gitlab-styles 7.0.0 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9fcbcb3937df65b5a6ef170918f4abd96786642c5ba2e379b4f0c3273cd21411
-  data.tar.gz: dde017a2f0091139175945e0bafd2f0d9c43f2ad280ca9f60c350093fe441dd2
+  metadata.gz: bdbe53a3630aedb6f9a4eb87e46ab9becc5b924dbaf2122eca8f8634ffa46d11
+  data.tar.gz: 8b64b09817b3d57edec615305e973f9aa86312bfc19b25cf999111f721d16cf3
 SHA512:
-  metadata.gz: ccd9e7b074e48b11b2c9d13f929b2f20d7fcd71e6ad89ae6eaf558d690f1122cbfa78ea145494ada2944ca5f37113ee1ac77fa88679b3194126e24b1c563063c
-  data.tar.gz: c38476316f30eed488850324802911e538369ba88a2110357d5b8c5dbb2be08fdf99119f640b05e2a11d90d703e7f2646425e2083a8d96fa96996bf1f7c2e966
+  metadata.gz: 691d29df5dd389a90f9169e0caa3637c5abad270eeab8e55742b2d45542056d819c18f24723b1e897e1f1cc343d1a6aa740efcb17df1eb6b1517ef580ad2dabd
+  data.tar.gz: e1ceae95be87aec10561836e415f7d12d3e59404d24604097efae1fb99290038eb77d1013f03982fae00d5ad1c819d72385a505b247580b2d16c32c7c390e7c2

data/gitlab-styles.gemspec

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rubocop-rspec', '~> 1.44'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
-  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.6.1'
+  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

data/lib/gitlab/styles/common/banned_constants.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Styles
+    module Common
+      module BannedConstants
+        attr_reader :replacements, :message_template, :autocorrect
+
+        def on_const(node)
+          constant = node.source.delete_prefix('::')
+
+          return unless replacements.key?(constant)
+
+          replacement = replacements.fetch(constant)
+          message = format(message_template, { replacement: replacement })
+
+          add_offense(node, message: message) do |corrector|
+            next unless autocorrect
+
+            replacement = "::#{replacement}" if node.source.start_with?("::")
+
+            corrector.replace(node, replacement)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/fips/md5.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class MD5 < RuboCop::Cop::Base
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'MD5 is not FIPS-compliant. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'OpenSSL::Digest::MD5' => 'OpenSSL::Digest::SHA256',
+              'Digest::MD5' => 'OpenSSL::Digest::SHA256'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = false
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/fips/open_ssl.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class OpenSSL < RuboCop::Cop::Base
+            extend RuboCop::Cop::AutoCorrector
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'Usage of this class is not FIPS-compliant. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'Digest::SHA1' => 'OpenSSL::Digest::SHA1',
+              'Digest::SHA2' => 'OpenSSL::Digest::SHA2',
+              'Digest::SHA256' => 'OpenSSL::Digest::SHA256',
+              'Digest::SHA384' => 'OpenSSL::Digest::SHA384',
+              'Digest::SHA512' => 'OpenSSL::Digest::SHA512'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = true
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/rubocop/cop/fips/sha1.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../../../common/banned_constants'
+
+module Gitlab
+  module Styles
+    module Rubocop
+      module Cop
+        module Fips
+          class SHA1 < RuboCop::Cop::Base
+            include Gitlab::Styles::Common::BannedConstants
+
+            MESSAGE_TEMPLATE = 'SHA1 is likely to become non-compliant in the near future. Use %{replacement} instead.'
+
+            REPLACEMENTS = {
+              'OpenSSL::Digest::SHA1' => 'OpenSSL::Digest::SHA256',
+              'Digest::SHA1' => 'OpenSSL::Digest::SHA256'
+            }.freeze
+
+            def initialize(config = nil, options = nil)
+              @message_template = MESSAGE_TEMPLATE
+              @replacements = REPLACEMENTS
+              @autocorrect = false
+              super(config, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/styles/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Styles
-    VERSION = '7.0.0'
+    VERSION = '7.1.0'
   end
 end

data/rubocop-default.yml

@@ -10,6 +10,7 @@ require:
 inherit_from:
   - rubocop-all.yml
   - rubocop-bundler.yml
+  - rubocop-fips.yml
   - rubocop-gemspec.yml
   - rubocop-graphql.yml
   - rubocop-layout.yml

data/rubocop-fips.yml

@@ -0,0 +1,15 @@
+---
+require:
+  - ./lib/gitlab/styles/rubocop
+
+# Denies usage of MD5
+Fips/MD5:
+  Enabled: true
+
+# Denies usage of SHA1
+Fips/SHA1:
+  Enabled: true
+
+# Replaces ::Digest with ::OpenSSL::Digest
+Fips/OpenSSL:
+  Enabled: true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-styles
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.1.0
 platform: ruby
 authors:
 - GitLab
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-02 00:00:00.000000000 Z
+date: 2022-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -120,14 +120,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.1
+        version: 2.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.1
+        version: 2.11.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -182,12 +182,16 @@ files:
 - bin/setup
 - gitlab-styles.gemspec
 - lib/gitlab/styles.rb
+- lib/gitlab/styles/common/banned_constants.rb
 - lib/gitlab/styles/rubocop.rb
 - lib/gitlab/styles/rubocop/cop/active_record_dependent.rb
 - lib/gitlab/styles/rubocop/cop/active_record_serialize.rb
 - lib/gitlab/styles/rubocop/cop/avoid_return_from_blocks.rb
 - lib/gitlab/styles/rubocop/cop/code_reuse/active_record.rb
 - lib/gitlab/styles/rubocop/cop/custom_error_class.rb
+- lib/gitlab/styles/rubocop/cop/fips/md5.rb
+- lib/gitlab/styles/rubocop/cop/fips/open_ssl.rb
+- lib/gitlab/styles/rubocop/cop/fips/sha1.rb
 - lib/gitlab/styles/rubocop/cop/gem_fetcher.rb
 - lib/gitlab/styles/rubocop/cop/in_batches.rb
 - lib/gitlab/styles/rubocop/cop/internal_affairs/deprecate_cop_helper.rb
@@ -217,6 +221,7 @@ files:
 - rubocop-bundler.yml
 - rubocop-code_reuse.yml
 - rubocop-default.yml
+- rubocop-fips.yml
 - rubocop-gemspec.yml
 - rubocop-graphql.yml
 - rubocop-layout.yml