rbhint 0.8.5.rc1

data/lib/rubocop/cop/security/eval.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of `Kernel#eval` and `Binding#eval`.
+      #
+      # @example
+      #
+      #   # bad
+      #
+      #   eval(something)
+      #   binding.eval(something)
+      class Eval < Cop
+        MSG = 'The use of `eval` is a serious security risk.'
+
+        def_node_matcher :eval?, <<~PATTERN
+          (send {nil? (send nil? :binding)} :eval $!str ...)
+        PATTERN
+
+        def on_send(node)
+          eval?(node) do |code|
+            return if code.dstr_type? && code.recursive_literal?
+
+            add_offense(node, location: :selector)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/json_load.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of JSON class methods which have potential
+      # security issues.
+      #
+      # Autocorrect is disabled by default because it's potentially dangerous.
+      # If using a stream, like `JSON.load(open('file'))`, it will need to call
+      # `#read` manually, like `JSON.parse(open('file').read)`.
+      # If reading single values (rather than proper JSON objects), like
+      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      # option, like `JSON.parse('false', quirks_mode: true)`.
+      # Other similar issues may apply.
+      #
+      # @example
+      #   # bad
+      #   JSON.load("{}")
+      #   JSON.restore("{}")
+      #
+      #   # good
+      #   JSON.parse("{}")
+      #
+      class JSONLoad < Cop
+        MSG = 'Prefer `JSON.parse` over `JSON.%<method>s`.'
+
+        def_node_matcher :json_load, <<~PATTERN
+          (send (const {nil? cbase} :JSON) ${:load :restore} ...)
+        PATTERN
+
+        def on_send(node)
+          json_load(node) do |method|
+            add_offense(node,
+                        location: :selector,
+                        message: format(MSG, method: method))
+          end
+        end
+
+        def autocorrect(node)
+          ->(corrector) { corrector.replace(node.loc.selector, 'parse') }
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/marshal_load.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of Marshal class methods which have
+      # potential security issues leading to remote code execution when
+      # loading from an untrusted source.
+      #
+      # @example
+      #   # bad
+      #   Marshal.load("{}")
+      #   Marshal.restore("{}")
+      #
+      #   # good
+      #   Marshal.dump("{}")
+      #
+      #   # okish - deep copy hack
+      #   Marshal.load(Marshal.dump({}))
+      #
+      class MarshalLoad < Cop
+        MSG = 'Avoid using `Marshal.%<method>s`.'
+
+        def_node_matcher :marshal_load, <<~PATTERN
+          (send (const {nil? cbase} :Marshal) ${:load :restore}
+          !(send (const {nil? cbase} :Marshal) :dump ...))
+        PATTERN
+
+        def on_send(node)
+          marshal_load(node) do |method|
+            add_offense(node,
+                        location: :selector,
+                        message: format(MSG, method: method))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/open.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of `Kernel#open`.
+      #
+      # `Kernel#open` enables not only file access but also process invocation
+      # by prefixing a pipe symbol (e.g., `open("| ls")`). So, it may lead to
+      # a serious security risk by using variable input to the argument of
+      # `Kernel#open`. It would be better to use `File.open`, `IO.popen` or
+      # `URI#open` explicitly.
+      #
+      # @example
+      #   # bad
+      #   open(something)
+      #
+      #   # good
+      #   File.open(something)
+      #   IO.popen(something)
+      #   URI.parse(something).open
+      class Open < Cop
+        MSG = 'The use of `Kernel#open` is a serious security risk.'
+
+        def_node_matcher :open?, <<~PATTERN
+          (send nil? :open $!str ...)
+        PATTERN
+
+        def on_send(node)
+          open?(node) do |code|
+            return if safe?(code)
+
+            add_offense(node, location: :selector)
+          end
+        end
+
+        private
+
+        def safe?(node)
+          if simple_string?(node)
+            safe_argument?(node.str_content)
+          elsif composite_string?(node)
+            safe?(node.children.first)
+          else
+            false
+          end
+        end
+
+        def safe_argument?(argument)
+          !argument.empty? && !argument.start_with?('|')
+        end
+
+        def simple_string?(node)
+          node.str_type?
+        end
+
+        def composite_string?(node)
+          interpolated_string?(node) || concatenated_string?(node)
+        end
+
+        def interpolated_string?(node)
+          node.dstr_type?
+        end
+
+        def concatenated_string?(node)
+          node.send_type? && node.method?(:+) && node.receiver.str_type?
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/yaml_load.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of YAML class methods which have
+      # potential security issues leading to remote code execution when
+      # loading from an untrusted source.
+      #
+      # @example
+      #   # bad
+      #   YAML.load("--- foo")
+      #
+      #   # good
+      #   YAML.safe_load("--- foo")
+      #   YAML.dump("foo")
+      #
+      class YAMLLoad < Cop
+        MSG = 'Prefer using `YAML.safe_load` over `YAML.load`.'
