rubocop-betterment 1.15.0 → 2.0.0.pre2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b851af1c0666fffea3f63f36504e7acf1c6d6324e58caba76bcea50ac752f50
-  data.tar.gz: 6dcbd29396beb9c7310f6ff9082ae9494219741fb17b6306ea976747445e337e
+  metadata.gz: 43b05fbd08387b00251df695ed3c9de3bbd38592195ef2dbea370f637ca2acdd
+  data.tar.gz: 55dfe59749ca808f49b442d5a0634b959c0492db4386eccb64f3a0d8fdfbcc82
 SHA512:
-  metadata.gz: 2067d92a8d52c91b76f3f42a470f852567f858ccc34b6ba0d50b0aa2c275ef8ba7b32287bf8592efbea39e18d1a7356ef375e51ffbddd6153d1809173ff5385c
-  data.tar.gz: 8d18894011ce90246f1cdaf5a8c42043df0c6dcd7a92bf9af6407c300c9c01cdd1d2c4ebe941ed26b4eb09500b0abb45f4d59d1286ee1eb622f3a75b2003dff0
+  metadata.gz: cfb9ebd2aa93032848cbf4e27ab8bb3e69c82f2047d788833c76fce9b2f811d184e2d72a6d1186b711de9ae0e3546e6dc0f40870890ccc908ba151ede6c50e9f
+  data.tar.gz: '0294e0f6655280cd462aae9da70e79d830be6879a9b2b5a529d352fba13b9c0d1221ead2c44045bd4a33dfbdc1cea108c3ee5b85d96b314349617249660d8018'

data/README.md

@@ -33,7 +33,7 @@ All cops are located under [`lib/rubocop/cop/betterment`](lib/rubocop/cop/better
 
 ### Betterment/AuthorizationInController
 
-This cop looks for unsafe handling of id-like parameters in controllers that may lead to mass assignment style vulnerabilities. It does this by tracking methods that retrieve input from the client and variables that hold onto these values. Any models initialized or updated using these values will then be flagged by the cop. Take this example controller:
+This cop looks for unsafe handling of id-like parameters in controllers that may lead to [insecure direct object reference vulnerabilities](https://portswigger.net/web-security/access-control/idor). It does this by tracking methods that retrieve input from the client and variables that hold onto these values. Any models initialized or updated using these values will then be flagged by the cop. Take this example controller:
 
 ```ruby
 class Controller
@@ -50,7 +50,7 @@ class Controller
 end
 ```
 
-All three `Model.new` calls may be susceptible to a mass assignment vulnerability. To address these vulnerabilities, some form of authorization will be needed to ensure that the user issuing this request is allowed to create a `Model` that references the specific `user_id`. To get a better understanding of what this cop flags and doesn't flag, take a look at its [spec](spec/rubocop/cop/betterment/authorization_in_controller_spec.rb).
+All three `Model.new` calls may be susceptible to an insecure direct object reference vulnerability. This may end up letting attackers read and write content belonging to other users. To address these vulnerabilities, some form of authorization will be needed to ensure that the user issuing this request is allowed to create a `Model` that references the specific `user_id`. To get a better understanding of what this cop flags and doesn't flag, take a look at its [spec](spec/rubocop/cop/betterment/authorization_in_controller_spec.rb).
 
 In cases where more fine-grained control over what parameters are considered sensitive is desired, two configuration options can be used: `unsafe_parameters` and `unsafe_regex`. By default this cop will flag unsafe uses of any parameters whose names end in `_id`, but additional parameters can be specified by configuring `unsafe_parameters`. In cases where the default pattern of `.*_id` is insufficient or incorrect, this regex can be swapped out by specifying the `unsafe_regex` configuration option. In total, this cop will flag any parameters whose names are on the `unsafe_parameters` list or matches the `unsafe_regex` pattern.
 
@@ -69,7 +69,7 @@ Betterment/AuthorizationInController:
 
 ### Betterment/UnscopedFind
 
-This cop flags code that passes user input directly into a `find`-like call that may lead to authorization issues. For example, a controller that uses user input to find a document will need to ensure that the user is authorized to access that document. Take the following sample:
+This cop flags code that passes user input directly into a `find`-like call that may lead to authorization issues (such as [indirect object reference vulnerabilities](https://portswigger.net/web-security/access-control/idor)). For example, a controller that uses user input to find a document will need to ensure that the user is authorized to access that document. Take the following sample:
 
 ```ruby
 class Controller
@@ -121,3 +121,38 @@ end
 ```
 
 All three `params.permit` calls will be flagged.
