rubocop-airbnb 6.0.0 → 7.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -1
  3. data/config/rubocop-style.yml +2 -2
  4. data/lib/rubocop/airbnb/version.rb +1 -1
  5. data/lib/rubocop/cop/airbnb/default_scope.rb +2 -1
  6. data/lib/rubocop/cop/airbnb/factory_class_use_string.rb +2 -1
  7. data/lib/rubocop/cop/airbnb/mass_assignment_accessible_modifier.rb +1 -3
  8. data/lib/rubocop/cop/airbnb/no_timeout.rb +6 -1
  9. data/lib/rubocop/cop/airbnb/phrase_bundle_keys.rb +2 -5
  10. data/lib/rubocop/cop/airbnb/risky_activerecord_invocation.rb +10 -17
  11. data/lib/rubocop/cop/airbnb/rspec_environment_modification.rb +1 -0
  12. data/lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb +12 -13
  13. data/rubocop-airbnb.gemspec +5 -5
  14. data/spec/rubocop/cop/airbnb/no_timeout_spec.rb +11 -0
  15. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: badf32420d149c7d0f156905b025e12753c8d2138feca349ce157dd8f52acbb3
4
- data.tar.gz: 7da82ffbd161c9e168091daeb0c9c0571c7a72eb33b635646f68ddeacf10a2e4
3
+ metadata.gz: ccce4935f81b65b3ebbdcdf3f5d4b8ab5638185d94f6df4f26cb02bbb8055916
4
+ data.tar.gz: e9b7b767b4443f4d608a446a1a8043770bb9fd388561b8f99991616747f0b634
5
5
  SHA512:
6
- metadata.gz: d7eb9157f6279bc33ab656247532e9332160c3a2934c00bbace9684e23397e17300d1346bb874dae2bed24c599aa3685a30166da9735f7adf5529c55122dcc4d
7
- data.tar.gz: d975235537cee012fa313562ee517ca34b7143d37ff975dbd3e0ccc4ffb9a3794982ab2871fe477fdedf2ef62ac0cf061e5383d0cdea7dafdbfbdd33144d3772
6
+ metadata.gz: 39764ecfbf6ff6445b6e2db7e8146192bb0f0a42af6f3974e605e604a923747daeee0dda494af367ad4f361a59c25edf2f8967e18853d3a6fb62b73508861bc9
7
+ data.tar.gz: ce99699300c02cafb988fd73bc54503838f254448f53771948e49977cfc2f84552240bf54b19808a88d33f91334456ff2bd8f654505daf45bd2c80b4f8da3262
data/CHANGELOG.md CHANGED
@@ -1,7 +1,12 @@
1
+ # 7.0.0
2
+ * Add support for Ruby 3.3
3
+ * Drop support for Ruby 2.6
4
+ * Update rubocop to ~> 1.61
5
+
1
6
  # 6.0.0
2
7
  * Recover code analysis using `TargetRubyVersion` from Ruby 2.0 to 2.4
3
8
  * Drop support for Ruby 2.5
4
- * Update rubocop to 1.32.0
9
+ * Update rubocop to ~> 1.32.0
5
10
 
6
11
  # 5.0.0
7
12
  * Add support for Ruby 3.1
data/config/rubocop-style.yml CHANGED
@@ -116,7 +116,7 @@ Style/BlockDelimiters:
116
116
  - let!
117
117
  - subject
118
118
  - watch
119
- IgnoredMethods:
119
+ AllowedMethods:
120
120
  # Methods that can be either procedural or functional and cannot be
121
121
  # categorised from their usage alone, e.g.
122
122
  #
@@ -889,7 +889,7 @@ Style/SymbolLiteral:
889
889
  Style/SymbolProc:
890
890
  Description: Use symbols as procs instead of blocks when possible.
891
891
  Enabled: false
892
- IgnoredMethods:
892
+ AllowedMethods:
893
893
  - respond_to
894
894
 
