rubocop-betterment 1.19.0 → 2.0.0.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e45880e05081ae8b62a4b1e1fb9778a5580b9b17fe839973f1046242222881e1
-  data.tar.gz: 4212f8e0f60a70d61db53a2f9af447248efc686d593af0145c715a5a831db683
+  metadata.gz: 96a0df612891f48475152a6781a39050feef3610798324133f10c4b24a0824aa
+  data.tar.gz: 44f3e440dfd7630c9c32fb46d081389e6176f282bda8734e5507647e4d452ae9
 SHA512:
-  metadata.gz: be0a7163ee430bcc93333c227cdbe56180864dbac0f128e0e70fc526a2a82b202d36f8e54fad30d8bdf33c66fc668c9ad207ddc29d1f6eaeea97b35f4a676070
-  data.tar.gz: a4aefcc523eb8c4c63ce31d851e4a47461288a6ee152e9a53572258135778098e55e7b470d1058f2dbd283d4d9c45abcd714717327db5ee1d6114d4f0bfd8d91
+  metadata.gz: 268ce6ed38e7a5f13b2f2963d20c468cfbb0e244e7b88c216dce45030fae9959bdde561b85eef4f65601c64957b3e4cc8ee1f6baae4a468b7da35a1f5db7f5ef
+  data.tar.gz: f375ef9abdb496a97a9affaf9a0b34f637d773ef13094740e7a0999de4b3923f7b967bdc0993c10ee848a479f59bb418c1ede958ace15974e3fe33094a718a15

data/README.md

@@ -33,7 +33,7 @@ All cops are located under [`lib/rubocop/cop/betterment`](lib/rubocop/cop/better
 
 ### Betterment/AuthorizationInController
 
-This cop looks for unsafe handling of id-like parameters in controllers that may lead to mass assignment style vulnerabilities. It does this by tracking methods that retrieve input from the client and variables that hold onto these values. Any models initialized or updated using these values will then be flagged by the cop. Take this example controller:
+This cop looks for unsafe handling of id-like parameters in controllers that may lead to [insecure direct object reference vulnerabilities](https://portswigger.net/web-security/access-control/idor). It does this by tracking methods that retrieve input from the client and variables that hold onto these values. Any models initialized or updated using these values will then be flagged by the cop. Take this example controller:
 
 ```ruby
 class Controller
@@ -50,7 +50,7 @@ class Controller
 end
 ```
 
-All three `Model.new` calls may be susceptible to a mass assignment vulnerability. To address these vulnerabilities, some form of authorization will be needed to ensure that the user issuing this request is allowed to create a `Model` that references the specific `user_id`. To get a better understanding of what this cop flags and doesn't flag, take a look at its [spec](spec/rubocop/cop/betterment/authorization_in_controller_spec.rb).
+All three `Model.new` calls may be susceptible to an insecure direct object reference vulnerability. This may end up letting attackers read and write content belonging to other users. To address these vulnerabilities, some form of authorization will be needed to ensure that the user issuing this request is allowed to create a `Model` that references the specific `user_id`. To get a better understanding of what this cop flags and doesn't flag, take a look at its [spec](spec/rubocop/cop/betterment/authorization_in_controller_spec.rb).
 
 In cases where more fine-grained control over what parameters are considered sensitive is desired, two configuration options can be used: `unsafe_parameters` and `unsafe_regex`. By default this cop will flag unsafe uses of any parameters whose names end in `_id`, but additional parameters can be specified by configuring `unsafe_parameters`. In cases where the default pattern of `.*_id` is insufficient or incorrect, this regex can be swapped out by specifying the `unsafe_regex` configuration option. In total, this cop will flag any parameters whose names are on the `unsafe_parameters` list or matches the `unsafe_regex` pattern.
 
@@ -69,7 +69,7 @@ Betterment/AuthorizationInController:
 
 ### Betterment/UnscopedFind
 
-This cop flags code that passes user input directly into a `find`-like call that may lead to authorization issues. For example, a controller that uses user input to find a document will need to ensure that the user is authorized to access that document. Take the following sample:
+This cop flags code that passes user input directly into a `find`-like call that may lead to authorization issues (such as [indirect object reference vulnerabilities](https://portswigger.net/web-security/access-control/idor)). For example, a controller that uses user input to find a document will need to ensure that the user is authorized to access that document. Take the following sample:
 
 ```ruby
 class Controller
@@ -121,3 +121,38 @@ end
 ```
 
