cop/rails/include_url_helper.rb +0 -2
  35. data/lib/rubocop/cop/redirect_with_status.rb +44 -30
  36. data/lib/rubocop/cop/rspec/empty_line_after_shared_example.rb +9 -2
  37. data/lib/rubocop/cop/rspec/example_starting_character.rb +1 -1
  38. data/lib/rubocop/cop/rspec/factory_bot/excessive_create_list.rb +52 -0
  39. data/lib/rubocop/cop/rspec/useless_dynamic_definition.rb +67 -0
  40. data/lib/rubocop/cop/rspec/verbose_include_metadata.rb +1 -1
  41. data/rubocop-capybara.yml +8 -0
  42. data/rubocop-default.yml +2 -4
  43. data/rubocop-gemspec.yml +6 -0
  44. data/rubocop-internal-affairs.yml +11 -0
  45. data/rubocop-layout.yml +2 -2
  46. data/rubocop-lint.yml +134 -5
  47. data/rubocop-naming.yml +5 -0
  48. data/rubocop-rails.yml +33 -1
  49. data/rubocop-rspec.yml +5 -5
  50. data/rubocop-security.yml +19 -1
  51. data/rubocop-style.yml +18 -3
  52. metadata +142 -29
  53. data/lib/gitlab/styles/rubocop/model_helpers.rb +0 -19
@@ -44,8 +44,15 @@ module Rubocop
44
44
  MSG = 'Add an empty line after `%<example>s` block.'
45
45
 
46
46
  # @!method shared_examples(node)
47
- def_node_matcher :shared_examples,
48
- block_pattern('{#SharedGroups.all #Includes.all}')
47
+ def_node_matcher :shared_examples, <<~PATTERN
48
+ {
49
+ (block (send #rspec? #SharedGroups.all ...) ...)
50
+ {
51
+ (block (send nil? #Includes.all ...) ...)
52
+ (send nil? #Includes.all ...)
53
+ }
54
+ }
55
+ PATTERN
49
56
 
50
57
  def on_block(node)
51
58
  shared_examples(node) do
@@ -77,7 +77,7 @@ module Rubocop
77
77
  end
78
78
 
79
79
  def docstring(node)
80
- expr = node.loc.expression
80
+ expr = node.source_range
81
81
 
