rubocop-betterment 1.13.0 → 1.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc4eabc0685d064150b4545175e96ee1c848ad32f53bf35f83b5125a7c309b82
-  data.tar.gz: 258718477b39bb37af975daae5f1d4db1ea7e4adb55d7b8ee6b3757aee5dbfbd
+  metadata.gz: e45880e05081ae8b62a4b1e1fb9778a5580b9b17fe839973f1046242222881e1
+  data.tar.gz: 4212f8e0f60a70d61db53a2f9af447248efc686d593af0145c715a5a831db683
 SHA512:
-  metadata.gz: 692eb066b0e6b45d0c7049f90acc66c600d1a6b24793ba691975112ccd5a7ddcfc01b3674dc180fecf9eb75dd4445c826d30864b4fbea1768e53df1fceb1c2e4
-  data.tar.gz: 7cee25dc098dbabbdac9ae42a10ada567047e211c445cb6ecef7405ae6da89a03927c044f3fb9781a2bb6e48b7fb3fa1f608f820076d4828159477cee8864914
+  metadata.gz: be0a7163ee430bcc93333c227cdbe56180864dbac0f128e0e70fc526a2a82b202d36f8e54fad30d8bdf33c66fc668c9ad207ddc29d1f6eaeea97b35f4a676070
+  data.tar.gz: a4aefcc523eb8c4c63ce31d851e4a47461288a6ee152e9a53572258135778098e55e7b470d1058f2dbd283d4d9c45abcd714717327db5ee1d6114d4f0bfd8d91

data/README.md

@@ -20,13 +20,104 @@ inherit_gem:
     - config/default.yml
 ```
 
-## Custom Cops
-
-All cops are located under [`lib/rubocop/cop/betterment`](lib/rubocop/cop/betterment)
-
 ## Dependencies
 
 This gem depends on the following other gems:
 
 - rubocop
 - rubocop-rspec
+
+## Custom Cops
+
+All cops are located under [`lib/rubocop/cop/betterment`](lib/rubocop/cop/betterment)
+
+### Betterment/AuthorizationInController
+
+This cop looks for unsafe handling of id-like parameters in controllers that may lead to mass assignment style vulnerabilities. It does this by tracking methods that retrieve input from the client and variables that hold onto these values. Any models initialized or updated using these values will then be flagged by the cop. Take this example controller:
+
+```ruby
+class Controller
+  def create_params
+    params.permit(:user_id, :language)
+  end
+
+  def create
+    info = params.permit(:user_id)
+    Model.new(user_id: info[:user_id], language: params[:language])
+    Model.new(user_id: params[:user_id], language: params[:language])
+    Model.new(create_params)
+  end
+end
+```
+
+All three `Model.new` calls may be susceptible to a mass assignment vulnerability. To address these vulnerabilities, some form of authorization will be needed to ensure that the user issuing this request is allowed to create a `Model` that references the specific `user_id`. To get a better understanding of what this cop flags and doesn't flag, take a look at its [spec](spec/rubocop/cop/betterment/authorization_in_controller_spec.rb).
+
+In cases where more fine-grained control over what parameters are considered sensitive is desired, two configuration options can be used: `unsafe_parameters` and `unsafe_regex`. By default this cop will flag unsafe uses of any parameters whose names end in `_id`, but additional parameters can be specified by configuring `unsafe_parameters`. In cases where the default pattern of `.*_id` is insufficient or incorrect, this regex can be swapped out by specifying the `unsafe_regex` configuration option. In total, this cop will flag any parameters whose names are on the `unsafe_parameters` list or matches the `unsafe_regex` pattern.
+
+This is what a full configuration of this cop may look like:
+
+```yaml
+Betterment/AuthorizationInController:
+  # Limit this cop just to controllers
+  Include:
+    - 'app/controllers/**/*.rb'
+  unsafe_parameters:
+    - username
+    - misc_unsafe_parameter
+  unsafe_regex: '.*_id$'
+```
+
+### Betterment/UnscopedFind
+
+This cop flags code that passes user input directly into a `find`-like call that may lead to authorization issues. For example, a controller that uses user input to find a document will need to ensure that the user is authorized to access that document. Take the following sample:
+
+```ruby
+class Controller
+  def index
+    @document = Document.find(params[:document_id])
+  end
+end
+```
+
+In this case, `@document` may not belong to the user and authorization will have to be done somewhere else, potentially introducing a vulnerability. One way to address this violation is to replace the `Document.find(...)` call with a `current_user.documents.find(...)` call. This fails fast when `current_user` is not authorized to access the document, without an extra authorization check that a `Document.find` call would require.
+
+When dealing with models whose data is not ever considered private, it may make sense to add them to the `unauthenticated_models` configuration option. For example, reference data such as `ZipCode` or `Language` may be represented using models, but may not make sense to enforce any form of authentication. Take the sample controller below:
+
+```ruby
+class Controller < UnauthenticatedWebappController
+  def index
+    @language = Language.find(params[:language])
+    @zip = ZipCode.find(params[:zip])
+  end
+end
+```
+
+There is nothing specific to a user or otherwise anything sensitive about `Language` or `ZipCode`. The cop can be configured to treat these models as unauthenticated so that calling `find`-like methods with them will not trigger any violations:
+
+```yaml
+Betterment/UnscopedFind:
+  unauthenticated_models:
+    - Language
+    - ZipCode
+```
+
+### Betterment/DynamicParams
+
+This cop flags code that accesses parameters whose names may be dynamically generated, such as a list of parameters in an a global variable or a return value from a method. In some cases, dynamically accessing parameter names can obscure what the client is expected to send and may make it difficult to reason about the code, both manually and programmatically. For example:
+
+```ruby
+class Controller
+  def create_param_names
+    %i(user_id first_name last_name)
+  end
+
+  def create
+    parameter_name = :user_id
+    params.permit(parameter_name)
+    params.permit(create_params_names)
+    params.permit(%w(blog post comment).flat_map { |p| ["#{p}_name", "#{p}_title"] })
+  end
+end
+```
+
+All three `params.permit` calls will be flagged.

data/STYLEGUIDE.md

@@ -87,4 +87,25 @@ user1 = User.first
 user2 = User.second
 ```
 