 All three `params.permit` calls will be flagged.
+
+### Betterment/UnsafeJob
+
+This cop flags delayed jobs (e.g. ActiveJob, delayed_job) whose classes accept sensitive data via a `perform` or `initialize` method. Jobs are serialized in plaintext, so any sensitive data they accept will be accessible in plaintext to everyone with database access. Instead, consider passing ActiveRecord instances that appropriately handle sensitive data (e.g. encrypted at rest and decrypted when the data is needed) or avoid passing in this data entirely.
+
+```ruby
+class RegistrationJob < ApplicationJob
+  def perform(user:, password:, authorization_token:)
+    # do something to the user with the password and authorization_token
+  end
+end
+```
+
+When a `RegistrationJob` gets queued, this job will get serialized, leaving both `password` and `authorization_token` accessible in plaintext. `Betterment/UnsafeJob` can be configured to flag parameters like these to discourage their use. Some ways to remediate this might be to stop passing in `password`, and to encrypt `authorization_token` and storing it alongside the user object. For example:
+
+```ruby
+class RegistrationJob < ApplicationJob
+  def perform(user:)
+    authorization_token = user.authorization_token.decrypt
+    # do something with the authorization_token
+  end
+end
+```
+
+By default, this job will look at classes whose name ends with `Job` but this can be replaced with any regex. This cop can also be configured to take an arbitrary list of parameter names so that any Job found accepting these parameters will be flagged.
+
+```yaml
+Betterment/UnsafeJob:
+  class_regex: .*Job$
+  sensitive_params:
+    - password
+    - authorization_token
+```
+
+It may make sense to consult your application's values for `Rails.application.config.filter_parameters`; if the application is filtering specific parameters from being logged, it might be a good idea to prevent these values from being stored in plaintext in a database as well.

data/config/default.yml

@@ -2,6 +2,9 @@
 
 require:
   - rubocop/cop/betterment.rb
+  - rubocop-performance
+  - rubocop-rails
+  - rubocop-rake
   - rubocop-rspec
 
 AllCops:
@@ -26,6 +29,13 @@ Betterment/AuthorizationInController:
   Description: 'Detects unsafe handling of id-like parameters in controllers.'
   Enabled: false
 
+Betterment/UnsafeJob:
+  Enabled: false
+  sensitive_params:
+    - password
+    - social_security_number
+    - ssn
+
 Betterment/SitePrismLoaded:
   Include:
     - 'spec/features/**/*_spec.rb'
@@ -34,7 +44,7 @@ Betterment/SitePrismLoaded:
 Capybara/FeatureMethods:
   Enabled: false
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   Enabled: false
 
 Layout/CaseIndentation:
@@ -43,7 +53,7 @@ Layout/CaseIndentation:
 Layout/ClosingParenthesisIndentation:
   Enabled: false
 
-Layout/IndentArray:
+Layout/FirstArrayElementIndentation:
   EnforcedStyle: consistent
 
 Layout/MultilineMethodCallIndentation:
@@ -117,7 +127,7 @@ Naming/HeredocDelimiterNaming:
 Naming/PredicateName:
   NamePrefix:
     - is_
-  NamePrefixBlacklist:
+  ForbiddenPrefixes:
     - is_
 
 Naming/VariableNumber:
@@ -150,9 +160,6 @@ RSpec/ContextWording:
 RSpec/DescribeClass:
   Enabled: false
 
-RSpec/DescribedClass:
-  Enabled: false
-
 RSpec/DescribedClass:
   EnforcedStyle: 'described_class'
 
@@ -201,6 +208,9 @@ RSpec/MessageSpies:
 RSpec/MultipleExpectations:
   Enabled: false
 
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
 RSpec/NamedSubject:
   Enabled: false
 

data/lib/rubocop/cop/betterment.rb

@@ -1,8 +1,10 @@
 require 'rubocop'
 require 'rubocop/cop/betterment/utils/parser'
+require 'rubocop/cop/betterment/utils/method_return_table'
 require 'rubocop/cop/betterment/authorization_in_controller'
 require 'rubocop/cop/betterment/dynamic_params'
 require 'rubocop/cop/betterment/unscoped_find'
+require 'rubocop/cop/betterment/unsafe_job'
 require 'rubocop/cop/betterment/timeout'
 require 'rubocop/cop/betterment/memoization_with_arguments'
 require 'rubocop/cop/betterment/site_prism_loaded'

data/lib/rubocop/cop/betterment/authorization_in_controller.rb

@@ -36,33 +36,31 @@ module RuboCop
           config = @config.for_cop(self)
           @unsafe_parameters = config.fetch("unsafe_parameters", []).map(&:to_sym)
           @unsafe_regex = Regexp.new config.fetch("unsafe_regex", ".*_id$")
-          @wrapper_methods = {}
-          @wrapper_names = []
+          @param_wrappers = []
         end
 
         def on_class(node)
-          track_methods(node)
-          track_assignments(node)
+          Utils::MethodReturnTable.populate_index node
+          Utils::MethodReturnTable.indexed_methods.each do |method_name, method_returns|
+            method_returns.each do |x|
+              name = Utils::Parser.get_root_token(x)
+              @param_wrappers << method_name if name == :params || @param_wrappers.include?(name)
+            end
+          end
         end
 