+
+        def_node_matcher :yaml_load, <<~PATTERN
+          (send (const {nil? cbase} :YAML) :load ...)
+        PATTERN
+
+        def on_send(node)
+          yaml_load(node) do
+            add_offense(node, location: :selector)
+          end
+        end
+
+        def autocorrect(node)
+          ->(corrector) { corrector.replace(node.loc.selector, 'safe_load') }
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/severity.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    # Severity class is simple value object about severity
+    class Severity
+      include Comparable
+
+      # @api private
+      NAMES = %i[refactor convention warning error fatal].freeze
+
+      # @api private
+      CODE_TABLE = { R: :refactor, C: :convention,
+                     W: :warning, E: :error, F: :fatal }.freeze
+
+      # @api public
+      #
+      # @!attribute [r] name
+      #
+      # @return [Symbol]
+      #   severity.
+      #   any of `:refactor`, `:convention`, `:warning`, `:error` or `:fatal`.
+      attr_reader :name
+
+      # @api private
+      def self.name_from_code(code)
+        name = code.to_sym
+        CODE_TABLE[name] || name
+      end
+
+      # @api private
+      def initialize(name_or_code)
+        name = Severity.name_from_code(name_or_code)
+        raise ArgumentError, "Unknown severity: #{name}" unless NAMES.include?(name)
+
+        @name = name.freeze
+        freeze
+      end
+
+      # @api private
+      def to_s
+        @name.to_s
+      end
+
+      # @api private
+      def code
+        @name.to_s[0].upcase
+      end
+
+      # @api private
+      def level
+        NAMES.index(name) + 1
+      end
+
+      # @api private
+      def ==(other)
+        @name == if other.is_a?(Symbol)
+                   other
+                 else
+                   other.name
+                 end
+      end
+
+      # @api private
+      def hash
+        @name.hash
+      end
+
+      # @api private
+      def <=>(other)
+        level <=> other.level
+      end
+    end
+  end
+end

data/lib/rubocop/cop/style/access_modifier_declarations.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Style
+      # Access modifiers should be declared to apply to a group of methods
+      # or inline before each method, depending on configuration.
+      # EnforcedStyle config covers only method definitions.
+      # Applications of visibility methods to symbols can be controlled
+      # using AllowModifiersOnSymbols config.
+      #
+      # @example EnforcedStyle: group (default)
+      #   # bad
+      #   class Foo
+      #
+      #     private def bar; end
+      #     private def baz; end
+      #
+      #   end
+      #
+      #   # good
+      #   class Foo
+      #
+      #     private
+      #
+      #     def bar; end
+      #     def baz; end
+      #
+      #   end
+      #
+      # @example EnforcedStyle: inline
+      #   # bad
+      #   class Foo
+      #
+      #     private
+      #
+      #     def bar; end
+      #     def baz; end
+      #
+      #   end
+      #
+      #   # good
+      #   class Foo
+      #
+      #     private def bar; end
+      #     private def baz; end
+      #
+      #   end
+      #
+      # @example AllowModifiersOnSymbols: true
+      #   # good
+      #   class Foo
+      #
+      #     private :bar, :baz
+      #
+      #   end
+      #
+      # @example AllowModifiersOnSymbols: false
+      #   # bad
+      #   class Foo
+      #
+      #     private :bar, :baz
+      #
+      #   end
+      class AccessModifierDeclarations < Cop
+        include ConfigurableEnforcedStyle
+
+        GROUP_STYLE_MESSAGE = [
+          '`%<access_modifier>s` should not be',
+          'inlined in method definitions.'
+        ].join(' ')
+
+        INLINE_STYLE_MESSAGE = [
+          '`%<access_modifier>s` should be',
+          'inlined in method definitions.'
+        ].join(' ')
+
+        def_node_matcher :access_modifier_with_symbol?, <<~PATTERN
+          (send nil? {:private :protected :public} (sym _))
+        PATTERN
+
+        def on_send(node)
+          return unless node.access_modifier?
+          return if node.parent.pair_type?
+          return if cop_config['AllowModifiersOnSymbols'] &&
+                    access_modifier_with_symbol?(node)
+
+          if offense?(node)
+            add_offense(node, location: :selector) do
+              opposite_style_detected
+            end
+          else
+            correct_style_detected
+          end
+        end
+
+        private
+
+        def offense?(node)
+          (group_style? && access_modifier_is_inlined?(node)) ||
+            (inline_style? && access_modifier_is_not_inlined?(node))
+        end
+
+        def group_style?
+          style == :group
+        end
+
+        def inline_style?
+          style == :inline
+        end
+
+        def access_modifier_is_inlined?(node)
+          node.arguments.any?
+        end
+
+        def access_modifier_is_not_inlined?(node)
+          !access_modifier_is_inlined?(node)
+        end
+
+        def message(node)
+          access_modifier = node.loc.selector.source
+
+          if group_style?
