gitlab-styles 9.2.0 → 10.1.0

data/lib/rubocop/cop/rspec/empty_line_after_shared_example.rb

@@ -44,8 +44,15 @@ module Rubocop
         MSG = 'Add an empty line after `%<example>s` block.'
 
         # @!method shared_examples(node)
-        def_node_matcher :shared_examples,
-          block_pattern('{#SharedGroups.all #Includes.all}')
+        def_node_matcher :shared_examples, <<~PATTERN
+          {
+            (block (send #rspec? #SharedGroups.all ...) ...)
+            {
+              (block (send nil? #Includes.all ...) ...)
+              (send nil? #Includes.all ...)
+            }
+          }
+        PATTERN
 
         def on_block(node)
           shared_examples(node) do

data/lib/rubocop/cop/rspec/example_starting_character.rb

@@ -77,7 +77,7 @@ module Rubocop
         end
 
         def docstring(node)
-          expr = node.loc.expression
+          expr = node.source_range
 
           Parser::Source::Range.new(
             expr.source_buffer,

data/lib/rubocop/cop/rspec/factory_bot/excessive_create_list.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'rubocop-rspec'
+require_relative '../base'
+
+module Rubocop
+  module Cop
+    module RSpec
+      module FactoryBot
+        # Check for create_list FactoryBot declarations higher than configured MaxAmount.
+        #
+        # @example MaxAmount: 20
+        #   We do not allow more than 20 items to be created.
+        #
+        #   # bad
+        #   create_list(:merge_request, 1000, state: :opened)
+        #
+        #   # good
+        #   create_list(:merge_request, 15, state: :opened)
+        #
+        # @example
+        #   We do not allow more than 10 items to be created (default)
+        #   # bad
+        #   create_list(:merge_request, 1000, state: :opened)
+        #
+        #   # good
+        #   create_list(:merge_request, 10, state: :opened)
+        #
+        class ExcessiveCreateList < Base
+          MESSAGE = 'Avoid using `create_list` with more than %{max_amount} items.'
+
+          # @!method create_list?(node)
+          def_node_matcher :create_list?, <<~PATTERN
+            (send nil? :create_list (sym ...) $(int _) ...)
+          PATTERN
+
+          RESTRICT_ON_SEND = %i[create_list].freeze
+
+          def on_send(node)
+            number_node = create_list?(node)
+            return unless number_node
+
+            max_amount = cop_config['MaxAmount']
+            return if number_node.value <= max_amount
+
+            add_offense(number_node, message: format(MESSAGE, max_amount: max_amount))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rspec/useless_dynamic_definition.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Rubocop
+  module Cop
+    module RSpec
+      # Flags useless dynamic hook/let definitions via `.each`, `.each_key`, or
+      # `.each_value` without defining a wrapping `context` explicitly inside
+      # the loop block. Without it, the let definition will always/only be set
+      # to the final value.
+      #
+      # @example
+      #
+      #   # bad
+      #   context 'foo' do
+      #     [true, false].each do |bool|
+      #       before do
+      #         stub_something(bool: bool)
+      #       end
+      #
+      #       let(:foo) { build(:model, bool: bool) }
+      #
+      #       it 'works' do
+      #         # `bool` is always `false`
+      #       end
+      #     end
+      #   end
+      #
+      #   # good
+      #   context 'foo' do
+      #     [true, false].each do |bool|
+      #       context "with bool #{bool}" do # <--
+      #         before do
+      #           stub_something(bool: bool)
+      #         end
+      #
+      #         let(:foo) { build(:model, bool: bool) }
+      #
+      #         it 'works' do
+      #           # `bool` is `true` and then `false`
+      #         end
+      #       end
+      #     end
+      #   end
+      class UselessDynamicDefinition < Base
+        MSG = 'Avoid useless dynamic definitions without `context`.'
+
+        RESTRICT_ON_SEND = %i[each each_key each_value].freeze
+
+        def on_send(node)
+          return unless dynamic_definition?(node.parent)
+
+          add_offense(node.loc.selector)
+        end
+
+        private
+
+        def dynamic_definition?(node)
+          group = RuboCop::RSpec::ExampleGroup.new(node)
+
+          group.lets.any? || group.hooks.any?
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rspec/verbose_include_metadata.rb