+
+### Betterment/UnsafeJob
+
+This cop flags delayed jobs (e.g. ActiveJob, delayed_job) whose classes accept sensitive data via a `perform` or `initialize` method. Jobs are serialized in plaintext, so any sensitive data they accept will be accessible in plaintext to everyone with database access. Instead, consider passing ActiveRecord instances that appropriately handle sensitive data (e.g. encrypted at rest and decrypted when the data is needed) or avoid passing in this data entirely.
+
+```ruby
+class RegistrationJob < ApplicationJob
+  def perform(user:, password:, authorization_token:)
+    # do something to the user with the password and authorization_token
+  end
+end
+```
+
+When a `RegistrationJob` gets queued, this job will get serialized, leaving both `password` and `authorization_token` accessible in plaintext. `Betterment/UnsafeJob` can be configured to flag parameters like these to discourage their use. Some ways to remediate this might be to stop passing in `password`, and to encrypt `authorization_token` and storing it alongside the user object. For example:
+
+```ruby
+class RegistrationJob < ApplicationJob
+  def perform(user:)
+    authorization_token = user.authorization_token.decrypt
+    # do something with the authorization_token
+  end
+end
+```
+
+By default, this job will look at classes whose name ends with `Job` but this can be replaced with any regex. This cop can also be configured to take an arbitrary list of parameter names so that any Job found accepting these parameters will be flagged.
+
+```yaml
+Betterment/UnsafeJob:
+  class_regex: .*Job$
+  sensitive_params:
+    - password
+    - authorization_token
+```
+
+It may make sense to consult your application's values for `Rails.application.config.filter_parameters`; if the application is filtering specific parameters from being logged, it might be a good idea to prevent these values from being stored in plaintext in a database as well.

data/STYLEGUIDE.md

@@ -87,4 +87,25 @@ user1 = User.first
 user2 = User.second
 ```
 
-The snake case style is more readable.
+The snake case style is more readable.
+
+## Betterment/ServerErrorAssertion
+
+In RSpec tests, we prevent HTTP response status assertions against server error codes (e.g., 500). While it’s acceptable to
+“under-build” APIs under assumption of controlled and well-behaving clients, these exceptions should be treated as undefined behavior and
+thus do not need request spec coverage. In cases where the server must communicate an expected failure to the client, an appropriate
+semantic status code must be used (e.g., 403, 422, etc.).
+
+### GOOD:
+
+```ruby
+expect(response).to have_http_status :forbidden
+expect(response).to have_http_status 422
+```
+
+### BAD:
+
+```ruby
+expect(response).to have_http_status :internal_server_error
+expect(response).to have_http_status 500
+```

data/config/default.yml

@@ -2,6 +2,9 @@
 
 require:
   - rubocop/cop/betterment.rb
+  - rubocop-performance
+  - rubocop-rails
+  - rubocop-rake
   - rubocop-rspec
 
 AllCops:
@@ -17,10 +20,22 @@ AllCops:
   DisplayStyleGuide: true
   DisplayCopNames: true
 
+Betterment/ServerErrorAssertion:
+  Description: 'Detects assertions on 5XX HTTP statuses.'
+  Include:
+    - 'spec/requests/**/*_spec.rb'
+
 Betterment/AuthorizationInController:
   Description: 'Detects unsafe handling of id-like parameters in controllers.'
