overcommit 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6030d9d4951a3c37f536bfd4caefc3890c6c4f2d
-  data.tar.gz: 04a5f6031e2217c33382a2c034f7670f711dbdbe
+  metadata.gz: f85ad2d80c2da4defeec5bce808514385a27c6e6
+  data.tar.gz: e547ff585ce285436624840c7b16e32ab79677a7
 SHA512:
-  metadata.gz: c6769844c60d201e95417a06610daef7c1a5465184c176423ad7bf9bfb958373116fe8d17085ecc9f2d741677d9a928e28df6ac6b174f5499d8907837eef1305
-  data.tar.gz: 49c7bbeafda273737fafc8aba005eda1b5c13774932a143c7c85664ee32f4f84898999c1da2cea9f4b2ffb2eae490386bef0b8c744b76a798a9c90478f859000
+  metadata.gz: 5e7633bf2eccb141b29a8b0bb69910ceb3810badc570a9573f3a6ce069988af8a436ee7b91f2802bf8f305be92aac98c1f603d9570690f7bad5ecae4bf6bff5c
+  data.tar.gz: 5988d0a37ca6bf001019e94c19e11e97aeb52cc1bec66e75478d1c5bb04f231c43f77447702b579c3a468d9248c6515d62fa28337b93cd92725e33b47eec665b

data/config/default.yml

@@ -53,6 +53,12 @@ PreCommit:
     required: true
     quiet: true
 
+  Brakeman:
+    enabled: false
+    description: 'Checking for security vulnerabilities'
+    include:
+      - '**/*.rb'
+
   BundleCheck:
     description: 'Checking Gemfile dependencies'
     include:
@@ -60,6 +66,11 @@ PreCommit:
       - 'Gemfile.lock'
       - '*.gemspec'
 
+  ChamberSecurity:
+    enabled: false
+    description: 'Checking that settings have been secured with Chamber'
+    include: 'config/settings.yml'
+
   CoffeeLint:
     description: 'Analyzing with coffeelint'
     include: '**/*.coffee'
@@ -91,10 +102,38 @@ PreCommit:
     description: 'Analyzing with JSHint'
     include: '**/*.js'
 
+  JsonSyntax:
+    description: 'Validating JSON syntax'
+    include: '**/*.json'
+
+  JsxHint:
+    description: 'Analyzing with JSXHint'
+    include: '**/*.jsx'
+
+  LocalPathsInGemfile:
+    description: 'Checking for references to local paths in your Gemfile'
+    include: '**/Gemfile'
+
+  MergeConflicts:
+    description: 'Checking for merge conflicts'
+
+  PryBinding:
+    description: 'Checking for instances of binding.pry'
+    include:
+      - '**/*.rb'
+      - '**/*.rake'
+
   PythonFlake8:
     description: 'Analyzing with flake8'
     include: '**/*.py'
 
+  RailsSchemaUpToDate:
+    description: 'Checking if database schema is up to date'
+    include:
+      - 'db/migrate/*.rb'
+      - 'db/schema.rb'
+      - 'db/structure.sql'
+
   Rubocop:
     description: 'Analyzing with Rubocop'
     include:

data/lib/overcommit/configuration.rb

@@ -112,7 +112,7 @@ module Overcommit
     end
 
     def smart_merge(parent, child)
-      parent.merge(child) do |key, old, new|
+      parent.merge(child) do |_key, old, new|
         case old
         when Array
           old + Array(new)

data/lib/overcommit/hook/pre_commit/berksfile_check.rb

@@ -0,0 +1,24 @@
+module Overcommit::Hook::PreCommit
+  # Check if local Berksfile.lock matches Berksfile when either changes, unless
+  # Berksfile.lock is ignored by git.
+  class BerksfileCheck < Base
+    LOCK_FILE = 'Berksfile.lock'
+
+    def run
+      unless in_path?('berks')
+        return :warn, 'Berkshelf not installed -- run `gem install berkshelf`'
+      end
+
+      # Ignore if Berksfile.lock is not tracked by git
+      ignored_files = execute(%w[git ls-files -o -i --exclude-standard]).stdout.split("\n")
+      return :good if ignored_files.include?(LOCK_FILE)
+
+      result = execute(%w[berks list --quiet])
+      unless result.success?
+        return :bad, result.stderr
+      end
+
+      :good
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/brakeman.rb

@@ -0,0 +1,16 @@
+module Overcommit::Hook::PreCommit
+  # Runs `brakeman` against any modified Ruby/Rails files.
+  class Brakeman < Base
+    def run
+      unless in_path?('brakeman')
+        return :warn, 'Run `gem install brakeman`'
+      end
+
+      result = execute(%w[brakeman --exit-on-warn --quiet --summary --only-files] +
+                       applicable_files)
+      return :good if result.success?
+
+      [:bad, result.stdout]
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/bundle_check.rb

@@ -10,7 +10,8 @@ module Overcommit::Hook::PreCommit
       end
 
       # Ignore if Gemfile.lock is not tracked by git
-      return :good if execute(%w[git check-ignore] + [LOCK_FILE]).success?
+      ignored_files = execute(%w[git ls-files -o -i --exclude-standard]).stdout.split("\n")
+      return :good if ignored_files.include?(LOCK_FILE)
 
       result = execute(%w[bundle check])
       unless result.success?