@@ -42,7 +42,7 @@ module Rubocop
           invalid_metadata_matches(node) do |match|
             add_offense(node, message: format(MSG, good(match), bad(match))) do |corrector|
               invalid_metadata_matches(node) do |match|
-                corrector.replace(match.loc.expression, good(match))
+                corrector.replace(match, good(match))
               end
             end
           end

data/rubocop-capybara.yml

@@ -0,0 +1,8 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+# Checks if there is a more specific finder offered by Capybara.
+# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
+Capybara/SpecificFinders:
+  Enabled: false

data/rubocop-default.yml

@@ -1,6 +1,5 @@
 ---
 require:
-  - rubocop-gitlab-security
   - rubocop-performance
   - rubocop-rspec
   - rubocop-rails
@@ -10,9 +9,11 @@ require:
 inherit_from:
   - rubocop-all.yml
   - rubocop-bundler.yml
+  - rubocop-capybara.yml
   - rubocop-fips.yml
   - rubocop-gemspec.yml
   - rubocop-graphql.yml
+  - rubocop-internal-affairs.yml
   - rubocop-layout.yml
   - rubocop-lint.yml
   - rubocop-metrics.yml
@@ -23,6 +24,3 @@ inherit_from:
   - rubocop-rspec.yml
   - rubocop-security.yml
   - rubocop-style.yml
-
-InternalAffairs/DeprecateCopHelper:
-  Enabled: false

data/rubocop-gemspec.yml

@@ -4,3 +4,9 @@
 Gemspec/OrderedDependencies:
   Include:
     - '**/*.gemspec'
+
+# Enforce that development dependencies for a gem are specified in Gemfile,
+# rather than in the gemspec using add_development_dependency
+# Reason: Each project may decide to use a different strategy.
+Gemspec/DevelopmentDependencies:
+  Enabled: false

data/rubocop-internal-affairs.yml

@@ -0,0 +1,11 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+InternalAffairs/DeprecateCopHelper:
+  Include:
+    - 'spec/rubocop/**/*.rb'
+
+InternalAffairs/MissingCopDepartment:
+  Include:
+    - 'lib/rubocop/cop/**/*.rb'

data/rubocop-layout.yml

@@ -54,9 +54,9 @@ Layout/DotPosition:
 Layout/ElseAlignment:
   Enabled: true
 
-# Add an empty line after magic comments to separate them from code.
+# Checks for a newline after the final magic comment.
 Layout/EmptyLineAfterMagicComment:
-  Enabled: false
+  Enabled: true
 
 # Use empty lines between defs.
 Layout/EmptyLineBetweenDefs:

data/rubocop-lint.yml

@@ -1,4 +1,8 @@
 ---
+# Checks for mistyped shorthand assignments.
+Lint/AmbiguousAssignment:
+  Enabled: true
+
 # Checks for ambiguous block association with method when param passed without
 # parentheses.
 Lint/AmbiguousBlockAssociation:
@@ -9,15 +13,25 @@ Lint/AmbiguousBlockAssociation:
 Lint/AmbiguousOperator:
   Enabled: true
 
+# Looks for expressions containing multiple binary operators where precedence
+# is ambiguous due to lack of parentheses.
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: true
+
+# Checks for ambiguous ranges.
+Lint/AmbiguousRange:
+  Enabled: true
+
 # This cop checks for ambiguous regexp literals in the first argument of
 # a method invocation without parentheses.
 Lint/AmbiguousRegexpLiteral:
   Enabled: true
 
-# This cop checks for assignments in the conditions of
-# if/while/until.
+# This cop checks for assignments in the conditions of if/while/until.
+# Forbid assignments within conditions.
 Lint/AssignmentInCondition:
-  Enabled: false
+  Enabled: true
+  AllowSafeAssignment: false
 
 # Checks for places where binary operator has identical operands
 Lint/BinaryOperatorWithIdenticalOperands:
@@ -31,6 +45,10 @@ Lint/CircularArgumentReference:
 Lint/ConstantDefinitionInBlock: # (new in 0.91)
   Enabled: true
 
+# Checks for overwriting an exception with an exception result by use rescue =>.
+Lint/ConstantOverwrittenInRescue:
+  Enabled: true
+
 # Check for debugger calls.
 Lint/Debugger:
   Enabled: true
@@ -39,17 +57,36 @@ Lint/Debugger:
 Lint/DeprecatedClassMethods:
   Enabled: true
 
+# Checks for deprecated constants.
+Lint/DeprecatedConstants:
+  Enabled: true
+
 # Algorithmic constants for OpenSSL::Cipher and OpenSSL::Digest deprecated since OpenSSL version 2.2.0.
 # Prefer passing a string instead.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintdeprecatedopensslconstant
 Lint/DeprecatedOpenSSLConstant:
   Enabled: true
 