   Enabled: false
 
+Betterment/UnsafeJob:
+  Enabled: false
+  sensitive_params:
+    - password
+    - social_security_number
+    - ssn
+
 Betterment/SitePrismLoaded:
   Include:
     - 'spec/features/**/*_spec.rb'
@@ -29,7 +44,7 @@ Betterment/SitePrismLoaded:
 Capybara/FeatureMethods:
   Enabled: false
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   Enabled: false
 
 Layout/CaseIndentation:
@@ -38,7 +53,7 @@ Layout/CaseIndentation:
 Layout/ClosingParenthesisIndentation:
   Enabled: false
 
-Layout/IndentArray:
+Layout/FirstArrayElementIndentation:
   EnforcedStyle: consistent
 
 Layout/MultilineMethodCallIndentation:
@@ -112,7 +127,7 @@ Naming/HeredocDelimiterNaming:
 Naming/PredicateName:
   NamePrefix:
     - is_
-  NamePrefixBlacklist:
+  ForbiddenPrefixes:
     - is_
 
 Naming/VariableNumber:
@@ -145,9 +160,6 @@ RSpec/ContextWording:
 RSpec/DescribeClass:
   Enabled: false
 
-RSpec/DescribedClass:
-  Enabled: false
-
 RSpec/DescribedClass:
   EnforcedStyle: 'described_class'
 
@@ -196,6 +208,9 @@ RSpec/MessageSpies:
 RSpec/MultipleExpectations:
   Enabled: false
 
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
 RSpec/NamedSubject:
   Enabled: false
 

data/lib/rubocop/cop/betterment.rb

@@ -1,10 +1,15 @@
 require 'rubocop'
+require 'rubocop/cop/betterment/utils/parser'
+require 'rubocop/cop/betterment/utils/method_return_table'
 require 'rubocop/cop/betterment/authorization_in_controller'
 require 'rubocop/cop/betterment/dynamic_params'
 require 'rubocop/cop/betterment/unscoped_find'
+require 'rubocop/cop/betterment/unsafe_job'
 require 'rubocop/cop/betterment/timeout'
 require 'rubocop/cop/betterment/memoization_with_arguments'
 require 'rubocop/cop/betterment/site_prism_loaded'
 require 'rubocop/cop/betterment/spec_helper_required_outside_spec_dir'
 require 'rubocop/cop/betterment/implicit_redirect_type'
 require 'rubocop/cop/betterment/active_job_performable'
+require 'rubocop/cop/betterment/allowlist_blocklist'
+require 'rubocop/cop/betterment/server_error_assertion'

data/lib/rubocop/cop/betterment/allowlist_blocklist.rb

@@ -0,0 +1,38 @@
+# rubocop:disable Betterment/AllowlistBlocklist
+module RuboCop
+  module Cop
+    module Betterment
+      class AllowlistBlocklist < Cop
+        MSG = <<-DOC.freeze
+          Betterment has moved away from usages of whitelist & blacklist in favor of more inclusive terms.
+          Replace any instances of these terms with more inclusive terms like allowlist, blocklist, denylist,
+          ignorelist, warnlist, safelist, etc. We generally use allowlist and blocklist and prefer consistency where
+          possible, but other terms may be more appropriate depending on your use case.
+
+          This is part of a larger initiative to replace exclusionary / harmful language and anti-bias tools and products.
+        DOC
+
+        def on_class(node)
+          evaluate_node(node)
+        end
+
+        private
+
+        def evaluate_node(node)
+          return unless should_use_allowlist?(node) || should_use_blocklist?(node)
+
+          add_offense(node)
+        end
+
+        def should_use_allowlist?(node)
+          node.to_s.downcase.include?('whitelist')
+        end
+
+        def should_use_blocklist?(node)
+          node.to_s.downcase.include?('blacklist')
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Betterment/AllowlistBlocklist

data/lib/rubocop/cop/betterment/authorization_in_controller.rb

@@ -36,33 +36,31 @@ module RuboCop
           config = @config.for_cop(self)
           @unsafe_parameters = config.fetch("unsafe_parameters", []).map(&:to_sym)
           @unsafe_regex = Regexp.new config.fetch("unsafe_regex", ".*_id$")
-          @wrapper_methods = {}
-          @wrapper_names = []
+          @param_wrappers = []
         end
 
         def on_class(node)
-          track_methods(node)
-          track_assignments(node)
+          Utils::MethodReturnTable.populate_index node
+          Utils::MethodReturnTable.indexed_methods.each do |method_name, method_returns|
+            method_returns.each do |x|
+              name = Utils::Parser.get_root_token(x)
+              @param_wrappers << method_name if name == :params || @param_wrappers.include?(name)
+            end
+          end
         end
 
-        def on_send(node) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
-          _receiver_node, _method_name, *arg_nodes = *node
-
+        def on_send(node) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
           return if !model_new?(node) && !model_update?(node)
 
-          arg_nodes.each do |argument|
-            if argument.type == :send
-              tag_unsafe_param_hash(argument)
-              tag_unsafe_param_permit_wrapper(argument)
-            elsif argument.variable?
-              tag_unsafe_param_permit_wrapper(argument)
-            elsif argument.type == :hash
-              argument.children.each do |pair|
-                next if pair.type != :pair
-
+          node.arguments.each do |argument|
+            if argument.send_type? || argument.variable?
+              flag_literal_param_use(argument)
+              flag_indirect_param_use(argument)
+            elsif argument.hash_type?