data/lib/overcommit/hook/pre_commit/chamber_security.rb

@@ -0,0 +1,15 @@
+module Overcommit::Hook::PreCommit
+  # Runs `chamber secure` against any modified Chamber settings files
+  class ChamberSecurity < Base
+    def run
+      unless in_path?('chamber')
+        return :warn, 'Run `gem install chamber`'
+      end
+
+      result = execute(%w[chamber secure --echo --files] + applicable_files)
+
+      return :good if result.stdout.empty?
+      [:bad, "These settings appear to need to be secured but were not: #{result.stdout}"]
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/json_syntax.rb

@@ -0,0 +1,22 @@
+require 'json'
+
+module Overcommit::Hook::PreCommit
+  # Checks the syntax of any modified JSON files.
+  class JsonSyntax < Base
+    def run
+      output = []
+
+      applicable_files.each do |file|
+        begin
+          File.open(file) { |io| JSON.load(io) }
+        rescue JSON::ParserError => e
+          output << "#{e.message} parsing #{file}"
+        end
+      end
+
+      return :good if output.empty?
+
+      [:bad, output]
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/jsx_hint.rb

@@ -0,0 +1,17 @@
+module Overcommit::Hook::PreCommit
+  # Runs `jsxhint` against any modified JSX files.
+  class JsxHint < Base
+    def run
+      unless in_path?('jsxhint')
+        return :warn, 'jsxhint not installed -- run `npm install -g jsxhint`'
+      end
+
+      result = execute(%w[jsxhint] + applicable_files)
+      output = result.stdout
+
+      return :good if output.empty?
+
+      [:bad, output]
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/local_paths_in_gemfile.rb

@@ -0,0 +1,14 @@
+module Overcommit::Hook::PreCommit
+  # Checks for local paths in files and issues a warning
+  class LocalPathsInGemfile < Base
+    def run
+      result = execute(%w[grep -IHnE (\s*path:\s*)|(\s*:path\s*=>)] + applicable_files)
+
+      unless result.stdout.empty?
+        return :warn, "Avoid pointing to local paths in Gemfiles:\n#{result.stdout}"
+      end
+
+      :good
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/merge_conflicts.rb

@@ -0,0 +1,14 @@
+module Overcommit::Hook::PreCommit
+  # Checks for unresolved merge conflicts
+  class MergeConflicts < Base
+    def run
+      result = execute(%w[grep -IHn ^<<<<<<<\s] + applicable_files)
+
+      unless result.stdout.empty?
+        return :bad, "Merge conflict markers detected:\n#{result.stdout}"
+      end
+
+      :good
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/pry_binding.rb

@@ -0,0 +1,14 @@
+module Overcommit::Hook::PreCommit
+  # Adds a check to make sure no `binding.pry`'s have been left in the code
+  class PryBinding < Base
+    def run
+      result = execute(%w[grep -IHnE ^\s*binding\.pry] + applicable_files)
+
+      unless result.stdout.empty?
+        return :bad, "Found a `binding.pry` call left in:\n#{result.stdout}"
+      end
+
+      :good
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/rails_schema_up_to_date.rb

@@ -0,0 +1,38 @@
+module Overcommit::Hook::PreCommit
+  # Check to see whether the schema file is in line with the migrations
+  class RailsSchemaUpToDate < Base
+    def run
+      if migration_files.any? && schema_files.none?
+        return :bad, "It looks like you're adding a migration, but did not update the schema file"
+      elsif migration_files.none? && schema_files.any?
+        return :bad, "You're trying to change the schema without adding a migration file"
+      elsif migration_files.any? && schema_files.any?
+        latest_version = migration_files.map  { |file| file[/\d+/] }.sort.last
+        schema         = schema_files.map     { |file| File.read(file) }.join
+        up_to_date     = schema.include?(latest_version)
+
+        unless up_to_date
+          return :bad, "The latest migration version you're committing is " \
+                       "#{latest_version}, but your schema file " \
+                       "#{schema_files.join(' or ')} is on a different version."
+        end
+      end
+
+      :good
+    end
+
+  private
+
+    def migration_files
+      @migration_files ||= applicable_files.select do |file|
+        file.match %r{db/migrate/.*\.rb}
+      end
+    end
+
+    def schema_files
+      @schema_files    ||= applicable_files.select do |file|
+        file.match %r{db/schema\.rb|db/structure.*\.sql}
+      end
+    end
+  end
+end

data/lib/overcommit/hook/pre_commit/rubocop.rb

@@ -6,7 +6,7 @@ module Overcommit::Hook::PreCommit
         return :warn, 'Rubocop not installed -- run `gem install rubocop`'
       end
 
-      result = execute(%w[rubocop --format=emacs] + applicable_files)
+      result = execute(%w[rubocop --format=emacs --force-exclusion] + applicable_files)
       return :good if result.success?
 