-The snake case style is more readable.
+The snake case style is more readable.
+
+## Betterment/ServerErrorAssertion
+
+In RSpec tests, we prevent HTTP response status assertions against server error codes (e.g., 500). While it’s acceptable to
+“under-build” APIs under assumption of controlled and well-behaving clients, these exceptions should be treated as undefined behavior and
+thus do not need request spec coverage. In cases where the server must communicate an expected failure to the client, an appropriate
+semantic status code must be used (e.g., 403, 422, etc.).
+
+### GOOD:
+
+```ruby
+expect(response).to have_http_status :forbidden
+expect(response).to have_http_status 422
+```
+
+### BAD:
+
+```ruby
+expect(response).to have_http_status :internal_server_error
+expect(response).to have_http_status 500
+```

data/config/default.yml

@@ -17,6 +17,15 @@ AllCops:
   DisplayStyleGuide: true
   DisplayCopNames: true
 
+Betterment/ServerErrorAssertion:
+  Description: 'Detects assertions on 5XX HTTP statuses.'
+  Include:
+    - 'spec/requests/**/*_spec.rb'
+
+Betterment/AuthorizationInController:
+  Description: 'Detects unsafe handling of id-like parameters in controllers.'
+  Enabled: false
+
 Betterment/SitePrismLoaded:
   Include:
     - 'spec/features/**/*_spec.rb'

data/lib/rubocop/cop/betterment.rb

@@ -1,6 +1,13 @@
 require 'rubocop'
+require 'rubocop/cop/betterment/utils/parser'
+require 'rubocop/cop/betterment/authorization_in_controller'
+require 'rubocop/cop/betterment/dynamic_params'
+require 'rubocop/cop/betterment/unscoped_find'
 require 'rubocop/cop/betterment/timeout'
 require 'rubocop/cop/betterment/memoization_with_arguments'
 require 'rubocop/cop/betterment/site_prism_loaded'
 require 'rubocop/cop/betterment/spec_helper_required_outside_spec_dir'
 require 'rubocop/cop/betterment/implicit_redirect_type'
+require 'rubocop/cop/betterment/active_job_performable'
+require 'rubocop/cop/betterment/allowlist_blocklist'
+require 'rubocop/cop/betterment/server_error_assertion'

data/lib/rubocop/cop/betterment/active_job_performable.rb

@@ -0,0 +1,40 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class ActiveJobPerformable < Cop
+        MSG = <<-DOC.freeze
+          Classes that are "performable" should be ActiveJobs
+
+          class MyJob < ApplicationJob
+            def perform
+            end
+          end
+
+          You can learn more about ActiveJob here:
+          https://guides.rubyonrails.org/active_job_basics.html
+        DOC
+
+        def_node_matcher :subclasses_application_job?, <<-PATTERN
+          (class (const ...) (const _ :ApplicationJob) ...)
+        PATTERN
+
+        def_node_matcher :is_perform_method?, <<-PATTERN
+          (def :perform ...)
+        PATTERN
+
+        def on_class(node)
+          return unless has_perform_method?(node)
+          return if subclasses_application_job?(node)
+
+          add_offense(node.children.first)
+        end
+
+        private
+
+        def has_perform_method?(node)
+          node.descendants.find(&method(:is_perform_method?))
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/allowlist_blocklist.rb