895
895
  Style/TernaryParentheses:
data/lib/rubocop/airbnb/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module RuboCop
4
4
  module Airbnb
5
5
  # Version information for the the Airbnb RuboCop plugin.
6
- VERSION = '6.0.0'
6
+ VERSION = '7.0.0'
7
7
  end
8
8
  end
data/lib/rubocop/cop/airbnb/default_scope.rb CHANGED
@@ -8,9 +8,10 @@ module RuboCop
8
8
  'refactor data access patterns since the scope becomes part '\
9
9
  'of every query unless explicitly excluded, even when it is '\
10
10
  'unnecessary or incidental to the desired logic.'.freeze
11
+ RESTRICT_ON_SEND = %i(default_scope).freeze
11
12
 
12
13
  def on_send(node)
13
- return unless node.command?(:default_scope)
14
+ return if node.receiver
14
15
 
15
16
  add_offense(node)
16
17
  end
data/lib/rubocop/cop/airbnb/factory_class_use_string.rb CHANGED
@@ -6,9 +6,10 @@ module RuboCop
6
6
  class FactoryClassUseString < Base
7
7
  MSG = 'Instead of :class => MyClass, use :class => "MyClass". ' \
8
8
  "This enables faster spec startup time and faster Zeus reload time.".freeze
9
+ RESTRICT_ON_SEND = %i(factory).freeze
9
10
 
10
11
  def on_send(node)
11
- return unless node.command?(:factory)
12
+ return if node.receiver
12
13
 
13
14
  class_pair = class_node(node)
14
15
 
data/lib/rubocop/cop/airbnb/mass_assignment_accessible_modifier.rb CHANGED
@@ -5,11 +5,9 @@ module RuboCop
5
5
  # mass assignment. It's a lazy, potentially dangerous approach that should be discouraged.
6
6
  class MassAssignmentAccessibleModifier < Base
7
7
  MSG = 'Do no override and objects mass assignment restrictions.'.freeze
8
+ RESTRICT_ON_SEND = %i(accessible=).freeze
8
9
 
9
10
  def on_send(node)
10
- _receiver, method_name, *_args = *node
11
-
12
- return unless method_name == :accessible=
13
11
  add_offense(node, message: MSG)
14
12
  end
15
13
  end
data/lib/rubocop/cop/airbnb/no_timeout.rb CHANGED
@@ -8,9 +8,14 @@ module RuboCop
8
8
  'It can also cause logic errors since it can raise in ' \
9
9
  'any callee scope. Use client library timeouts and monitoring to ' \
10
10
  'ensure proper timing behavior for web requests.'.freeze
11
+ RESTRICT_ON_SEND = %i(timeout).freeze
12
+
13
+ def_node_matcher :timeout_const?, <<~PATTERN
14
+ (const {cbase nil?} :Timeout)
15
+ PATTERN
11
16
 
12
17
  def on_send(node)
13
- return unless node.source.start_with?('Timeout.timeout')
18
+ return unless timeout_const?(node.receiver)
14
19
  add_offense(node, message: MSG)
15
20
  end
16
21
  end
data/lib/rubocop/cop/airbnb/phrase_bundle_keys.rb CHANGED
@@ -27,10 +27,11 @@ module RuboCop
27
27
  class PhraseBundleKeys < Base
28
28
  MESSAGE =
29
29
  'Phrase bundle keys should match their translation keys.'.freeze
30
+ RESTRICT_ON_SEND = %i(t).freeze
30
31
 