+              argument.children.select(&:pair_type?).each do |pair|
                 _key, value = *pair.children
-                tag_unsafe_param_hash(value)
-                tag_unsafe_param_permit_wrapper(value)
+                flag_literal_param_use(value)
+                flag_indirect_param_use(value)
               end
             end
           end
@@ -70,190 +68,73 @@ module RuboCop
 
         private
 
-        def tag_unsafe_param_hash(node)
-          unsafe_param = extract_parameter(node)
-          add_offense(unsafe_param, message: MSG_UNSAFE_CREATE) if unsafe_param
-        end
-
-        def tag_unsafe_param_permit_wrapper(node)
-          return if !node.send_type? && !node.variable?
-          return if node.send_type? && (node.method_name == :[])
-
-          name = get_root_token(node)
-          add_offense(node, message: MSG_UNSAFE_CREATE) if @wrapper_names.include?(name)
-        end
-
-        # if a method returns params[...] or params.permit(...) then it will
-        # be tracked; if the method does not explicitly return a params
-        # sourced argument, then it will not be tracked
-        def track_methods(node)
-          methods = get_all_methods(node)
-
-          methods.map do |method|
-            method_returns = get_return_values(method)
-
-            unless get_param_wrappers(method_returns).empty?
-              @wrapper_methods[method.method_name] = method
-              @wrapper_names << method.method_name
-            end
-          end
-        end
-
-        # keep track of all assignments that hold parameters
-        def track_assignments(node)
-          get_all_assignments(node).each do |assignment|
-            variable_name, value = *assignment
-
-            # if rhs calls params.permit, eg
-            # - @var = params.permit(...)
-            rhs_wrapper = get_param_wrappers([value])
-            unless rhs_wrapper.empty?
-              @wrapper_methods[variable_name] = rhs_wrapper[0]
-              @wrapper_names << variable_name
-            end
-
-            # if rhs is a call to a parameter wrapper, eg
-            # @var = parameter_wrapper
-            root_token = get_root_token(value)
-            if root_token && @wrapper_names.include?(root_token)
-              @wrapper_methods[variable_name] = assignment
-              @wrapper_names << variable_name
-            end
-
-            # if rhs extracts a parameter, eg
-            # @var = params[:user_id]
-            if extract_parameter(value)
-              @wrapper_methods[variable_name] = assignment
-              @wrapper_names << variable_name
-            end
-          end
-        end
-
-        def explicit_returns(node)
-          node.descendants.select(&:return_type?).map { |x|
-            x&.children&.first
-          }.compact
-        end
-
-        def get_return_values(node) # rubocop:disable Metrics/AbcSize
-          return [] unless node
-          return explicit_returns(node) + get_return_values(node.body) if node.def_type?
-          return [node] if node.literal? || node.variable?
-
-          case node.type
-            when :begin
-              get_return_values(node.children.last)
-            when :block
-              get_return_values(node.body)
-            when :if
-              if_rets = get_return_values(node.if_branch)
-              else_rets = get_return_values(node.else_branch)
-              if_rets + else_rets
-            when :case
-              cases = []
-              node.each_when do |block|
-                cases += get_return_values(block.body)
-              end
-
-              cases + get_return_values(node.else_branch)
-            when :send
-              [node]
+        # Flags objects being created/updated with unsafe
+        # params directly from params or through params.permit
+        #
+        # class MyController < ApplicationController
+        #   def create
+        #     Object.create params.permit(:user_id)
+        #     Object.create(user_id: params[:user_id])
+        #   end
+        # end
+        #
+        def flag_literal_param_use(node)
+          name = Utils::Parser.get_root_token(node)
+          extracted_params = Utils::Parser.get_extracted_parameters(node)
+          add_offense(node, message: MSG_UNSAFE_CREATE) if name == :params && contains_id_parameter?(extracted_params)
+        end
+
+        # Flags objects being created/updated with unsafe
+        # params indirectly from params or through params.permit
+        def flag_indirect_param_use(node) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
+          name = Utils::Parser.get_root_token(node)
+          # extracted_params contains parameters used like:
+          # def create
+          #   Object.new(user_id: indirect_params[:user_id])
+          # end
+          # def indirect_params
+          #   params.permit(:user_id)
+          # end
+          extracted_params = Utils::Parser.get_extracted_parameters(node, param_aliases: @param_wrappers)
+
+          returns = Utils::MethodReturnTable.get_method(name) || []
+          returns.each do |ret|
+            # # propagated_params contains parameters used like:
+            # def create
+            #   Object.new indirect_params
+            # end
+            # def indirect_params
+            #   params.permit(:user_id)
+            # end
+            propagated_params = Utils::Parser.get_extracted_parameters(ret, param_aliases: @param_wrappers)
+
+            # # internal_params contains parameters used like:
+            # def create
+            #   Object.new(user_id: indirect_params)
+            # end
+            # def indirect_params
+            #   params[:user_id]
+            # end
+            if ret.send_type? && ret.method?(:[])
+              internal_params = ret.arguments.select { |x| x.sym_type? || x.str_type? }.map(&:value)
             else
-              []
-          end
-        end
-
-        def get_all_assignments(node)
-          return [] unless node.children && node.type == :class
-
-          node.descendants.select do |descendant|
-            _lhs, rhs = *descendant
-            descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
-          end
-        end
-
-        def param_symbol?(name)
-          name == :params
-        end
-
-        def get_all_methods(node)
-          return [] unless node.children && node.type == :class
-
-          node.descendants.select do |descendant|
-            descendant.type == :def
-          end
-        end
-
-        # fetches the name of the leftmost ("root") token
-        # @vars.merge(this: that).merge(etc: etc) => @vars
-        # params.permit(:this) => params
-        # params[:field] => params
-        def get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
-          return nil unless node
-
-          return get_root_token(node.receiver) if node.receiver
-
-          if node.send_type?