+# Checks that there are no repeated bodies within if/unless, case-when, case-in
+# and rescue constructs.
+Lint/DuplicateBranch:
+  Enabled: true
+  IgnoreLiteralBranches: true
+  IgnoreConstantBranches: true
+
 # Checks that there are no repeated conditions used in if 'elsif'.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintduplicateelsifcondition
 Lint/DuplicateElsifCondition:
   Enabled: true
 
+# Checks for duplicated magic comments.
+Lint/DuplicateMagicComment:
+  Enabled: true
+
+# Checks for duplicate elements in Regexp character classes.
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: true
+
 Lint/DuplicateRequire: # (new in 0.90)
   Enabled: true
 
@@ -66,6 +103,17 @@ Lint/EachWithObjectArgument:
 Lint/ElseLayout:
   Enabled: true
 
+# Checks for blocks without a body. Such empty blocks are typically an
+# oversight or we should provide a comment be clearer what we’re aiming for.
+Lint/EmptyBlock:
+  Enabled: true
+
+# Checks for classes and metaclasses without a body. Such empty classes and
+# metaclasses are typically an oversight or we should provide a comment to be
+# clearer what we’re aiming for.
+Lint/EmptyClass:
+  Enabled: true
+
 # Checks for the presence of if, elsif and unless branches without a body.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintemptyconditionalbody
 Lint/EmptyConditionalBody:
@@ -78,6 +126,10 @@ Lint/EmptyEnsure:
 Lint/EmptyFile: # (new in 0.90)
   Enabled: true
 
+# Checks for the presence of in pattern branches without a body.
+Lint/EmptyInPattern:
+  Enabled: true
+
 # Checks for the presence of `when` branches without a body.
 Lint/EmptyWhen:
   Enabled: true
@@ -111,11 +163,21 @@ Lint/IdentityComparison: # (new in 0.91)
 Lint/ImplicitStringConcatenation:
   Enabled: true
 
+# This cop checks for IO.select that is incompatible with Fiber Scheduler since
+# Ruby 3.0.
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: true
+
 # Checks for attempts to use `private` or `protected` to set the visibility
 # of a class method, which does not work.
 Lint/IneffectiveAccessModifier:
   Enabled: false
 
+# Checks uses of lambda without a literal block. It emulates the following
+# warning in Ruby 3.0:
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
 # Checks of literals used in conditions.
 Lint/LiteralAsCondition:
   Enabled: true
@@ -147,11 +209,30 @@ Lint/NestedMethodDefinition:
 Lint/NextWithoutAccumulator:
   Enabled: true
 
+# Checks for non-atomic file operation. And then replace it with a nearly
+# equivalent and atomic method.
+Lint/NonAtomicFileOperation:
+  Enabled: true
+
+# Checks for the presence of a return inside a begin..end block in assignment
+# contexts.
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+# Checks for uses of numbered parameter assignment.
+# Reason: Ruby >= 3.0 causes an error so no need to enable it.
+Lint/NumberedParameterAssignment:
+  Enabled: false
+
 # Looks for references of Regexp captures that are out of range and thus always returns nil.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#lintoutofrangeregexpref
 Lint/OutOfRangeRegexpRef:
   Enabled: true
 
+# Checks for unintended or-assignment to a constant.
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
 # Checks for method calls with a space before the opening parenthesis.
 Lint/ParenthesesAsGroupedExpression:
   Enabled: true
@@ -165,6 +246,11 @@ Lint/RaiseException:
 Lint/RandOne:
   Enabled: true
 
+# This cop checks for redundant sort method to Dir.glob and Dir[]. Sort globbed
+# results by default in Ruby 3.0.
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
 # This cop checks for unneeded usages of splat expansion
 Lint/RedundantSplatExpansion:
   Enabled: false
@@ -173,10 +259,23 @@ Lint/RedundantSplatExpansion:
 Lint/RedundantStringCoercion:
   Enabled: true
 
+# Checks if include or prepend is called in refine block.
+Lint/RefinementImportMethods:
+  Enabled: true
+
 # Use parentheses in the method call to avoid confusion about precedence.
 Lint/RequireParentheses:
   Enabled: true
 