31
32
  def on_send(node)
32
33
  parent = node.parent
33
- if t_call?(node) && in_phrase_bundle_class?(node) && parent.pair_type?
34
+ if in_phrase_bundle_class?(node) && parent.pair_type?
34
35
  hash_key = parent.children[0]
35
36
  unless hash_key.children[0] == node.children[2].children[0]
36
37
  add_offense(hash_key, message: MESSAGE)
@@ -57,10 +58,6 @@ module RuboCop
57
58
  e.children[1] == :PhraseBundle
58
59
  end
59
60
  end
60
-
61
- def t_call?(node)
62
- node.children[1] == :t
63
- end
64
61
  end
65
62
  end
66
63
  end
data/lib/rubocop/cop/airbnb/risky_activerecord_invocation.rb CHANGED
@@ -3,7 +3,14 @@ module RuboCop
3
3
  module Airbnb
4
4
  # Disallow ActiveRecord calls that pass interpolated or added strings as an argument.
5
5
  class RiskyActiverecordInvocation < Base
6
- VULNERABLE_AR_METHODS = [
6
+ MSG = 'Passing a string computed by interpolation or addition to an ActiveRecord ' \
7
+ 'method is likely to lead to SQL injection. Use hash or parameterized syntax. For ' \
8
+ 'more information, see ' \
9
+ 'http://guides.rubyonrails.org/security.html#sql-injection-countermeasures and ' \
10
+ 'https://rails-sqli.org/rails3. If you have confirmed with Security that this is a ' \
11
+ 'safe usage of this style, disable this alert with ' \
12
+ '`# rubocop:disable Airbnb/RiskyActiverecordInvocation`.'.freeze
13
+ RESTRICT_ON_SEND = [
7
14
  :delete_all,
8
15
  :destroy_all,
9
16
  :exists?,
@@ -22,29 +29,15 @@ module RuboCop
22
29
  :update_all,
23
30
  :where,
24
31
  ].freeze
25
- MSG = 'Passing a string computed by interpolation or addition to an ActiveRecord ' \
26
- 'method is likely to lead to SQL injection. Use hash or parameterized syntax. For ' \
27
- 'more information, see ' \
28
- 'http://guides.rubyonrails.org/security.html#sql-injection-countermeasures and ' \
29
- 'https://rails-sqli.org/rails3. If you have confirmed with Security that this is a ' \
30
- 'safe usage of this style, disable this alert with ' \
31
- '`# rubocop:disable Airbnb/RiskyActiverecordInvocation`.'.freeze
32
32
  def on_send(node)
33
- receiver, method_name, *_args = *node
34
-
35
- return if receiver.nil?
36
- return unless vulnerable_ar_method?(method_name)
37
- if !includes_interpolation?(_args) && !includes_sum?(_args)
33
+ return if node.receiver.nil?
34
+ if !includes_interpolation?(node.arguments) && !includes_sum?(node.arguments)
38
35
  return
39
36
  end
40
37
 
41
38
  add_offense(node)
42
39
  end
43
40
 
44
- def vulnerable_ar_method?(method)
45
- VULNERABLE_AR_METHODS.include?(method)
46
- end
47
-
48
41
  # Return true if the first arg is a :dstr that has non-:str components
49
42
  def includes_interpolation?(args)
50
43
  !args.first.nil? &&
data/lib/rubocop/cop/airbnb/rspec_environment_modification.rb CHANGED
@@ -40,6 +40,7 @@ module RuboCop
40
40
  def_node_matcher :rails_env_assignment, '(send (const nil? :Rails) :env= ...)'
41
41
 
42
42
  MESSAGE = "Do not stub or set Rails.env in specs. Use the `stub_env` method instead".freeze
43
+ RESTRICT_ON_SEND = %i(to stub env=).freeze
43
44
 
44
45
  def on_send(node)
45
46
  path = node.source_range.source_buffer.name
data/lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb CHANGED
@@ -6,35 +6,34 @@ module RuboCop
6
6
  MSG = 'Using unsafe YAML parsing methods on untrusted input can lead ' \
7
7
  'to remote code execution. Use `safe_load`, `parse`, `parse_file`, or ' \
8
8
  '`parse_stream` instead'.freeze
9
+ RESTRICT_ON_SEND = %i(load load_documents load_file load_stream).freeze
9
10
 
10
11
  def on_send(node)
11
- receiver, method_name, *_args = *node
12
+ return if node.receiver.nil?
13
+ return unless node.receiver.const_type?
12
14
 
13
- return if receiver.nil?
14
- return unless receiver.const_type?
15
-
16
- check_yaml(node, receiver, method_name, *_args)
17
- check_marshal(node, receiver, method_name, *_args)
15
+ check_yaml(node)
16
+ check_marshal(node)
18
17
  rescue => e
19
18
  puts e
20
19
  puts e.backtrace
21
20
  raise
22
21
  end
23
22
 