+            format(GROUP_STYLE_MESSAGE, access_modifier: access_modifier)
+          elsif inline_style?
+            format(INLINE_STYLE_MESSAGE, access_modifier: access_modifier)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/style/alias.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Style
+      # This cop enforces the use of either `#alias` or `#alias_method`
+      # depending on configuration.
+      # It also flags uses of `alias :symbol` rather than `alias bareword`.
+      #
+      # @example EnforcedStyle: prefer_alias (default)
+      #   # bad
+      #   alias_method :bar, :foo
+      #   alias :bar :foo
+      #
+      #   # good
+      #   alias bar foo
+      #
+      # @example EnforcedStyle: prefer_alias_method
+      #   # bad
+      #   alias :bar :foo
+      #   alias bar foo
+      #
+      #   # good
+      #   alias_method :bar, :foo
+      class Alias < Cop
+        include ConfigurableEnforcedStyle
+
+        MSG_ALIAS = 'Use `alias_method` instead of `alias`.'
+        MSG_ALIAS_METHOD = 'Use `alias` instead of `alias_method` ' \
+                           '%<current>s.'
+        MSG_SYMBOL_ARGS  = 'Use `alias %<prefer>s` instead of ' \
+                           '`alias %<current>s`.'
+
+        def on_send(node)
+          return unless node.command?(:alias_method)
+          return unless style == :prefer_alias && alias_keyword_possible?(node)
+
+          msg = format(MSG_ALIAS_METHOD, current: lexical_scope_type(node))
+          add_offense(node, location: :selector, message: msg)
+        end
+
+        def on_alias(node)
+          return unless alias_method_possible?(node)
+
+          if scope_type(node) == :dynamic || style == :prefer_alias_method
+            add_offense(node, location: :keyword, message: MSG_ALIAS)
+          elsif node.children.none? { |arg| bareword?(arg) }
+            add_offense_for_args(node)
+          end
+        end
+
+        def autocorrect(node)
+          if node.send_type?
+            correct_alias_method_to_alias(node)
+          elsif scope_type(node) == :dynamic || style == :prefer_alias_method
+            correct_alias_to_alias_method(node)
+          else
+            correct_alias_with_symbol_args(node)
+          end
+        end
+
+        private
+
+        def alias_keyword_possible?(node)
+          scope_type(node) != :dynamic && node.arguments.all?(&:sym_type?)
+        end
+
+        def alias_method_possible?(node)
+          scope_type(node) != :instance_eval &&
+            node.children.none?(&:gvar_type?)
+        end
+
+        def add_offense_for_args(node)
+          existing_args  = node.children.map(&:source).join(' ')
+          preferred_args = node.children.map { |a| a.source[1..-1] }.join(' ')
+          arg_ranges     = node.children.map(&:source_range)
+          msg            = format(MSG_SYMBOL_ARGS,
+                                  prefer: preferred_args,
+                                  current: existing_args)
+          add_offense(node, location: arg_ranges.reduce(&:join), message: msg)
+        end
+
+        # In this expression, will `self` be the same as the innermost enclosing
+        # class or module block (:lexical)? Or will it be something else
+        # (:dynamic)? If we're in an instance_eval block, return that.
+        def scope_type(node)
+          while (parent = node.parent)
+            case parent.type
+            when :class, :module
+              return :lexical
+            when :def, :defs
+              return :dynamic
+            when :block
+              return :instance_eval if parent.method?(:instance_eval)
+
+              return :dynamic
+            end
+            node = parent
+          end
+          :lexical
+        end
+
+        def lexical_scope_type(node)
+          node.each_ancestor(:class, :module) do |ancestor|
+            return ancestor.class_type? ? 'in a class body' : 'in a module body'
+          end
+          'at the top level'
+        end
+
+        def bareword?(sym_node)
+          !sym_node.source.start_with?(':')
+        end
+
+        def correct_alias_method_to_alias(send_node)
+          lambda do |corrector|
+            new, old = *send_node.arguments
+            replacement = "alias #{identifier(new)} #{identifier(old)}"
+            corrector.replace(send_node, replacement)
+          end
+        end
+
+        def correct_alias_to_alias_method(node)
+          lambda do |corrector|
+            replacement =
+              'alias_method ' \
+              ":#{identifier(node.new_identifier)}, " \
+              ":#{identifier(node.old_identifier)}"
+            corrector.replace(node, replacement)
+          end
+        end
+
+        def correct_alias_with_symbol_args(node)
+          lambda do |corrector|
+            corrector.replace(node.new_identifier,
+                              node.new_identifier.source[1..-1])
+            corrector.replace(node.old_identifier,
+                              node.old_identifier.source[1..-1])
+          end
+        end
+
+        def_node_matcher :identifier, <<~PATTERN
+          (sym $_)
+        PATTERN
+      end
+    end
+  end
+end