-            name = node.method_name
-          elsif node.variable?
-            name, = *node
-          elsif node.literal?
-            _, name = *node
-          elsif node.const_type?
-            name = node.const_name
-          elsif node.sym_type?
-            name = node.value
-          elsif node.variable?
-            name = node.children[0]
-          elsif node.parenthesized_call?
-            name = nil
-          else
-            raise "Unknown node type: #{node.type.inspect}"
-          end
-
-          name
-        end
-
-        # this finds all calls to any method on a params like object
-        # then walks up to find calls to permit
-        # if the arguments to permit are "suspicious", then we add
-        # the whole method to a list of methods that wrap params.permit
-        def get_param_wrappers(methods) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
-          wrappers = []
-
-          methods.each do |method|
-            return [] unless method.type == :def || method.type == :send
-
-            method.descendants.each  do |child|
-              next unless child.type == :send
-              next unless param_symbol?(child.method_name)
-
-              child.ancestors.each do |ancestor|
-                _receiver_node, method_name, *arg_nodes = *ancestor
-                next unless ancestor.send_type?
-                next unless method_name == :permit
-
-                # we're only interested in calls to params.....permit(...)
-                wrappers << method if contains_id_param?(arg_nodes)
-              end
+              internal_returns = Utils::MethodReturnTable.get_method(Utils::Parser.get_root_token(ret)) || []
+              internal_params = internal_returns.flat_map { |x| Utils::Parser.get_extracted_parameters(x, param_aliases: @param_wrappers) }
             end
-          end
 
-          wrappers
+            add_offense(node, message: MSG_UNSAFE_CREATE) if flag_indirect_param_use?(extracted_params, internal_params, propagated_params)
+          end
         end
 
-        def sym_or_str?(arg)
-          %i(sym str).include?(arg.type)
-        end
+        def flag_indirect_param_use?(extracted_params, internal_params, propagated_params)
+          return contains_id_parameter?(extracted_params) if extracted_params.any?
 
-        def array_or_hash?(arg)
-          %i(array hash).include?(arg.type)
+          contains_id_parameter?(extracted_params) || contains_id_parameter?(internal_params) || contains_id_parameter?(propagated_params)
         end
 
-        def contains_id_param?(arg_nodes)
-          arg_nodes.any? do |arg|
-            sym_or_str?(arg) && suspicious_id?(arg.value) ||
-              array_or_hash?(arg) && contains_id_param?(arg.values)
+        def contains_id_parameter?(params)
+          params.any? do |arg|
+            suspicious_id?(arg)
           end
         end
 
@@ -261,19 +142,6 @@ module RuboCop
         def suspicious_id?(symbol_name)
           @unsafe_parameters.include?(symbol_name.to_sym) || @unsafe_regex.match(symbol_name) # symbol_name.to_s.end_with?("_id")
         end
-
-        def extract_parameter(argument)
-          _receiver_node, method_name, *arg_nodes = *argument
-          return unless argument.send_type? && method_name == :[]
-
-          argument_name = get_root_token(argument)
-
-          if param_symbol?(argument_name) || @wrapper_names.include?(argument_name)
-            arg_nodes.find do |arg|
-              sym_or_str?(arg) && suspicious_id?(arg.value)
-            end
-          end
-        end
       end
     end
   end

data/lib/rubocop/cop/betterment/dynamic_params.rb

@@ -14,8 +14,8 @@ module RuboCop
         PATTERN
 
         def on_send(node)
-          _, _, *arg_nodes = *node
-          return unless permit_or_hash?(node) && get_root_token(node) == :params
+          _, _, *arg_nodes = *node # rubocop:disable InternalAffairs/NodeDestructuring
+          return unless permit_or_hash?(node) && Utils::Parser.get_root_token(node) == :params
 
           dynamic_param = find_dynamic_param(arg_nodes)
           add_offense(dynamic_param, message: MSG_DYNAMIC_PARAMS) if dynamic_param
@@ -27,35 +27,9 @@ module RuboCop
           return unless arg_nodes
 
           arg_nodes.find do |arg|
-            arg.type == :array && find_dynamic_param(arg.values) || !arg.literal? && !arg.const_type?