@@ -0,0 +1,38 @@
+# rubocop:disable Betterment/AllowlistBlocklist
+module RuboCop
+  module Cop
+    module Betterment
+      class AllowlistBlocklist < Cop
+        MSG = <<-DOC.freeze
+          Betterment has moved away from usages of whitelist & blacklist in favor of more inclusive terms.
+          Replace any instances of these terms with more inclusive terms like allowlist, blocklist, denylist,
+          ignorelist, warnlist, safelist, etc. We generally use allowlist and blocklist and prefer consistency where
+          possible, but other terms may be more appropriate depending on your use case.
+
+          This is part of a larger initiative to replace exclusionary / harmful language and anti-bias tools and products.
+        DOC
+
+        def on_class(node)
+          evaluate_node(node)
+        end
+
+        private
+
+        def evaluate_node(node)
+          return unless should_use_allowlist?(node) || should_use_blocklist?(node)
+
+          add_offense(node)
+        end
+
+        def should_use_allowlist?(node)
+          node.to_s.downcase.include?('whitelist')
+        end
+
+        def should_use_blocklist?(node)
+          node.to_s.downcase.include?('blacklist')
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Betterment/AllowlistBlocklist

data/lib/rubocop/cop/betterment/authorization_in_controller.rb

@@ -0,0 +1,216 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class AuthorizationInController < Cop
+        attr_accessor :unsafe_parameters, :unsafe_regex
+
+        # MSG_UNSAFE_CREATE = 'Model created/updated using unsafe parameters'.freeze
+        MSG_UNSAFE_CREATE = <<~MSG.freeze
+          Model created/updated using unsafe parameters.
+          Please query for the associated record in a way that enforces authorization (e.g. "trust-root chaining"),
+          and then pass the resulting object into your model instead of the unsafe parameter.
+
+          INSTEAD OF THIS:
+          post_parameters = params.permit(:album_id, :caption)
+          Post.new(post_parameters)
+
+          DO THIS:
+          album = current_user.albums.find(params[:album_id])
+          post_parameters = params.permit(:caption).merge(album: album)
+          Post.new(post_parameters)
+
+          See here for more information on this error:
+          https://github.com/Betterment/rubocop-betterment/blob/master/README.md#bettermentauthorizationincontroller
+        MSG
+
+        def_node_matcher :model_new?, <<-PATTERN
+          (send (const ... _) {:new :build :create :create! :find_or_create_by :find_or_create_by! :find_or_initialize_by :find_or_initialize_by!} ...)
+        PATTERN
+
+        def_node_matcher :model_update?, <<-PATTERN
+          (send (...) {:assign_attributes :update :update! :find_or_create_by :find_or_create_by! :find_or_initialize_by :find_or_initialize_by! :update_attribute :update_attributes :update_attributes! :update_all :update_column :update_columns} ...)
+        PATTERN
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @unsafe_parameters = config.fetch("unsafe_parameters", []).map(&:to_sym)
+          @unsafe_regex = Regexp.new config.fetch("unsafe_regex", ".*_id$")
+          @wrapper_methods = {}
+          @wrapper_names = []
+        end
+
+        def on_class(node)
+          track_methods(node)
+          track_assignments(node)
+        end
+
+        def on_send(node) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
+          _receiver_node, _method_name, *arg_nodes = *node
+
+          return if !model_new?(node) && !model_update?(node)
+
+          arg_nodes.each do |argument|
+            if argument.send_type?
+              tag_unsafe_param_hash(argument)
+              tag_unsafe_param_permit_wrapper(argument)
+            elsif argument.variable?
+              tag_unsafe_param_permit_wrapper(argument)
+            elsif argument.hash_type?
+              argument.children.each do |pair|
+                next if pair.type != :pair
+
+                _key, value = *pair.children
+                tag_unsafe_param_hash(value)
+                tag_unsafe_param_permit_wrapper(value)
+              end
+            end
+          end
+        end
+
+        private
+
+        def tag_unsafe_param_hash(node)
+          unsafe_param = extract_parameter(node)
+          add_offense(unsafe_param, message: MSG_UNSAFE_CREATE) if unsafe_param
+        end
+
+        def tag_unsafe_param_permit_wrapper(node)
+          return if !node.send_type? && !node.variable?
+          return if node.send_type? && (node.method_name == :[])
+
+          name = Utils::Parser.get_root_token(node)