82
82
  Parser::Source::Range.new(
83
83
  expr.source_buffer,
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rubocop-rspec'
4
+ require_relative '../base'
5
+
6
+ module Rubocop
7
+ module Cop
8
+ module RSpec
9
+ module FactoryBot
10
+ # Check for create_list FactoryBot declarations higher than configured MaxAmount.
11
+ #
12
+ # @example MaxAmount: 20
13
+ # We do not allow more than 20 items to be created.
14
+ #
15
+ # # bad
16
+ # create_list(:merge_request, 1000, state: :opened)
17
+ #
18
+ # # good
19
+ # create_list(:merge_request, 15, state: :opened)
20
+ #
21
+ # @example
22
+ # We do not allow more than 10 items to be created (default)
23
+ # # bad
24
+ # create_list(:merge_request, 1000, state: :opened)
25
+ #
26
+ # # good
27
+ # create_list(:merge_request, 10, state: :opened)
28
+ #
29
+ class ExcessiveCreateList < Base
30
+ MESSAGE = 'Avoid using `create_list` with more than %{max_amount} items.'
31
+
32
+ # @!method create_list?(node)
33
+ def_node_matcher :create_list?, <<~PATTERN
34
+ (send nil? :create_list (sym ...) $(int _) ...)
35
+ PATTERN
36
+
37
+ RESTRICT_ON_SEND = %i[create_list].freeze
38
+
39
+ def on_send(node)
40
+ number_node = create_list?(node)
41
+ return unless number_node
42
+
43
+ max_amount = cop_config['MaxAmount']
44
+ return if number_node.value <= max_amount
45
+
46
+ add_offense(number_node, message: format(MESSAGE, max_amount: max_amount))
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'base'
4
+
5
+ module Rubocop
6
+ module Cop
7
+ module RSpec
8
+ # Flags useless dynamic hook/let definitions via `.each`, `.each_key`, or
9
+ # `.each_value` without defining a wrapping `context` explicitly inside
10
+ # the loop block. Without it, the let definition will always/only be set
11
+ # to the final value.
12
+ #
13
+ # @example
14
+ #
15
+ # # bad
16
+ # context 'foo' do
17
+ # [true, false].each do |bool|
18
+ # before do
19
+ # stub_something(bool: bool)
20
+ # end
21
+ #
22
+ # let(:foo) { build(:model, bool: bool) }
23
+ #
24
+ # it 'works' do
25
+ # # `bool` is always `false`
26
+ # end
27
+ # end
28
+ # end
29
+ #
30
+ # # good
31
+ # context 'foo' do
32
+ # [true, false].each do |bool|
33
+ # context "with bool #{bool}" do # <--
34
+ # before do
35
+ # stub_something(bool: bool)
36
+ # end
37
+ #
38
+ # let(:foo) { build(:model, bool: bool) }
39
+ #
40
+ # it 'works' do
41
+ # # `bool` is `true` and then `false`
42
+ # end
43
+ # end
44
+ # end
45
+ # end
46
+ class UselessDynamicDefinition < Base
47
+ MSG = 'Avoid useless dynamic definitions without `context`.'
48
+
49
+ RESTRICT_ON_SEND = %i[each each_key each_value].freeze
50
+
51
+ def on_send(node)
52
+ return unless dynamic_definition?(node.parent)
53
+
54
+ add_offense(node.loc.selector)
55
+ end
56
+
57
+ private
58
+
59
+ def dynamic_definition?(node)
60
+ group = RuboCop::RSpec::ExampleGroup.new(node)
61
+
62
+ group.lets.any? || group.hooks.any?
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -42,7 +42,7 @@ module Rubocop
42
42
  invalid_metadata_matches(node) do |match|
43
43
  add_offense(node, message: format(MSG, good(match), bad(match))) do |corrector|
44
44
  invalid_metadata_matches(node) do |match|
45
- corrector.replace(match.loc.expression, good(match))
45
+ corrector.replace(match, good(match))
46
46
  end
47
47
  end
48
48
  end
@@ -0,0 +1,8 @@
1
+ ---
2
+ require:
3
+ - ./lib/gitlab/styles/rubocop
4
+
5
+ # Checks if there is a more specific finder offered by Capybara.
6
+ # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
7
+ Capybara/SpecificFinders:
8
+ Enabled: false
data/rubocop-default.yml CHANGED
@@ -1,6 +1,5 @@
1
1
  ---
2
2
  require:
3
- - rubocop-gitlab-security
4
3
  - rubocop-performance
5
4
  - rubocop-rspec
6
5
  - rubocop-rails
@@ -10,9 +9,11 @@ require:
10
9
  inherit_from:
11
10
  - rubocop-all.yml
12
11
  - rubocop-bundler.yml
12
+ - rubocop-capybara.yml
13
13
  - rubocop-fips.yml
14
14
  - rubocop-gemspec.yml
15
15
  - rubocop-graphql.yml
16
+ - rubocop-internal-affairs.yml
16
17
  - rubocop-layout.yml
17
18
  - rubocop-lint.yml
18
19
  - rubocop-metrics.yml
@@ -23,6 +24,3 @@ inherit_from:
23
24
  - rubocop-rspec.yml
24
25
  - rubocop-security.yml
25
26
  - rubocop-style.yml
26
-
27
- InternalAffairs/DeprecateCopHelper:
28
- Enabled: false
data/rubocop-gemspec.yml CHANGED
@@ -4,3 +4,9 @@
4
4
  Gemspec/OrderedDependencies:
5
5
  Include:
6
6
  - '**/*.gemspec'
7
+
8
+ # Enforce that development dependencies for a gem are specified in Gemfile,
9
+ # rather than in the gemspec using add_development_dependency
10
+ # Reason: Each project may decide to use a different strategy.
11
+ Gemspec/DevelopmentDependencies:
12
+ Enabled: false
@@ -0,0 +1,11 @@
1
+ ---
2
+ require:
3
+ - ./lib/gitlab/styles/rubocop
4
+
5
+ InternalAffairs/DeprecateCopHelper:
6
+ Include:
7
+ - 'spec/rubocop/**/*.rb'
8
+
9
+ InternalAffairs/MissingCopDepartment:
10
+ Include:
11
+ - 'lib/rubocop/cop/**/*.rb'
data/rubocop-layout.yml CHANGED
@@ -54,9 +54,9 @@ Layout/DotPosition:
54
54
  Layout/ElseAlignment:
55
55
  Enabled: true
56
56
 