-        def on_send(node) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
-          _receiver_node, _method_name, *arg_nodes = *node
-
+        def on_send(node) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
           return if !model_new?(node) && !model_update?(node)
 
-          arg_nodes.each do |argument|
-            if argument.send_type?
-              tag_unsafe_param_hash(argument)
-              tag_unsafe_param_permit_wrapper(argument)
-            elsif argument.variable?
-              tag_unsafe_param_permit_wrapper(argument)
+          node.arguments.each do |argument|
+            if argument.send_type? || argument.variable?
+              flag_literal_param_use(argument)
+              flag_indirect_param_use(argument)
             elsif argument.hash_type?
-              argument.children.each do |pair|
-                next if pair.type != :pair
-
+              argument.children.select(&:pair_type?).each do |pair|
                 _key, value = *pair.children
-                tag_unsafe_param_hash(value)
-                tag_unsafe_param_permit_wrapper(value)
+                flag_literal_param_use(value)
+                flag_indirect_param_use(value)
               end
             end
           end
@@ -70,126 +68,73 @@ module RuboCop
 
         private
 
-        def tag_unsafe_param_hash(node)
-          unsafe_param = extract_parameter(node)
-          add_offense(unsafe_param, message: MSG_UNSAFE_CREATE) if unsafe_param
-        end
-
-        def tag_unsafe_param_permit_wrapper(node)
-          return if !node.send_type? && !node.variable?
-          return if node.send_type? && (node.method_name == :[])
-
+        # Flags objects being created/updated with unsafe
+        # params directly from params or through params.permit
+        #
+        # class MyController < ApplicationController
+        #   def create
+        #     Object.create params.permit(:user_id)
+        #     Object.create(user_id: params[:user_id])
+        #   end
+        # end
+        #
+        def flag_literal_param_use(node)
           name = Utils::Parser.get_root_token(node)
-          add_offense(node, message: MSG_UNSAFE_CREATE) if @wrapper_names.include?(name)
-        end
-
-        # if a method returns params[...] or params.permit(...) then it will
-        # be tracked; if the method does not explicitly return a params
-        # sourced argument, then it will not be tracked
-        def track_methods(node)
-          methods = get_all_methods(node)
-
-          methods.map do |method|
-            method_returns = Utils::Parser.get_return_values(method)
-
-            unless get_param_wrappers(method_returns).empty?
-              @wrapper_methods[method.method_name] = method
-              @wrapper_names << method.method_name
-            end
-          end
+          extracted_params = Utils::Parser.get_extracted_parameters(node)
+          add_offense(node, message: MSG_UNSAFE_CREATE) if name == :params && contains_id_parameter?(extracted_params)
         end
 