+# Checks that a range literal is enclosed in parentheses when the end of the
+# range is at a line break.
+Lint/RequireRangeParentheses:
+  Enabled: true
+
+# Checks for uses a file requiring itself with require_relative.
+Lint/RequireRelativeSelfPath:
+  Enabled: true
+
 # Avoid rescuing the Exception class.
 Lint/RescueException:
   Enabled: true
@@ -207,6 +306,17 @@ Lint/StructNewOverride:
 Lint/SuppressedException:
   Enabled: false
 
+# Checks for uses of literal strings converted to a symbol where a literal
+# symbol could be used instead.
+Lint/SymbolConversion:
+  Enabled: true
+  EnforcedStyle: strict
+
+# Ensures that to_enum/enum_for, called for the current method, has correct
+# arguments.
+Lint/ToEnumArguments:
+  Enabled: true
+
 # Checks for top level return with arguments.
 # https://docs.rubocop.org/rubocop/0.89/cops_lint.html#linttoplevelreturnwithargument
 Lint/TopLevelReturnWithArgument:
@@ -215,10 +325,25 @@ Lint/TopLevelReturnWithArgument:
 Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
   Enabled: true
 
+# Checks for "triple quotes" (strings delimited by any odd number of quotes
+# greater than 1).
+Lint/TripleQuotes:
+  Enabled: true
+
 # Do not use prefix `_` for a variable that is used.
 Lint/UnderscorePrefixedVariableName:
   Enabled: true
 
+# Checks for a block that is known to need more positional block arguments than
+# are given.
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+# Looks for reduce or inject blocks where the value returned (implicitly or
+# explicitly) does not include the accumulator.
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
 # This cop checks for using Fixnum or Bignum constant
 Lint/UnifiedInteger:
   Enabled: true
@@ -234,11 +359,11 @@ Lint/UnreachableLoop:
 
 # This cop checks for unused block arguments.
 Lint/UnusedBlockArgument:
-  Enabled: false
+  Enabled: true
 
 # This cop checks for unused method arguments.
 Lint/UnusedMethodArgument:
-  Enabled: false
+  Enabled: true
 
 # Checks for useless access modifiers.
 Lint/UselessAccessModifier:
@@ -263,6 +388,10 @@ Lint/UselessSetterCall:
 Lint/UselessTimes: # (new in 0.91)
   Enabled: true
 
+# Looks for ruby2_keywords calls for methods that do not need it.
+Lint/UselessRuby2Keywords:
+  Enabled: true
+
 # Possible use of operator/literal/variable in void context.
 Lint/Void:
   Enabled: true

data/rubocop-naming.yml

@@ -27,6 +27,11 @@ Naming/FileName:
 Naming/MemoizedInstanceVariableName:
   Enabled: false
 
+# Recommends the use of inclusive language instead of problematic terms.
+Naming/InclusiveLanguage:
+  Enabled: true
+  CheckStrings: true
+
 # Use the configured style when naming methods.
 Naming/MethodName:
   Enabled: true

data/rubocop-rails.yml

@@ -3,6 +3,31 @@ require:
   - rubocop-rails
   - ./lib/gitlab/styles/rubocop
 
+# Cop that prevents the use of `dependent: ...` in ActiveRecord models.
+Cop/ActiveRecordDependent:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Cop that prevents the use of `serialize` in ActiveRecord models.
+Cop/ActiveRecordSerialize:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Cop that prevents the use of polymorphic associations.
+Cop/PolymorphicAssociations:
+  Enabled: true
+  Include:
+    - app/models/**/*.rb
+
+# Prevents usage of 'redirect_to' in actions 'destroy' and 'destroy_all'
+# without specifying 'status'.
+Cop/RedirectWithStatus:
+  Enabled: true
+  Include:
+    - app/controllers/**/*.rb
+
 # Enables Rails cops.
 Rails:
   Enabled: true
@@ -115,7 +140,7 @@ Rails/Output:
 # This cop checks for the use of output safety calls like html_safe and
 # raw.
 Rails/OutputSafety:
-  Enabled: false
+  Enabled: true
 
 # Enforces the use of pluck over map.
 # https://docs.rubocop.org/rubocop-rails/2.8/cops_rails.html#railspluck
@@ -171,6 +196,13 @@ Rails/SquishedSQLHeredocs:
 Rails/TimeZone:
   Enabled: false
 