57
- # Add an empty line after magic comments to separate them from code.
57
+ # Checks for a newline after the final magic comment.
58
58
  Layout/EmptyLineAfterMagicComment:
59
- Enabled: false
59
+ Enabled: true
60
60
 
61
61
  # Use empty lines between defs.
62
62
  Layout/EmptyLineBetweenDefs:
data/rubocop-lint.yml CHANGED
@@ -1,4 +1,8 @@
1
1
  ---
2
+ # Checks for mistyped shorthand assignments.
3
+ Lint/AmbiguousAssignment:
4
+ Enabled: true
5
+
2
6
  # Checks for ambiguous block association with method when param passed without
3
7
  # parentheses.
4
8
  Lint/AmbiguousBlockAssociation:
@@ -9,15 +13,25 @@ Lint/AmbiguousBlockAssociation:
9
13
  Lint/AmbiguousOperator:
10
14
  Enabled: true
11
15
 
16
+ # Looks for expressions containing multiple binary operators where precedence
17
+ # is ambiguous due to lack of parentheses.
18
+ Lint/AmbiguousOperatorPrecedence:
19
+ Enabled: true
20
+
21
+ # Checks for ambiguous ranges.
22
+ Lint/AmbiguousRange:
23
+ Enabled: true
24
+
12
25
  # This cop checks for ambiguous regexp literals in the first argument of
13
26
  # a method invocation without parentheses.
14
27
  Lint/AmbiguousRegexpLiteral:
15
28
  Enabled: true
16
29
 
17
- # This cop checks for assignments in the conditions of
18
- # if/while/until.
30
+ # This cop checks for assignments in the conditions of if/while/until.
31
+ # Forbid assignments within conditions.
19
32
  Lint/AssignmentInCondition:
20
- Enabled: false
33
+ Enabled: true
34
+ AllowSafeAssignment: false
21
35
 
22
36
  # Checks for places where binary operator has identical operands
23
37
  Lint/BinaryOperatorWithIdenticalOperands:
@@ -31,6 +45,10 @@ Lint/CircularArgumentReference:
31
45
  Lint/ConstantDefinitionInBlock: # (new in 0.91)
32
46
  Enabled: true
33
47
 
48
+ # Checks for overwriting an exception with an exception result by use rescue =>.
49
+ Lint/ConstantOverwrittenInRescue:
50
+ Enabled: true
51
+
34
52
  # Check for debugger calls.
35
53
  Lint/Debugger:
36
54
  Enabled: true
@@ -39,17 +57,36 @@ Lint/Debugger:
39
57
  Lint/DeprecatedClassMethods:
40
58
  Enabled: true
41
59
 
60
+ # Checks for deprecated constants.
61
+ Lint/DeprecatedConstants:
62
+ Enabled: true
63
+
42
64
  # Algorithmic constants for OpenSSL::Cipher and OpenSSL::Digest deprecated since OpenSSL version 2.2.0.
43
65
  # Prefer passing a string instead.
44
66
  # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintdeprecatedopensslconstant
45
67
  Lint/DeprecatedOpenSSLConstant:
46
68
  Enabled: true
47
69
 
70
+ # Checks that there are no repeated bodies within if/unless, case-when, case-in
71
+ # and rescue constructs.
72
+ Lint/DuplicateBranch:
73
+ Enabled: true
74
+ IgnoreLiteralBranches: true
75
+ IgnoreConstantBranches: true
76
+
48
77
  # Checks that there are no repeated conditions used in if 'elsif'.
49
78
  # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintduplicateelsifcondition
50
79
  Lint/DuplicateElsifCondition:
51
80
  Enabled: true
52
81
 
