RubyGems - mavenlint - Versions diffs - 1.1.1 - Mend

mavenlint 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +7 -0
data/lib/mavenlint.rb +1 -0
data/lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb +38 -0
data/rubocop.yml +58 -0
metadata +89 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 00bca785c140f5c034c9977fb69cdc6b1cf5969b
+  data.tar.gz: 61434659e9f5bd87c794db25ae9cd632584f4e07
+SHA512:
+  metadata.gz: 197eaa339fad01ae1e3d6c683321f9755a65bd47a30d4d0efed39a38ac5288139994055850da93203f397ca77ce8bb237d71549ce1626fb5fec4d2af39619036
+  data.tar.gz: 80dda4fe38ea6c5dc33f094bfa4221215472683619be6be86e3f36f6792ed997b58120dd13b55374c2bb7adfe8fb6c76385829f75009e47123b7e8a6bbece8fe

data/lib/mavenlint.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'rubocop/cop/mavenlint/unsafe-mass-assignment'

data/lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require 'rubocop'
+module RuboCop
+  module Cop
+    module Mavenlint
+      # Identify usages of mass assignment with potentially 'unsafe' columns allowed.
+      #
+      # For example
+      #
+      #   class SomeModel
+      #     attr_accessible :account_id
+      #   end
+      #
+      # Allowing mass assignment of a foreign key column is dangerous for models that are created
+      # or updated through a publicly accessible endpoint, because the associated model isn't
+      # necessarily loaded and ran through security checks.
+      class UnsafeMassAssignment < RuboCop::Cop::Cop
+        MSG = "Do not allow mass-assignment of foreign key columns".freeze
+        def on_send(node)
+          return unless node.command?(:attr_accessible)
+          if unsafe_names?(node)
+            add_offense(node, message: MSG)
+          end
+        end
+        private
+        def unsafe_names?(node)
+          node.arguments.any? do |arg|
+            arg.source.end_with?('_id')
+          end
+        end
+      end
+    end
+  end
+end

data/rubocop.yml ADDED Viewed

@@ -0,0 +1,58 @@
+AllCops:
+  DisabledByDefault: true
+# Enforce that there are no `debugger` or `binding.pry`.
+Lint/Debugger:
+  Enabled: true
+# Enforce not duplicating methods.
+Lint/DuplicateMethods:
+  Enabled: true
+# Enforce not duplicating hash keys.
+Lint/DuplicatedKey:
+  Enabled: true
+# Ensure that we don't use `private` and `protected` on class methods, which doesn't work.
+Lint/IneffectiveAccessModifier:
+  Enabled: true
+# Ensure that custom errors do not inherit Exception. Instead, they should inherit StandardError.
+Lint/InheritException:
+  Enabled: true
+# Ensure that we don't rescue `Exception`, which will eat syntax errors.
+Lint/RescueException:
+  Enabled: true
+# Ensure that we don't have useless or redudant access modifiers (`private` or `protected`).
+Lint/UselessAccessModifier:
+  Enabled: true
+# Ensure that we're not assigning to variables that we're not using.
+Lint/UselessAssignment:
+  Enabled: true
+# Enforce not using `eval`.
+Security/Eval:
+  Enabled: true
+# Ensure that methods have an empty line between them.
+Layout/EmptyLineBetweenDefs:
+  Enabled: true
+# Ensure that we don't have multiple newlines in a row.
+Layout/EmptyLines:
+  Enabled: true
+# Ensure that access modifiers (`private` and `protected`) have empty lines around them.
+Layout/EmptyLinesAroundAccessModifier:
+  Enabled: true
+# Ensure that there isn't extra newlines within method bodies.
+Layout/EmptyLinesAroundMethodBody:
+  Enabled: true
+# Ensure that two spaces are used for indentation.
+Layout/IndentationWidth:
+  Enabled: true

metadata ADDED Viewed

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: mavenlint
+version: !ruby/object:Gem::Version
+  version: 1.1.1
+platform: ruby
+authors:
+- Mavenlnk
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-03-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+description:
+email:
+- ahuth@mavenlink.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/mavenlint.rb
+- lib/rubocop/cop/mavenlint/unsafe-mass-assignment.rb
+- rubocop.yml
+homepage: https://github.com/mavenlink/mavenlint
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.13
+signing_key:
+specification_version: 4
+summary: Mavenlink Rubocop config
+test_files: []