+          add_offense(node, message: MSG_UNSAFE_CREATE) if @wrapper_names.include?(name)
+        end
+
+        # if a method returns params[...] or params.permit(...) then it will
+        # be tracked; if the method does not explicitly return a params
+        # sourced argument, then it will not be tracked
+        def track_methods(node)
+          methods = get_all_methods(node)
+
+          methods.map do |method|
+            method_returns = Utils::Parser.get_return_values(method)
+
+            unless get_param_wrappers(method_returns).empty?
+              @wrapper_methods[method.method_name] = method
+              @wrapper_names << method.method_name
+            end
+          end
+        end
+
+        # keep track of all assignments that hold parameters
+        def track_assignments(node)
+          get_all_assignments(node).each do |assignment|
+            variable_name, value = *assignment
+
+            # if rhs calls params.permit, eg
+            # - @var = params.permit(...)
+            rhs_wrapper = get_param_wrappers([value])
+            unless rhs_wrapper.empty?
+              @wrapper_methods[variable_name] = rhs_wrapper[0]
+              @wrapper_names << variable_name
+            end
+
+            # if rhs is a call to a parameter wrapper, eg
+            # @var = parameter_wrapper
+            root_token = Utils::Parser.get_root_token(value)
+            if root_token && @wrapper_names.include?(root_token)
+              @wrapper_methods[variable_name] = assignment
+              @wrapper_names << variable_name
+            end
+
+            # if rhs extracts a parameter, eg
+            # @var = params[:user_id]
+            if extract_parameter(value)
+              @wrapper_methods[variable_name] = assignment
+              @wrapper_names << variable_name
+            end
+          end
+        end
+
+        def get_all_assignments(node)
+          return [] unless node.children && node.class_type?
+
+          node.descendants.select do |descendant|
+            _lhs, rhs = *descendant
+            descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
+          end
+        end
+
+        def param_symbol?(name)
+          name == :params
+        end
+
+        def get_all_methods(node)
+          return [] unless node.children && node.class_type?
+
+          node.descendants.select do |descendant|
+            descendant.def_type?
+          end
+        end
+
+        # this finds all calls to any method on a params like object
+        # then walks up to find calls to permit
+        # if the arguments to permit are "suspicious", then we add
+        # the whole method to a list of methods that wrap params.permit
+        def get_param_wrappers(methods) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
+          wrappers = []
+
+          methods.each do |method|
+            return [] unless method.def_type? || method.send_type?
+
+            method.descendants.each do |child|
+              next unless child.send_type?
+              next unless param_symbol?(child.method_name)
+
+              child.ancestors.each do |ancestor|
+                _receiver_node, method_name, *arg_nodes = *ancestor
+                next unless ancestor.send_type?
+                next unless method_name == :permit
+
+                # we're only interested in calls to params.....permit(...)
+                wrappers << method if contains_id_param?(arg_nodes)
+              end
+            end
+          end
+
+          wrappers
+        end
+
+        def sym_or_str?(arg)
+          %i(sym str).include?(arg.type)
+        end
+
+        def array_or_hash?(arg)
+          %i(array hash).include?(arg.type)
+        end
+
+        def contains_id_param?(arg_nodes)
+          arg_nodes.any? do |arg|
+            sym_or_str?(arg) && suspicious_id?(arg.value) ||
+              array_or_hash?(arg) && contains_id_param?(arg.values)
+          end
+        end
+
+        # check a symbol name against the cop's config parameters
+        def suspicious_id?(symbol_name)
+          @unsafe_parameters.include?(symbol_name.to_sym) || @unsafe_regex.match(symbol_name) # symbol_name.to_s.end_with?("_id")
+        end
+
+        def extract_parameter(argument)
+          _receiver_node, method_name, *arg_nodes = *argument
+          return unless argument.send_type? && method_name == :[]
+
+          argument_name = Utils::Parser.get_root_token(argument)
+
+          if param_symbol?(argument_name) || @wrapper_names.include?(argument_name)
+            arg_nodes.find do |arg|
+              sym_or_str?(arg) && suspicious_id?(arg.value)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/dynamic_params.rb