82
+ # Checks for duplicated magic comments.
83
+ Lint/DuplicateMagicComment:
84
+ Enabled: true
85
+
86
+ # Checks for duplicate elements in Regexp character classes.
87
+ Lint/DuplicateRegexpCharacterClassElement:
88
+ Enabled: true
89
+
53
90
  Lint/DuplicateRequire: # (new in 0.90)
54
91
  Enabled: true
55
92
 
@@ -66,6 +103,17 @@ Lint/EachWithObjectArgument:
66
103
  Lint/ElseLayout:
67
104
  Enabled: true
68
105
 
106
+ # Checks for blocks without a body. Such empty blocks are typically an
107
+ # oversight or we should provide a comment be clearer what we’re aiming for.
108
+ Lint/EmptyBlock:
109
+ Enabled: true
110
+
111
+ # Checks for classes and metaclasses without a body. Such empty classes and
112
+ # metaclasses are typically an oversight or we should provide a comment to be
113
+ # clearer what we’re aiming for.
114
+ Lint/EmptyClass:
115
+ Enabled: true
116
+
69
117
  # Checks for the presence of if, elsif and unless branches without a body.
70
118
  # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintemptyconditionalbody
71
119
  Lint/EmptyConditionalBody:
@@ -78,6 +126,10 @@ Lint/EmptyEnsure:
78
126
  Lint/EmptyFile: # (new in 0.90)
79
127
  Enabled: true
80
128
 
129
+ # Checks for the presence of in pattern branches without a body.
130
+ Lint/EmptyInPattern:
131
+ Enabled: true
132
+
81
133
  # Checks for the presence of `when` branches without a body.
82
134
  Lint/EmptyWhen:
83
135
  Enabled: true
@@ -111,11 +163,21 @@ Lint/IdentityComparison: # (new in 0.91)
111
163
  Lint/ImplicitStringConcatenation:
112
164
  Enabled: true
113
165
 
166
+ # This cop checks for IO.select that is incompatible with Fiber Scheduler since
167
+ # Ruby 3.0.
168
+ Lint/IncompatibleIoSelectWithFiberScheduler:
169
+ Enabled: true
170
+
114
171
  # Checks for attempts to use `private` or `protected` to set the visibility
115
172
  # of a class method, which does not work.
116
173
  Lint/IneffectiveAccessModifier:
117
174
  Enabled: false
118
175
 
176
+ # Checks uses of lambda without a literal block. It emulates the following
177
+ # warning in Ruby 3.0:
178
+ Lint/LambdaWithoutLiteralBlock:
179
+ Enabled: true
180
+
119
181
  # Checks of literals used in conditions.
120
182
  Lint/LiteralAsCondition:
121
183
  Enabled: true
@@ -147,11 +209,30 @@ Lint/NestedMethodDefinition:
147
209
  Lint/NextWithoutAccumulator:
148
210
  Enabled: true
149
211
 
212
+ # Checks for non-atomic file operation. And then replace it with a nearly
213
+ # equivalent and atomic method.
214
+ Lint/NonAtomicFileOperation:
215
+ Enabled: true
216
+
217
+ # Checks for the presence of a return inside a begin..end block in assignment
218
+ # contexts.
219
+ Lint/NoReturnInBeginEndBlocks:
220
+ Enabled: true
221
+
222
+ # Checks for uses of numbered parameter assignment.
223
+ # Reason: Ruby >= 3.0 causes an error so no need to enable it.
224
+ Lint/NumberedParameterAssignment:
225
+ Enabled: false
226
+
150
227
  # Looks for references of Regexp captures that are out of range and thus always returns nil.
151
228
  # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintoutofrangeregexpref
152
229
  Lint/OutOfRangeRegexpRef:
153
230
  Enabled: true
154
231
 
232
+ # Checks for unintended or-assignment to a constant.
233
+ Lint/OrAssignmentToConstant:
234
+ Enabled: true
235
+
155
236
  # Checks for method calls with a space before the opening parenthesis.
156
237
  Lint/ParenthesesAsGroupedExpression:
157
238
  Enabled: true
@@ -165,6 +246,11 @@ Lint/RaiseException:
165
246
  Lint/RandOne:
166
247
  Enabled: true
167
248
 