-        # keep track of all assignments that hold parameters
-        def track_assignments(node)
-          get_all_assignments(node).each do |assignment|
-            variable_name, value = *assignment
-
-            # if rhs calls params.permit, eg
-            # - @var = params.permit(...)
-            rhs_wrapper = get_param_wrappers([value])
-            unless rhs_wrapper.empty?
-              @wrapper_methods[variable_name] = rhs_wrapper[0]
-              @wrapper_names << variable_name
-            end
-
-            # if rhs is a call to a parameter wrapper, eg
-            # @var = parameter_wrapper
-            root_token = Utils::Parser.get_root_token(value)
-            if root_token && @wrapper_names.include?(root_token)
-              @wrapper_methods[variable_name] = assignment
-              @wrapper_names << variable_name
-            end
-
-            # if rhs extracts a parameter, eg
-            # @var = params[:user_id]
-            if extract_parameter(value)
-              @wrapper_methods[variable_name] = assignment
-              @wrapper_names << variable_name
+        # Flags objects being created/updated with unsafe
+        # params indirectly from params or through params.permit
+        def flag_indirect_param_use(node) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
+          name = Utils::Parser.get_root_token(node)
+          # extracted_params contains parameters used like:
+          # def create
+          #   Object.new(user_id: indirect_params[:user_id])
+          # end
+          # def indirect_params
+          #   params.permit(:user_id)
+          # end
+          extracted_params = Utils::Parser.get_extracted_parameters(node, param_aliases: @param_wrappers)
+
+          returns = Utils::MethodReturnTable.get_method(name) || []
+          returns.each do |ret|
+            # # propagated_params contains parameters used like:
+            # def create
+            #   Object.new indirect_params
+            # end
+            # def indirect_params
+            #   params.permit(:user_id)
+            # end
+            propagated_params = Utils::Parser.get_extracted_parameters(ret, param_aliases: @param_wrappers)
+
+            # # internal_params contains parameters used like:
+            # def create
+            #   Object.new(user_id: indirect_params)
+            # end
+            # def indirect_params
+            #   params[:user_id]
+            # end
+            if ret.method?(:[])
+              internal_params = ret.arguments.map(&:value)
+            else
+              internal_returns = Utils::MethodReturnTable.get_method(Utils::Parser.get_root_token(ret)) || []
+              internal_params = internal_returns.flat_map { |x| Utils::Parser.get_extracted_parameters(x, param_aliases: @param_wrappers) }
             end
-          end
-        end
-
-        def get_all_assignments(node)
-          return [] unless node.children && node.class_type?
-
-          node.descendants.select do |descendant|
-            _lhs, rhs = *descendant
-            descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
-          end
-        end
-
-        def param_symbol?(name)
-          name == :params
-        end
-
-        def get_all_methods(node)
-          return [] unless node.children && node.class_type?
-
-          node.descendants.select do |descendant|
-            descendant.def_type?
-          end
-        end
-
-        # this finds all calls to any method on a params like object
-        # then walks up to find calls to permit
-        # if the arguments to permit are "suspicious", then we add
-        # the whole method to a list of methods that wrap params.permit
-        def get_param_wrappers(methods) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
-          wrappers = []
-
-          methods.each do |method|
-            return [] unless method.def_type? || method.send_type?
-
-            method.descendants.each do |child|
-              next unless child.send_type?
-              next unless param_symbol?(child.method_name)
 
-              child.ancestors.each do |ancestor|
-                _receiver_node, method_name, *arg_nodes = *ancestor
-                next unless ancestor.send_type?
-                next unless method_name == :permit
-
-                # we're only interested in calls to params.....permit(...)
-                wrappers << method if contains_id_param?(arg_nodes)
-              end
-            end
+            add_offense(node, message: MSG_UNSAFE_CREATE) if flag_indirect_param_use?(extracted_params, internal_params, propagated_params)
           end
-
-          wrappers
         end
 
-        def sym_or_str?(arg)
-          %i(sym str).include?(arg.type)
-        end
+        def flag_indirect_param_use?(extracted_params, internal_params, propagated_params)
+          return contains_id_parameter?(extracted_params) if extracted_params.any?
 
-        def array_or_hash?(arg)
-          %i(array hash).include?(arg.type)
+          contains_id_parameter?(extracted_params) || contains_id_parameter?(internal_params) || contains_id_parameter?(propagated_params)
         end
 
-        def contains_id_param?(arg_nodes)
-          arg_nodes.any? do |arg|
-            sym_or_str?(arg) && suspicious_id?(arg.value) ||
-              array_or_hash?(arg) && contains_id_param?(arg.values)
+        def contains_id_parameter?(params)
+          params.any? do |arg|
+            suspicious_id?(arg)
           end
         end
 
@@ -197,19 +142,6 @@ module RuboCop
         def suspicious_id?(symbol_name)
           @unsafe_parameters.include?(symbol_name.to_sym) || @unsafe_regex.match(symbol_name) # symbol_name.to_s.end_with?("_id")
         end
-
-        def extract_parameter(argument)
-          _receiver_node, method_name, *arg_nodes = *argument
-          return unless argument.send_type? && method_name == :[]
-
-          argument_name = Utils::Parser.get_root_token(argument)
-
-          if param_symbol?(argument_name) || @wrapper_names.include?(argument_name)
-            arg_nodes.find do |arg|
-              sym_or_str?(arg) && suspicious_id?(arg.value)
-            end
-          end
-        end
       end
     end
   end

data/lib/rubocop/cop/betterment/dynamic_params.rb

@@ -14,7 +14,7 @@ module RuboCop
         PATTERN
 
         def on_send(node)
-          _, _, *arg_nodes = *node
+          _, _, *arg_nodes = *node # rubocop:disable InternalAffairs/NodeDestructuring
           return unless permit_or_hash?(node) && Utils::Parser.get_root_token(node) == :params
 