@@ -0,0 +1,36 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class DynamicParams < Cop
+        MSG_DYNAMIC_PARAMS = <<~MSG.freeze
+          Parameter names accessed dynamically, cannot determine safeness. Please inline the keys explicitly when calling `permit` or when accessing `params` like a hash.
+
+          See here for more information on this error:
+          https://github.com/Betterment/rubocop-betterment/blob/master/README.md#bettermentdynamicparams
+        MSG
+
+        def_node_matcher :permit_or_hash?, <<-PATTERN
+          (send (...) {:[] :permit} ...)
+        PATTERN
+
+        def on_send(node)
+          _, _, *arg_nodes = *node
+          return unless permit_or_hash?(node) && Utils::Parser.get_root_token(node) == :params
+
+          dynamic_param = find_dynamic_param(arg_nodes)
+          add_offense(dynamic_param, message: MSG_DYNAMIC_PARAMS) if dynamic_param
+        end
+
+        private
+
+        def find_dynamic_param(arg_nodes)
+          return unless arg_nodes
+
+          arg_nodes.find do |arg|
+            arg.array_type? && find_dynamic_param(arg.values) || !arg.literal? && !arg.const_type?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/implicit_redirect_type.rb

@@ -47,7 +47,7 @@ module RuboCop
           return unless routes_file?
 
           if block_form_with_options(node) { |options| options.none?(&method(:valid_status_option?)) } || block_form_without_options?(node)
-            add_offense(node, message: MSG)
+            add_offense(node)
           end
         end
 
@@ -55,7 +55,7 @@ module RuboCop
           return unless routes_file?
 
           if arg_form_with_options(node) { |options| options.none?(&method(:valid_status_option?)) } || arg_form_without_options?(node)
-            add_offense(node, message: MSG)
+            add_offense(node)
           end
         end
 

data/lib/rubocop/cop/betterment/server_error_assertion.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Betterment
+      # Checks the status passed to have_http_status
+      #
+      # If a number, enforces that it doesn't start with 5. If a symbol or a string, enforces that it's not one of:
+      #
+      # * internal_server_error
+      # * not_implemented
+      # * bad_gateway
+      # * service_unavailable
+      # * gateway_timeout
+      # * http_version_not_supported
+      # * insufficient_storage
+      # * not_extended
+      #
+      # @example
+      #
+      #     # bad
+      #     expect(response).to have_http_status :internal_server_error
+      #
+      #     # bad
+      #     expect(response).to have_http_status 500
+      #
+      #     # good
+      #     expect(response).to have_http_status :forbidden
+      #
+      #     # good
+      #     expect(response).to have_http_status 422
+      class ServerErrorAssertion < Cop
+        MSG = 'Do not assert on 5XX statuses. Use a semantic status (e.g., 403, 422, etc.) or treat them as bugs (omit tests).'
+        BAD_STATUSES = %i(
+          internal_server_error
+          not_implemented
+          bad_gateway
+          service_unavailable
+          gateway_timeout
+          http_version_not_supported
+          insufficient_storage
+          not_extended
+        ).freeze
+
+        def_node_matcher :offensive_node?, <<-PATTERN
+          (send nil? :have_http_status
+            {
+              (int {#{(500..599).map(&:to_s).join(' ')}})
+              (str {#{BAD_STATUSES.map(&:to_s).map(&:inspect).join(' ')}})
+              (sym {#{BAD_STATUSES.map(&:inspect).join(' ')}})
+            }
+          )
+        PATTERN
+
+        def on_send(node)
+          return unless offensive_node?(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb

@@ -21,7 +21,7 @@ module RuboCop
         PATTERN
 
         def on_send(node)
-          add_offense(node, message: MSG) if requires_spec_helper?(node) && !spec_directory?
+          add_offense(node) if requires_spec_helper?(node) && !spec_directory?
         end
 