249
+ # This cop checks for redundant sort method to Dir.glob and Dir[]. Sort globbed
250
+ # results by default in Ruby 3.0.
251
+ Lint/RedundantDirGlobSort:
252
+ Enabled: true
253
+
168
254
  # This cop checks for unneeded usages of splat expansion
169
255
  Lint/RedundantSplatExpansion:
170
256
  Enabled: false
@@ -173,10 +259,23 @@ Lint/RedundantSplatExpansion:
173
259
  Lint/RedundantStringCoercion:
174
260
  Enabled: true
175
261
 
262
+ # Checks if include or prepend is called in refine block.
263
+ Lint/RefinementImportMethods:
264
+ Enabled: true
265
+
176
266
  # Use parentheses in the method call to avoid confusion about precedence.
177
267
  Lint/RequireParentheses:
178
268
  Enabled: true
179
269
 
270
+ # Checks that a range literal is enclosed in parentheses when the end of the
271
+ # range is at a line break.
272
+ Lint/RequireRangeParentheses:
273
+ Enabled: true
274
+
275
+ # Checks for uses a file requiring itself with require_relative.
276
+ Lint/RequireRelativeSelfPath:
277
+ Enabled: true
278
+
180
279
  # Avoid rescuing the Exception class.
181
280
  Lint/RescueException:
182
281
  Enabled: true
@@ -207,6 +306,17 @@ Lint/StructNewOverride:
207
306
  Lint/SuppressedException:
208
307
  Enabled: false
209
308
 
309
+ # Checks for uses of literal strings converted to a symbol where a literal
310
+ # symbol could be used instead.
311
+ Lint/SymbolConversion:
312
+ Enabled: true
313
+ EnforcedStyle: strict
314
+
315
+ # Ensures that to_enum/enum_for, called for the current method, has correct
316
+ # arguments.
317
+ Lint/ToEnumArguments:
318
+ Enabled: true
319
+
210
320
  # Checks for top level return with arguments.
211
321
  # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#linttoplevelreturnwithargument
212
322
  Lint/TopLevelReturnWithArgument:
@@ -215,10 +325,25 @@ Lint/TopLevelReturnWithArgument:
215
325
  Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
216
326
  Enabled: true
217
327
 
328
+ # Checks for "triple quotes" (strings delimited by any odd number of quotes
329
+ # greater than 1).
330
+ Lint/TripleQuotes:
331
+ Enabled: true
332
+
218
333
  # Do not use prefix `_` for a variable that is used.
219
334
  Lint/UnderscorePrefixedVariableName:
220
335
  Enabled: true
221
336
 
337
+ # Checks for a block that is known to need more positional block arguments than
338
+ # are given.
339
+ Lint/UnexpectedBlockArity:
340
+ Enabled: true
341
+
342
+ # Looks for reduce or inject blocks where the value returned (implicitly or
343
+ # explicitly) does not include the accumulator.
344
+ Lint/UnmodifiedReduceAccumulator:
345
+ Enabled: true
346
+
222
347
  # This cop checks for using Fixnum or Bignum constant
223
348
  Lint/UnifiedInteger:
224
349
  Enabled: true
@@ -234,11 +359,11 @@ Lint/UnreachableLoop:
234
359
 
235
360
  # This cop checks for unused block arguments.
236
361
  Lint/UnusedBlockArgument:
237
- Enabled: false
362
+ Enabled: true
238
363
 
239
364
  # This cop checks for unused method arguments.
240
365
  Lint/UnusedMethodArgument:
241
- Enabled: false
366
+ Enabled: true
242
367
 
243
368
  # Checks for useless access modifiers.
244
369
  Lint/UselessAccessModifier:
@@ -263,6 +388,10 @@ Lint/UselessSetterCall:
263
388
  Lint/UselessTimes: # (new in 0.91)
264
389
  Enabled: true
265
390
 
