paraxial 1.4.2 → 1.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90acf2bb0c21441d420b6433f1b0d378108d3c4042d6fda40116892877d535bb
-  data.tar.gz: 6edfae3d19b3e713ac41bcccf11c545ca479201f29da1fbe230bac4de8b796e5
+  metadata.gz: 1ead60a9bfb6d11bc119e5ba5287ce722c2e41b4c61865840bd219a3e4fd4be1
+  data.tar.gz: af7a4ec6f5c52fd468a071fbe98edda8db847ca68e7d50a8fdf7343728e67bf5
 SHA512:
-  metadata.gz: 66c9b8fbc397de4bb01c5f0afa46ecf5198e88f171342324211c5e5f1401dc7ee6a3b05b9e4dcb41731113f9985ea0edfc6b4ffc7e156efa8697e1b113b2178c
-  data.tar.gz: e4c82f63baba03fcedd857ac7ac2dd6f16afff05f153982c26f3292077dc0f2879ff1266e46d2a8ad213e380178af521889293ad85cce10062574ec535e7b641
+  metadata.gz: 604c966182e021b459e5e0e5ed9604b310acb3f31ea2cba61229a2d82b5f2f98ef80500763cd9c724a13cc7327050cea5a83857b5e0a71f32a079666dbb8fc76
+  data.tar.gz: b9c0f345377e3493c2bf699b3f640b9fe3b89db5537dc922489dc5a3e8ce225580c7f582fd3ceca8a8d5e37369b20a1af7c0f45b0e481f9e75f8cac5d849ec44

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = '1.4.2'
+  VERSION = '1.4.3'
 end

data/lib/paraxial.rb

@@ -4,6 +4,7 @@ require 'thor'
 require 'paraxial/engine'
 require 'rubocop'
 require_relative 'rubocop/cop/paraxial/csrf'
+require_relative 'rubocop/cop/paraxial/csrf_skip'
 require_relative 'rubocop/cop/paraxial/system'
 require_relative 'rubocop/cop/paraxial/send'
 require_relative 'rubocop/cop/paraxial/constantize'

data/lib/rubocop/cop/paraxial/csrf.rb

@@ -2,21 +2,22 @@ module RuboCop
   module Cop
     module Paraxial
       class CSRF < Base
-        MSG = 'CSRF, no protect_from_forgery in ApplicationController.'
+        include RangeHelp
 
-        def_node_search :protect_from_forgery_call, <<~PATTERN
-          (send nil? :protect_from_forgery ...)
-        PATTERN
+        MSG = "CSRF, action_dispatch.cookies_same_site_protection set to `nil` or `:none`."
 
-        def on_class(node)
-          class_name = node.loc.name.source
+        def on_send(node)
+          return unless node.method_name == :cookies_same_site_protection=
 
-          return unless class_name == 'ApplicationController'
+          argument = node.arguments.first
 
-          protect_from_forgery = protect_from_forgery_call(node).first
-
-          add_offense(node) unless protect_from_forgery
+          if !argument.respond_to?(:value)
+            add_offense(node)
+          elsif argument.value == :none
+            add_offense(node)
+          end
         end
+
       end
     end
   end

data/lib/rubocop/cop/paraxial/csrf_skip.rb

@@ -0,0 +1,28 @@
+module RuboCop
+  module Cop
+    module Paraxial
+      class SkipAuthenticityToken < Base
+
+        MSG = "CSRF, skip_before_action :verify_authenticity_token in controller."
+
+        def on_send(node)
+          # Ensure that the cop only applies to controller files
+          return unless in_controller_file?
+
+          # Check if the node is `skip_before_action :verify_authenticity_token`
+          return unless node.method_name == :skip_before_action
+          return unless node.arguments.any? { |arg| arg.respond_to?(:value) && arg.value == :verify_authenticity_token }
+
+          add_offense(node)
+        end
+
+        private
+
+        def in_controller_file?
+          # Check the current file path to ensure it's a controller file
+          processed_source.file_path.include?('app/controllers')
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.4.3
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-14 00:00:00.000000000 Z
+date: 2025-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -104,6 +104,7 @@ files:
 - lib/paraxial/version.rb
 - lib/rubocop/cop/paraxial/constantize.rb
 - lib/rubocop/cop/paraxial/csrf.rb
+- lib/rubocop/cop/paraxial/csrf_skip.rb
 - lib/rubocop/cop/paraxial/html_safe.rb
 - lib/rubocop/cop/paraxial/raw.rb
 - lib/rubocop/cop/paraxial/send.rb