24
- def check_yaml(node, receiver, method_name, *_args)
25
- return unless ['YAML', 'Psych'].include?(receiver.const_name)
26
- return unless [:load, :load_documents, :load_file, :load_stream].include?(method_name)
23
+ def check_yaml(node)
24
+ const_name = node.receiver.const_name
25
+ return unless ['YAML', 'Psych'].include?(const_name)
27
26
 
28
- message = "Using `#{receiver.const_name}.#{method_name}` on untrusted input can lead " \
27
+ message = "Using `#{const_name}.#{node.method_name}` on untrusted input can lead " \
29
28
  "to remote code execution. Use `safe_load`, `parse`, `parse_file`, or " \
30
29
  "`parse_stream` instead"
31
30
 
32
31
  add_offense(node, message: message)
33
32
  end
34
33
 
35
- def check_marshal(node, receiver, method_name, *_args)
36
- return unless receiver.const_name == 'Marshal'
37
- return unless method_name == :load
34
+ def check_marshal(node)
35
+ return unless node.receiver.const_name == 'Marshal'
36
+ return unless node.method?(:load)
38
37
 
39
38
  message = 'Using `Marshal.load` on untrusted input can lead to remote code execution. ' \
40
39
  'Restructure your code to not use Marshal'
data/rubocop-airbnb.gemspec CHANGED
@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
15
15
  spec.license = 'MIT'
16
16
  spec.version = RuboCop::Airbnb::VERSION
17
17
  spec.platform = Gem::Platform::RUBY
18
- spec.required_ruby_version = '>= 2.5'
18
+ spec.required_ruby_version = '>= 2.7'
19
19
 
20
20
  spec.require_paths = ['lib']
21
21
  spec.files = Dir[
@@ -25,9 +25,9 @@ Gem::Specification.new do |spec|
25
25
  'Gemfile',
26
26
  ]
27
27
 
28
- spec.add_dependency('rubocop', '~> 1.32.0')
29
- spec.add_dependency('rubocop-performance', '~> 1.10.2')
30
- spec.add_dependency('rubocop-rails', '~> 2.9.1')
31
- spec.add_dependency('rubocop-rspec', '~> 2.0.0')
28
+ spec.add_dependency('rubocop', '~> 1.61')
29
+ spec.add_dependency('rubocop-performance', '~> 1.20')
30
+ spec.add_dependency('rubocop-rails', '~> 2.24')
31
+ spec.add_dependency('rubocop-rspec', '~> 2.26')
32
32
  spec.add_development_dependency('rspec', '~> 3.5')
33
33
  end
data/spec/rubocop/cop/airbnb/no_timeout_spec.rb CHANGED
@@ -11,6 +11,17 @@ describe RuboCop::Cop::Airbnb::NoTimeout, :config do
11
11
  RUBY
12
12
  end
13
13
 
14
+ it 'rejects ::Timeout.timeout' do
15
+ expect_offense(<<~RUBY)
16
+ def some_method(a)
17
+ ::Timeout.timeout(5) do
18
+ ^^^^^^^^^^^^^^^^^^^^ Do not use Timeout.timeout. [...]
19
+ some_other_method(a)
20
+ end
21
+ end
22
+ RUBY
23
+ end
24
+
14
25
  it 'accepts foo.timeout' do
15
26
  expect_no_offenses(<<~RUBY)
16
27
  def some_method(a)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubocop-airbnb
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.0
4
+ version: 7.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Airbnb Engineering
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-02-28 00:00:00.000000000 Z
11
+ date: 2024-07-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rubocop
@@ -16,56 +16,56 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.32.0
19
+ version: '1.61'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.32.0
26
+ version: '1.61'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubocop-performance
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.10.2
33
+ version: '1.20'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.10.2
40
+ version: '1.20'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rubocop-rails
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 2.9.1
47
+ version: '2.24'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 2.9.1
54
+ version: '2.24'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rubocop-rspec
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 2.0.0
61
+ version: '2.26'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 2.0.0
68
+ version: '2.26'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rspec
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -163,7 +163,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - ">="
165
165
  - !ruby/object:Gem::Version
166
- version: '2.5'
166
+ version: '2.7'
167
167
  required_rubygems_version: !ruby/object:Gem::Requirement
168
168
  requirements:
169
169
  - - ">="