391
+ # Looks for ruby2_keywords calls for methods that do not need it.
392
+ Lint/UselessRuby2Keywords:
393
+ Enabled: true
394
+
266
395
  # Possible use of operator/literal/variable in void context.
267
396
  Lint/Void:
268
397
  Enabled: true
data/rubocop-naming.yml CHANGED
@@ -27,6 +27,11 @@ Naming/FileName:
27
27
  Naming/MemoizedInstanceVariableName:
28
28
  Enabled: false
29
29
 
30
+ # Recommends the use of inclusive language instead of problematic terms.
31
+ Naming/InclusiveLanguage:
32
+ Enabled: true
33
+ CheckStrings: true
34
+
30
35
  # Use the configured style when naming methods.
31
36
  Naming/MethodName:
32
37
  Enabled: true
data/rubocop-rails.yml CHANGED
@@ -3,6 +3,31 @@ require:
3
3
  - rubocop-rails
4
4
  - ./lib/gitlab/styles/rubocop
5
5
 
6
+ # Cop that prevents the use of `dependent: ...` in ActiveRecord models.
7
+ Cop/ActiveRecordDependent:
8
+ Enabled: true
9
+ Include:
10
+ - app/models/**/*.rb
11
+
12
+ # Cop that prevents the use of `serialize` in ActiveRecord models.
13
+ Cop/ActiveRecordSerialize:
14
+ Enabled: true
15
+ Include:
16
+ - app/models/**/*.rb
17
+
18
+ # Cop that prevents the use of polymorphic associations.
19
+ Cop/PolymorphicAssociations:
20
+ Enabled: true
21
+ Include:
22
+ - app/models/**/*.rb
23
+
24
+ # Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
25
+ # without specifying 'status'.
26
+ Cop/RedirectWithStatus:
27
+ Enabled: true
28
+ Include:
29
+ - app/controllers/**/*.rb
30
+
6
31
  # Enables Rails cops.
7
32
  Rails:
8
33
  Enabled: true
@@ -115,7 +140,7 @@ Rails/Output:
115
140
  # This cop checks for the use of output safety calls like html_safe and
116
141
  # raw.
117
142
  Rails/OutputSafety:
118
- Enabled: false
143
+ Enabled: true
119
144
 
120
145
  # Enforces the use of pluck over map.
121
146
  # https://docs.rubocop.org/rubocop-rails/2.8/cops_rails.html#railspluck
@@ -171,6 +196,13 @@ Rails/SquishedSQLHeredocs:
171
196
  Rails/TimeZone:
172
197
  Enabled: false
173
198
 
199
+ # Checks for the use of exit statements (namely return, break and throw) in
200
+ # transactions. This is due to the eventual unexpected behavior when using
201
+ # ActiveRecord >= 7, where transactions exited using these statements are being
202
+ # rollbacked rather than committed (pre ActiveRecord 7 behavior).
203
+ Rails/TransactionExitStatement:
204
+ Enabled: true
205
+
174
206
  # This cop checks for the use of old-style attribute validation macros.
175
207
  Rails/Validation:
176
208
  Enabled: true
data/rubocop-rspec.yml CHANGED
@@ -2,6 +2,11 @@
2
2
  require:
3
3
  - ./lib/gitlab/styles/rubocop
4
4
 
5
+ # Check for create_list FactoryBot declarations higher than MaxAmount
6
+ RSpec/FactoryBot/ExcessiveCreateList:
7
+ Enabled: true
8
+ MaxAmount: 10
9
+
5
10
  # Check that instances are not being stubbed globally.
6
11
  RSpec/AnyInstance:
7
12
  Enabled: false
@@ -14,11 +19,6 @@ RSpec/BeEql:
14
19
  RSpec/BeforeAfterAll:
15
20
  Enabled: false
16
21
 
17
- # Checks if there is a more specific finder offered by Capybara.
18
- # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
19
- RSpec/Capybara/SpecificFinders:
20
- Enabled: false
21
-
22
22
  # Enforces consistent use of be_a or be_kind_of.
23
23
  # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141022718
24
24
  RSpec/ClassCheck:
data/rubocop-security.yml CHANGED
@@ -1,6 +1,11 @@
1
1
  ---
2
2
  require:
3
- - rubocop-gitlab-security
3
+ - ./lib/gitlab/styles/rubocop
4
+
5
+ # Checks for implementations of the hash method which combine values using
6
+ # custom logic instead of delegating to Array#hash.
7
+ Security/CompoundHash:
8
+ Enabled: true
4
9
 