         private

data/lib/rubocop/cop/betterment/unscoped_find.rb

@@ -0,0 +1,75 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class UnscopedFind < Cop
+        attr_accessor :unauthenticated_models
+
+        MSG = <<~MSG.freeze
+          Records are being retrieved directly using user input.
+          Please query for the associated record in a way that enforces authorization (e.g. "trust-root chaining").
+
+          INSTEAD OF THIS:
+          Post.find(params[:post_id])
+
+          DO THIS:
+          current_user.posts.find(params[:post_id])
+
+          See here for more information on this error:
+          https://github.com/Betterment/rubocop-betterment/blob/master/README.md#bettermentunscopedfind
+        MSG
+        METHOD_PATTERN = /^find_by_(.+?)(!)?$/.freeze
+        FINDS = %i(find find_by find_by! where).freeze
+
+        def_node_matcher :custom_scope_find?, <<-PATTERN
+          (send (send (const ... _) ...) {#{FINDS.map(&:inspect).join(' ')}} ...)
+        PATTERN
+
+        def_node_matcher :find?, <<-PATTERN
+          (send (const ... _) {#{FINDS.map(&:inspect).join(' ')}} ...)
+        PATTERN
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @unauthenticated_models = config.fetch("unauthenticated_models", []).map(&:to_sym)
+        end
+
+        def on_send(node)
+          _, _, *arg_nodes = *node
+          return unless
+            (
+                find?(node) ||
+                custom_scope_find?(node) ||
+                static_method_name(node.method_name)
+            ) && !@unauthenticated_models.include?(Utils::Parser.get_root_token(node))
+
+          add_offense(node) if find_param_arg(arg_nodes)
+        end
+
+        private
+
+        def find_param_arg(arg_nodes)
+          return unless arg_nodes
+
+          arg_nodes.find do |arg|
+            if arg.hash_type?
+              arg.children.each do |pair|
+                _key, value = *pair.children
+                return arg if Utils::Parser.get_root_token(value) == :params
+              end
+            end
+            Utils::Parser.get_root_token(arg) == :params
+          end
+        end
+
+        # yoinked from Rails/DynamicFindBy
+        def static_method_name(method_name)
+          match = METHOD_PATTERN.match(method_name)
+          return nil unless match
+
+          match[2] ? 'find_by!' : 'find_by'
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/utils/parser.rb

@@ -0,0 +1,69 @@
+module RuboCop
+  module Cop
+    module Utils
+      module Parser
+        def self.get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize, Metrics/CyclomaticComplexity
+          return nil unless node
+
+          return get_root_token(node.receiver) if node.receiver
+
+          if node.send_type?
+            name = node.method_name
+          elsif node.variable?
+            name, = *node
+          elsif node.literal?
+            _, name = *node
+          elsif node.const_type?
+            name = node.const_name.to_sym
+          elsif node.sym_type?
+            name = node.value
+          elsif node.variable?
+            name = node.children[0]
+          elsif node.self_type?
+            name = :self
+          elsif node.block_pass_type?
+            name, = *node.children
+          else
+            name = nil
+          end
+
+          name
+        end
+
+        def self.get_return_values(node) # rubocop:disable Metrics/AbcSize
+          return [] unless node
+          return explicit_returns(node) + get_return_values(node.body) if node.def_type?
+          return [node] if node.literal? || node.variable?
+
+          case node.type
+            when :begin
+              get_return_values(node.children.last)
+            when :block
+              get_return_values(node.body)
+            when :if
+              if_rets = get_return_values(node.if_branch)
+              else_rets = get_return_values(node.else_branch)
+              if_rets + else_rets
+            when :case
+              cases = []
+              node.each_when do |block|
+                cases += get_return_values(block.body)
+              end
+
+              cases + get_return_values(node.else_branch)
+            when :send
+              [node]
+            else
+              []
+          end
+        end
+
+        def self.explicit_returns(node)
+          node.descendants.select(&:return_type?).map { |x|
+            x&.children&.first
+          }.compact
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-betterment
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.19.0
 platform: ruby
 authors:
 - Development
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-01 00:00:00.000000000 Z
+date: 2020-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -91,16 +91,23 @@ files:
 - STYLEGUIDE.md
 - config/default.yml
 - lib/rubocop/cop/betterment.rb
+- lib/rubocop/cop/betterment/active_job_performable.rb
+- lib/rubocop/cop/betterment/allowlist_blocklist.rb
+- lib/rubocop/cop/betterment/authorization_in_controller.rb
+- lib/rubocop/cop/betterment/dynamic_params.rb
 - lib/rubocop/cop/betterment/implicit_redirect_type.rb
 - lib/rubocop/cop/betterment/memoization_with_arguments.rb
+- lib/rubocop/cop/betterment/server_error_assertion.rb
 - lib/rubocop/cop/betterment/site_prism_loaded.rb
 - lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb
 - lib/rubocop/cop/betterment/timeout.rb
-homepage: 
+- lib/rubocop/cop/betterment/unscoped_find.rb
+- lib/rubocop/cop/betterment/utils/parser.rb
+homepage:
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -115,8 +122,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Betterment rubocop configuration
 test_files: []