+            arg.array_type? && find_dynamic_param(arg.values) || !arg.literal? && !arg.const_type?
           end
         end
-
-        def get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
-          return nil unless node
-
-          return get_root_token(node.receiver) if node.receiver
-
-          if node.send_type?
-            name = node.method_name
-          elsif node.variable?
-            name, = *node
-          elsif node.literal?
-            _, name = *node
-          elsif node.const_type?
-            name = node.const_name
-          elsif node.sym_type?
-            name = node.value
-          elsif node.variable?
-            name = node.children[0]
-          elsif node.parenthesized_call?
-            name = nil
-          else
-            raise "Unknown node type: #{node.type.inspect}"
-          end
-
-          name
-        end
       end
     end
   end

data/lib/rubocop/cop/betterment/implicit_redirect_type.rb

@@ -47,7 +47,7 @@ module RuboCop
           return unless routes_file?
 
           if block_form_with_options(node) { |options| options.none?(&method(:valid_status_option?)) } || block_form_without_options?(node)
-            add_offense(node, message: MSG)
+            add_offense(node)
           end
         end
 
@@ -55,7 +55,7 @@ module RuboCop
           return unless routes_file?
 
           if arg_form_with_options(node) { |options| options.none?(&method(:valid_status_option?)) } || arg_form_without_options?(node)
-            add_offense(node, message: MSG)
+            add_offense(node)
           end
         end
 

data/lib/rubocop/cop/betterment/server_error_assertion.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Betterment
+      # Checks the status passed to have_http_status
+      #
+      # If a number, enforces that it doesn't start with 5. If a symbol or a string, enforces that it's not one of:
+      #
+      # * internal_server_error
+      # * not_implemented
+      # * bad_gateway
+      # * service_unavailable
+      # * gateway_timeout
+      # * http_version_not_supported
+      # * insufficient_storage
+      # * not_extended
+      #
+      # @example
+      #
+      #     # bad
+      #     expect(response).to have_http_status :internal_server_error
+      #
+      #     # bad
+      #     expect(response).to have_http_status 500
+      #
+      #     # good
+      #     expect(response).to have_http_status :forbidden
+      #
+      #     # good
+      #     expect(response).to have_http_status 422
+      class ServerErrorAssertion < Cop
+        MSG = 'Do not assert on 5XX statuses. Use a semantic status (e.g., 403, 422, etc.) or treat them as bugs (omit tests).'
+        BAD_STATUSES = %i(
+          internal_server_error
+          not_implemented
+          bad_gateway
+          service_unavailable
+          gateway_timeout
+          http_version_not_supported
+          insufficient_storage
+          not_extended
+        ).freeze
+
+        def_node_matcher :offensive_node?, <<-PATTERN
+          (send nil? :have_http_status
+            {
+              (int {#{(500..599).map(&:to_s).join(' ')}})
+              (str {#{BAD_STATUSES.map(&:to_s).map(&:inspect).join(' ')}})
+              (sym {#{BAD_STATUSES.map(&:inspect).join(' ')}})
+            }
+          )
+        PATTERN
+
+        def on_send(node)
+          return unless offensive_node?(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb

@@ -21,7 +21,7 @@ module RuboCop
         PATTERN
 
         def on_send(node)
-          add_offense(node, message: MSG) if requires_spec_helper?(node) && !spec_directory?