5
10
  # This cop checks for the use of JSON class methods which have potential
6
11
  # security issues.
@@ -16,17 +21,23 @@ Security/IoMethods:
16
21
  Enabled: true
17
22
 
18
23
  GitlabSecurity/DeepMunge:
24
+ Description: Checks for disabling the deep munge security control.
19
25
  Enabled: true
26
+ StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/DeepMunge
20
27
  Exclude:
21
28
  - 'lib/**/*.rake'
22
29
  - 'spec/**/*'
23
30
 
24
31
  # To be enabled by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13610
25
32
  GitlabSecurity/JsonSerialization:
33
+ Description: Checks for `to_json` / `as_json` without allowing via `only`.
26
34
  Enabled: false
35
+ StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/JsonSerialization
27
36
 
28
37
  GitlabSecurity/PublicSend:
38
+ Description: Checks for the use of `public_send`, `send`, and `__send__` methods.
29
39
  Enabled: true
40
+ StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/PublicSend
30
41
  Exclude:
31
42
  - 'config/**/*'
32
43
  - 'db/**/*'
@@ -35,19 +46,26 @@ GitlabSecurity/PublicSend:
35
46
  - 'qa/**/*'
36
47
  - 'spec/**/*'
37
48
 
49
+ GitlabSecurity/SendFileParams:
50
+ Description: Check for passing of params hash to send_file()
51
+ Enabled: true
52
+
38
53
  GitlabSecurity/RedirectToParamsUpdate:
54
+ Description: Check for use of redirect_to(params.update())
39
55
  Enabled: true
40
56
  Exclude:
41
57
  - 'lib/**/*.rake'
42
58
  - 'spec/**/*'
43
59
 
44
60
  GitlabSecurity/SqlInjection:
61
+ Description: Check for SQL Injection in where()
45
62
  Enabled: true
46
63
  Exclude:
47
64
  - 'lib/**/*.rake'
48
65
  - 'spec/**/*'
49
66
 
50
67
  GitlabSecurity/SystemCommandInjection:
68
+ Description: Check for Command Injection in System()
51
69
  Enabled: true
52
70
  Exclude:
53
71
  - 'lib/**/*.rake'
data/rubocop-style.yml CHANGED
@@ -18,10 +18,14 @@ Style/AndOr:
18
18
  Enabled: true
19
19
  EnforcedStyle: always
20
20
 
21
- # Enforces the use of Array() instead of explicit Array check or [*var]
22
- # https://docs.rubocop.org/rubocop/0.89/cops_style.html#stylearraycoercion
21
+ # This cop enforces the use of Array() instead of explicit Array check or [*var]
22
+ # It must remain disabled because of safety concern on Array().
23
+ # A false positive may occur depending on how the argument is handled by Array()
24
+ # (which can be different than just wrapping the argument in an array)
25
+ # As of Rubocop 1.0, this cop has been disabled by default.
26
+ # https://docs.rubocop.org/rubocop/1.44/cops_style.html#safety-3
23
27
  Style/ArrayCoercion:
24
- Enabled: true
28
+ Enabled: false
25
29
 
26
30
  # Use `Array#join` instead of `Array#*`.
27
31
  Style/ArrayJoin:
@@ -289,6 +293,17 @@ Style/NonNilCheck:
289
293
  Style/Not:
290
294
  Enabled: true
291
295
 
296
+ # Checks for numbered parameters. It can either restrict the use of numbered
297
+ # parameters to single-lined blocks, or disallow completely numbered
298
+ # parameters.
299
+ Style/NumberedParameters:
300
+ EnforcedStyle: disallow
301
+ Enabled: true
302
+
303
+ # Detects use of an excessive amount of numbered parameters in a single block.
304
+ Style/NumberedParametersLimit:
305
+ Enabled: false
306
+
292
307
  # Add underscores to large numeric literals to improve their readability.
293
308
  Style/NumericLiterals:
294
309
  Enabled: false