+# Checks for the use of exit statements (namely return, break and throw) in
+# transactions. This is due to the eventual unexpected behavior when using
+# ActiveRecord >= 7, where transactions exited using these statements are being
+# rollbacked rather than committed (pre ActiveRecord 7 behavior).
+Rails/TransactionExitStatement:
+  Enabled: true
+
 # This cop checks for the use of old-style attribute validation macros.
 Rails/Validation:
   Enabled: true

data/rubocop-rspec.yml

@@ -2,6 +2,11 @@
 require:
   - ./lib/gitlab/styles/rubocop
 
+# Check for create_list FactoryBot declarations higher than MaxAmount
+RSpec/FactoryBot/ExcessiveCreateList:
+  Enabled: true
+  MaxAmount: 10
+
 # Check that instances are not being stubbed globally.
 RSpec/AnyInstance:
   Enabled: false
@@ -14,11 +19,6 @@ RSpec/BeEql:
 RSpec/BeforeAfterAll:
   Enabled: false
 
-# Checks if there is a more specific finder offered by Capybara.
-# https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141024624
-RSpec/Capybara/SpecificFinders:
-  Enabled: false
-
 # Enforces consistent use of be_a or be_kind_of.
 # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/131#note_1141022718
 RSpec/ClassCheck:

data/rubocop-security.yml

@@ -1,6 +1,11 @@
 ---
 require:
-  - rubocop-gitlab-security
+  - ./lib/gitlab/styles/rubocop
+
+# Checks for implementations of the hash method which combine values using
+# custom logic instead of delegating to Array#hash.
+Security/CompoundHash:
+  Enabled: true
 
 # This cop checks for the use of JSON class methods which have potential
 # security issues.
@@ -16,17 +21,23 @@ Security/IoMethods:
   Enabled: true
 
 GitlabSecurity/DeepMunge:
+  Description: Checks for disabling the deep munge security control.
   Enabled: true
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/DeepMunge
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 # To be enabled by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13610
 GitlabSecurity/JsonSerialization:
+  Description: Checks for `to_json` / `as_json` without allowing via `only`.
   Enabled: false
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/JsonSerialization
 
 GitlabSecurity/PublicSend:
+  Description: Checks for the use of `public_send`, `send`, and `__send__` methods.
   Enabled: true
+  StyleGuide: https://www.rubydoc.info/gems/gitlab-styles/RuboCop/Cop/GitlabSecurity/PublicSend
   Exclude:
     - 'config/**/*'
     - 'db/**/*'
@@ -35,19 +46,26 @@ GitlabSecurity/PublicSend:
     - 'qa/**/*'
     - 'spec/**/*'
 
+GitlabSecurity/SendFileParams:
+  Description: Check for passing of params hash to send_file()
+  Enabled: true
+
 GitlabSecurity/RedirectToParamsUpdate:
+  Description: Check for use of redirect_to(params.update())
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 GitlabSecurity/SqlInjection:
+  Description: Check for SQL Injection in where()
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'
     - 'spec/**/*'
 
 GitlabSecurity/SystemCommandInjection:
+  Description: Check for Command Injection in System()
   Enabled: true
   Exclude:
     - 'lib/**/*.rake'

data/rubocop-style.yml

@@ -18,10 +18,14 @@ Style/AndOr:
   Enabled: true
   EnforcedStyle: always
 
-# Enforces the use of Array() instead of explicit Array check or [*var]
-# https://docs.rubocop.org/rubocop/0.89/cops_style.html#stylearraycoercion
+# This cop enforces the use of Array() instead of explicit Array check or [*var]
+# It must remain disabled because of safety concern on Array().
+# A false positive may occur depending on how the argument is handled by Array()
+# (which can be different than just wrapping the argument in an array)
+# As of Rubocop 1.0, this cop has been disabled by default.
+# https://docs.rubocop.org/rubocop/1.44/cops_style.html#safety-3
 Style/ArrayCoercion:
-  Enabled: true
+  Enabled: false
 
 # Use `Array#join` instead of `Array#*`.
 Style/ArrayJoin:
@@ -289,6 +293,17 @@ Style/NonNilCheck:
 Style/Not:
   Enabled: true
 
+# Checks for numbered parameters. It can either restrict the use of numbered
+# parameters to single-lined blocks, or disallow completely numbered
+# parameters.
+Style/NumberedParameters:
+  EnforcedStyle: disallow
+  Enabled: true
+
+# Detects use of an excessive amount of numbered parameters in a single block.
+Style/NumberedParametersLimit:
+  Enabled: false
+
 # Add underscores to large numeric literals to improve their readability.
 Style/NumericLiterals:
   Enabled: false