+          add_offense(node) if requires_spec_helper?(node) && !spec_directory?
         end
 
         private

data/lib/rubocop/cop/betterment/unsafe_job.rb

@@ -0,0 +1,33 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class UnsafeJob < Cop
+        attr_accessor :sensitive_params, :class_regex
+
+        MSG = <<~MSG.freeze
+          This job takes a parameter that will end up serialized in plaintext. Do not pass sensitive data as bare arguments into jobs.
+
+          See here for more information on this error:
+          https://github.com/Betterment/rubocop-betterment#bettermentunsafejob
+        MSG
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @sensitive_params = config.fetch("sensitive_params", []).map(&:to_sym)
+          @class_regex = Regexp.new config.fetch("class_regex", ".*Job$")
+        end
+
+        def on_def(node)
+          return unless %i(perform initialize).include?(node.method_name)
+          return unless @class_regex.match(node.parent_module_name)
+
+          node.arguments.any? do |argument|
+            name, = *argument
+            add_offense(argument) if @sensitive_params.include?(name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/unscoped_find.rb

@@ -31,19 +31,23 @@ module RuboCop
         def initialize(config = nil, options = nil)
           super(config, options)
           config = @config.for_cop(self)
-          @unauthenticated_models = config.fetch("unauthenticated_models", [])
+          @unauthenticated_models = config.fetch("unauthenticated_models", []).map(&:to_sym)
+        end
+
+        def on_class(node)
+          Utils::MethodReturnTable.populate_index(node)
         end
 
         def on_send(node)
-          _, _, *arg_nodes = *node
+          _, _, *arg_nodes = *node # rubocop:disable InternalAffairs/NodeDestructuring
           return unless
             (
                 find?(node) ||
                 custom_scope_find?(node) ||
                 static_method_name(node.method_name)
-            ) && !@unauthenticated_models.include?(get_root_token(node))
+            ) && !@unauthenticated_models.include?(Utils::Parser.get_root_token(node))
 
-          add_offense(node, message: MSG) if find_param_arg(arg_nodes)
+          add_offense(node) if find_param_arg(arg_nodes)
         end
 
         private
@@ -52,13 +56,21 @@ module RuboCop
           return unless arg_nodes
 
           arg_nodes.find do |arg|
-            if arg.type == :hash
+            if arg.hash_type?
               arg.children.each do |pair|
                 _key, value = *pair.children
-                return arg if get_root_token(value) == :params
+                return arg if uses_params?(value)
               end
             end
-            get_root_token(arg) == :params
+
+            uses_params?(arg)
+          end
+        end
+
+        def uses_params?(node)
+          root = Utils::Parser.get_root_token(node)
+          root == :params || Array(Utils::MethodReturnTable.get_method(root)).find do |x|
+            Utils::Parser.get_root_token(x) == :params
           end
         end
 
@@ -69,32 +81,6 @@ module RuboCop
 
           match[2] ? 'find_by!' : 'find_by'
         end
-
-        def get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
-          return nil unless node
-
-          return get_root_token(node.receiver) if node.receiver
-
-          if node.send_type?
-            name = node.method_name
-          elsif node.variable?
-            name, = *node
-          elsif node.literal?
-            _, name = *node
-          elsif node.const_type?
-            name = node.const_name
-          elsif node.sym_type?
-            name = node.value
-          elsif node.variable?
-            name = node.children[0]
-          elsif node.parenthesized_call?
-            name = nil
-          else
-            raise "Unknown node type: #{node.type.inspect}"
-          end
-
-          name
-        end
       end
     end
   end

data/lib/rubocop/cop/betterment/utils/method_return_table.rb

@@ -0,0 +1,48 @@
+module RuboCop
+  module Cop
+    module Utils
+      module MethodReturnTable
+        class << self
+          def populate_index(node)
+            raise "not a class" unless node.class_type?
+
+            get_methods_for_class(node).each do |method|
+              track_method(method.method_name, Utils::Parser.get_return_values(method))
+            end
+
+            node.descendants.each do |descendant|
+              lhs, rhs = *descendant
+              next unless descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
+
+              track_method(lhs, [rhs])
+            end
+          end
+
+          def indexed_methods
+            @indexed_methods ||= {}
+          end
+
+          def get_method(method_name)
+            indexed_methods[method_name]
+          end
+
+          def has_method?(method_name)
+            indexed_methods.include?(method_name)
+          end
+
+          private
+
+          def track_method(method_name, returns)
+            indexed_methods[method_name] = returns
+          end
+
+          def get_methods_for_class(node)
+            return [] unless node.children && node.class_type?
