RubyGems - mavenlint - Versions diffs - 1.1.1 - Mend

mavenlint 1.1.1

Files changed (5) hide show

checksums.yaml +7 -0
data/lib/mavenlint.rb +1 -0
data/lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb +38 -0
data/rubocop.yml +58 -0
metadata +89 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 00bca785c140f5c034c9977fb69cdc6b1cf5969b
+  data.tar.gz: 61434659e9f5bd87c794db25ae9cd632584f4e07
+SHA512:
+  metadata.gz: 197eaa339fad01ae1e3d6c683321f9755a65bd47a30d4d0efed39a38ac5288139994055850da93203f397ca77ce8bb237d71549ce1626fb5fec4d2af39619036
+  data.tar.gz: 80dda4fe38ea6c5dc33f094bfa4221215472683619be6be86e3f36f6792ed997b58120dd13b55374c2bb7adfe8fb6c76385829f75009e47123b7e8a6bbece8fe

data/lib/mavenlint.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'rubocop/cop/mavenlint/unsafe-mass-assignment'

data/lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require 'rubocop'
+module RuboCop
+  module Cop
+    module Mavenlint
+      # Identify usages of mass assignment with potentially 'unsafe' columns allowed.
+      #
+      # For example
+      #
+      #   class SomeModel
+      #     attr_accessible :account_id
+      #   end
+      #
+      # Allowing mass assignment of a foreign key column is dangerous for models that are created
+      # or updated through a publicly accessible endpoint, because the associated model isn't
+      # necessarily loaded and ran through security checks.
+      class UnsafeMassAssignment < RuboCop::Cop::Cop
+        MSG = "Do not allow mass-assignment of foreign key columns".freeze
+        def on_send(node)
+          return unless node.command?(:attr_accessible)
+          if unsafe_names?(node)
+            add_offense(node, message: MSG)
+          end
+        end
+        private
+        def unsafe_names?(node)
+          node.arguments.any? do |arg|
+            arg.source.end_with?('_id')
+          end
+        end
+      end
+    end
+  end
+end

data/rubocop.yml ADDED Viewed

@@ -0,0 +1,58 @@
+AllCops:
+  DisabledByDefault: true
+# Enforce that there are no `debugger` or `binding.pry`.
+Lint/Debugger:
+  Enabled: true
+# Enforce not duplicating methods.
+Lint/DuplicateMethods:
+  Enabled: true
+# Enforce not duplicating hash keys.
+Lint/DuplicatedKey:
+  Enabled: true
+# Ensure that we don't use `private` and `protected` on class methods, which doesn't work.
+Lint/IneffectiveAccessModifier:
+  Enabled: true
+# Ensure that custom errors do not inherit Exception. Instead, they should inherit StandardError.
+Lint/InheritException:
+  Enabled: true
+# Ensure that we don't rescue `Exception`, which will eat syntax errors.
+Lint/RescueException:
+  Enabled: true
+# Ensure that we don't have useless or redudant access modifiers (`private` or `protected`).
+Lint/UselessAccessModifier:
+  Enabled: true
+# Ensure that we're not assigning to variables that we're not using.
+Lint/UselessAssignment:
+  Enabled: true
+# Enforce not using `eval`.
+Security/Eval:
+  Enabled: true
+# Ensure that methods have an empty line between them.
+Layout/EmptyLineBetweenDefs:
+  Enabled: true
+# Ensure that we don't have multiple newlines in a row.
+Layout/EmptyLines:
+  Enabled: true
+# Ensure that access modifiers (`private` and `protected`) have empty lines around them.
+Layout/EmptyLinesAroundAccessModifier:
+  Enabled: true
+# Ensure that there isn't extra newlines within method bodies.
+Layout/EmptyLinesAroundMethodBody:
+  Enabled: true
+# Ensure that two spaces are used for indentation.
+Layout/IndentationWidth:
+  Enabled: true

metadata ADDED Viewed

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: mavenlint
+version: !ruby/object:Gem::Version
+  version: 1.1.1
+platform: ruby
+authors:
+- Mavenlnk
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-03-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+description:
+email:
+- ahuth@mavenlink.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/mavenlint.rb
+- lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb
+- rubocop.yml
+homepage: https://github.com/mavenlink/mavenlint
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.13
+signing_key:
+specification_version: 4
+summary: Mavenlink Rubocop config
+test_files: []