       output = result.stdout + result.stderr

data/lib/overcommit/hook_context/base.rb

@@ -61,7 +61,7 @@ module Overcommit::HookContext
     #
     # By default, this returns an empty set. Subclasses should implement if
     # there is a concept of files changing for the type of hook being run.
-    def modified_lines(file)
+    def modified_lines(_file)
       Set.new
     end
   end

data/lib/overcommit/hook_loader/plugin_hook_loader.rb

@@ -28,7 +28,7 @@ module Overcommit::HookLoader
       return if modified_plugins.empty?
 
       log.bold_warning "The following #{@context.hook_script_name} plugins " \
-                       "have been added, changed, or had their configuration modified:"
+                       'have been added, changed, or had their configuration modified:'
       log.log
 
       modified_plugins.each do |signer|

data/lib/overcommit/hook_signer.rb

@@ -3,6 +3,10 @@ module Overcommit
   class HookSigner
     attr_reader :hook_path, :hook_name
 
+    # We don't want to include the skip setting as it is set by Overcommit
+    # itself
+    IGNORED_CONFIG_KEYS = %w[skip]
+
     # @param hook_path [String] path to the actual hook definition
     # @param config [Overcommit::Configuration]
     # @param context [Overcommit::HookContext]
@@ -42,7 +46,9 @@ module Overcommit
     # This way, if either the plugin code changes or its configuration changes,
     # the hash will change and we can alert the user to this change.
     def signature
-      hook_config = @config.for_hook(@hook_name, @context.hook_class_name)
+      hook_config = @config.for_hook(@hook_name, @context.hook_class_name).
+                            dup.
+                            tap { |config| IGNORED_CONFIG_KEYS.each { |k| config.delete(k) } }
 
       Digest::SHA256.hexdigest(hook_contents + hook_config.to_s)
     end

data/lib/overcommit/user_input.rb

@@ -9,7 +9,7 @@ module Overcommit
     end
 
     # Get a string of input from the user (up to the next newline character).
-    def get(&block)
+    def get
       @io.gets
     end
 
@@ -19,7 +19,7 @@ module Overcommit
     def reopen_tty
       # If the hook isn't interactive, we need to map STDIN to keyboard manually
       STDIN.reopen('/dev/tty') if STDIN.eof?
-    rescue
+    rescue # rubocop:disable HandleExceptions
       # Happens in tests run with no console available
     end
   end

data/lib/overcommit/utils.rb

@@ -72,7 +72,7 @@ module Overcommit
 
       # Calls a block of code with a modified set of environment variables,
       # restoring them once the code has executed.
-      def with_environment(env, &block)
+      def with_environment(env)
         old_env = {}
         env.each do |var, value|
           old_env[var] = ENV[var.to_s]

data/lib/overcommit/version.rb

@@ -1,4 +1,4 @@
 # Defines the gem version.
 module Overcommit
-  VERSION = '0.8.0'
+  VERSION = '0.9.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: overcommit
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Causes Engineering
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-18 00:00:00.000000000 Z
+date: 2014-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: childprocess
@@ -25,6 +25,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -85,22 +99,31 @@ files:
 - lib/overcommit/hook/post_checkout/base.rb
 - lib/overcommit/hook/base.rb
 - lib/overcommit/hook/pre_commit/author_email.rb
+- lib/overcommit/hook/pre_commit/pry_binding.rb
 - lib/overcommit/hook/pre_commit/image_optim.rb
 - lib/overcommit/hook/pre_commit/css_lint.rb
+- lib/overcommit/hook/pre_commit/jsx_hint.rb
+- lib/overcommit/hook/pre_commit/local_paths_in_gemfile.rb
 - lib/overcommit/hook/pre_commit/travis_lint.rb
 - lib/overcommit/hook/pre_commit/bundle_check.rb
 - lib/overcommit/hook/pre_commit/yaml_syntax.rb
+- lib/overcommit/hook/pre_commit/rails_schema_up_to_date.rb
+- lib/overcommit/hook/pre_commit/berksfile_check.rb
+- lib/overcommit/hook/pre_commit/merge_conflicts.rb
 - lib/overcommit/hook/pre_commit/trailing_whitespace.rb
 - lib/overcommit/hook/pre_commit/author_name.rb
 - lib/overcommit/hook/pre_commit/rubocop.rb
 - lib/overcommit/hook/pre_commit/python_flake8.rb
 - lib/overcommit/hook/pre_commit/js_hint.rb
+- lib/overcommit/hook/pre_commit/chamber_security.rb
 - lib/overcommit/hook/pre_commit/hard_tabs.rb
 - lib/overcommit/hook/pre_commit/haml_lint.rb
 - lib/overcommit/hook/pre_commit/coffee_lint.rb
+- lib/overcommit/hook/pre_commit/brakeman.rb
 - lib/overcommit/hook/pre_commit/jscs.rb
 - lib/overcommit/hook/pre_commit/scss_lint.rb
 - lib/overcommit/hook/pre_commit/base.rb
+- lib/overcommit/hook/pre_commit/json_syntax.rb
 - lib/overcommit/hook_signer.rb
 - lib/overcommit/hook_context/pre_commit.rb
 - lib/overcommit/hook_context/commit_msg.rb