+
+            node.descendants.select(&:def_type?)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/utils/parser.rb

@@ -0,0 +1,115 @@
+module RuboCop
+  module Cop
+    module Utils
+      module Parser
+        def self.get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
+          return nil unless node
+
+          return get_root_token(node.receiver) if node.receiver
+
+          # rubocop:disable InternalAffairs/NodeDestructuring
+          if node.send_type?
+            name = node.method_name
+          elsif node.variable?
+            name, = *node
+          elsif node.literal?
+            _, name = *node
+          elsif node.const_type?
+            name = node.const_name.to_sym
+          elsif node.sym_type?
+            name = node.value
+          elsif node.self_type?
+            name = :self
+          elsif node.block_pass_type?
+            name, = *node.children
+          else
+            name = nil
+          end
+          # rubocop:enable InternalAffairs/NodeDestructuring
+
+          name
+        end
+
+        def self.get_return_values(node) # rubocop:disable Metrics/AbcSize
+          return [] unless node
+          return explicit_returns(node) + get_return_values(node.body) if node.def_type?
+          return [node] if node.literal? || node.variable?
+
+          case node.type
+            when :begin
+              get_return_values(node.children.last)
+            when :block
+              get_return_values(node.body)
+            when :if
+              if_rets = get_return_values(node.if_branch)
+              else_rets = get_return_values(node.else_branch)
+              if_rets + else_rets
+            when :case
+              cases = []
+              node.each_when do |block|
+                cases += get_return_values(block.body)
+              end
+
+              cases + get_return_values(node.else_branch)
+            when :send
+              [node]
+            else
+              []
+          end
+        end
+
+        def self.explicit_returns(node)
+          node.descendants.select(&:return_type?).map { |x|
+            x&.children&.first
+          }.compact
+        end
+
+        def self.params_from_arguments(arguments) # rubocop:disable Metrics/PerceivedComplexity
+          parameter_names = []
+
+          arguments.each do |arg|
+            if arg.hash_type?
+              arg.children.each do |pair|
+                value = pair.value
+                parameter_names << value.value if value.sym_type? || value.str_type?
+              end
+            elsif arg.sym_type? || arg.str_type?
+              parameter_names << arg.value
+            end
+          end
+
+          parameter_names
+        end
+
+        def self.get_extracted_parameters(node, param_aliases: []) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          return [] unless node.send_type?
+
+          parameter_names = []
+          param_aliases << :params
+
+          if node.method?(:[]) && param_aliases.include?(get_root_token(node))
+            return node.arguments.select { |x|
+                     x.sym_type? || x.str_type?
+                   }.map(&:value)
+          end
+
+          children = node.descendants.select do |child|
+            child.send_type? && param_aliases.include?(child.method_name)
+          end
+
+          children.each do |child|
+            ancestors = child.ancestors.select do |ancestor|
+              ancestor.send_type? && ancestor.method?(:permit)
+            end
+
+            ancestors.each do |ancestor|
+              parameter_names += params_from_arguments(ancestor.arguments)
+            end
+          end
+
+          parameter_names.map(&:to_sym)
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,43 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-betterment
 version: !ruby/object:Gem::Version
-  version: 1.15.0
+  version: 2.0.0.pre2
 platform: ruby
 authors:
 - Development
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-06 00:00:00.000000000 Z
+date: 2021-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 0.61.1
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.61.1
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -92,19 +134,24 @@ files:
 - config/default.yml
 - lib/rubocop/cop/betterment.rb
 - lib/rubocop/cop/betterment/active_job_performable.rb
+- lib/rubocop/cop/betterment/allowlist_blocklist.rb
 - lib/rubocop/cop/betterment/authorization_in_controller.rb
 - lib/rubocop/cop/betterment/dynamic_params.rb
 - lib/rubocop/cop/betterment/implicit_redirect_type.rb
 - lib/rubocop/cop/betterment/memoization_with_arguments.rb
+- lib/rubocop/cop/betterment/server_error_assertion.rb
 - lib/rubocop/cop/betterment/site_prism_loaded.rb
 - lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb
 - lib/rubocop/cop/betterment/timeout.rb
+- lib/rubocop/cop/betterment/unsafe_job.rb
 - lib/rubocop/cop/betterment/unscoped_find.rb
-homepage: 
+- lib/rubocop/cop/betterment/utils/method_return_table.rb
+- lib/rubocop/cop/betterment/utils/parser.rb
+homepage:
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -112,15 +159,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.1.3
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Betterment rubocop configuration
 test_files: []