           dynamic_param = find_dynamic_param(arg_nodes)

data/lib/rubocop/cop/betterment/unsafe_job.rb

@@ -0,0 +1,33 @@
+module RuboCop
+  module Cop
+    module Betterment
+      class UnsafeJob < Cop
+        attr_accessor :sensitive_params, :class_regex
+
+        MSG = <<~MSG.freeze
+          This job takes a parameter that will end up serialized in plaintext. Do not pass sensitive data as bare arguments into jobs.
+
+          See here for more information on this error:
+          https://github.com/Betterment/rubocop-betterment#bettermentunsafejob
+        MSG
+
+        def initialize(config = nil, options = nil)
+          super(config, options)
+          config = @config.for_cop(self)
+          @sensitive_params = config.fetch("sensitive_params", []).map(&:to_sym)
+          @class_regex = Regexp.new config.fetch("class_regex", ".*Job$")
+        end
+
+        def on_def(node)
+          return unless %i(perform initialize).include?(node.method_name)
+          return unless @class_regex.match(node.parent_module_name)
+
+          node.arguments.any? do |argument|
+            name, = *argument
+            add_offense(argument) if @sensitive_params.include?(name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/unscoped_find.rb

@@ -34,8 +34,12 @@ module RuboCop
           @unauthenticated_models = config.fetch("unauthenticated_models", []).map(&:to_sym)
         end
 
+        def on_class(node)
+          Utils::MethodReturnTable.populate_index(node)
+        end
+
         def on_send(node)
-          _, _, *arg_nodes = *node
+          _, _, *arg_nodes = *node # rubocop:disable InternalAffairs/NodeDestructuring
           return unless
             (
                 find?(node) ||
@@ -55,10 +59,18 @@ module RuboCop
             if arg.hash_type?
               arg.children.each do |pair|
                 _key, value = *pair.children
-                return arg if Utils::Parser.get_root_token(value) == :params
+                return arg if uses_params?(value)
               end
             end
-            Utils::Parser.get_root_token(arg) == :params
+
+            uses_params?(arg)
+          end
+        end
+
+        def uses_params?(node)
+          root = Utils::Parser.get_root_token(node)
+          root == :params || Array(Utils::MethodReturnTable.get_method(root)).find do |x|
+            Utils::Parser.get_root_token(x) == :params
           end
         end
 

data/lib/rubocop/cop/betterment/utils/method_return_table.rb

@@ -0,0 +1,48 @@
+module RuboCop
+  module Cop
+    module Utils
+      module MethodReturnTable
+        class << self
+          def populate_index(node)
+            raise "not a class" unless node.class_type?
+
+            get_methods_for_class(node).each do |method|
+              track_method(method.method_name, Utils::Parser.get_return_values(method))
+            end
+
+            node.descendants.each do |descendant|
+              lhs, rhs = *descendant
+              next unless descendant.equals_asgn? && (descendant.type != :casgn) && rhs&.send_type?
+
+              track_method(lhs, [rhs])
+            end
+          end
+
+          def indexed_methods
+            @indexed_methods ||= {}
+          end
+
+          def get_method(method_name)
+            indexed_methods[method_name]
+          end
+
+          def has_method?(method_name)
+            indexed_methods.include?(method_name)
+          end
+
+          private
+
+          def track_method(method_name, returns)
+            indexed_methods[method_name] = returns
+          end
+
+          def get_methods_for_class(node)
+            return [] unless node.children && node.class_type?
+
+            node.descendants.select(&:def_type?)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/betterment/utils/parser.rb

@@ -2,11 +2,12 @@ module RuboCop
   module Cop
     module Utils
       module Parser
-        def self.get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize, Metrics/CyclomaticComplexity
+        def self.get_root_token(node) # rubocop:disable Metrics/PerceivedComplexity, Metrics/AbcSize
           return nil unless node
 
           return get_root_token(node.receiver) if node.receiver
 
+          # rubocop:disable InternalAffairs/NodeDestructuring
           if node.send_type?
             name = node.method_name
           elsif node.variable?
@@ -17,8 +18,6 @@ module RuboCop
             name = node.const_name.to_sym
           elsif node.sym_type?
             name = node.value
-          elsif node.variable?
-            name = node.children[0]
           elsif node.self_type?
             name = :self
           elsif node.block_pass_type?
@@ -26,6 +25,7 @@ module RuboCop
           else
             name = nil
           end
+          # rubocop:enable InternalAffairs/NodeDestructuring
 
           name
         end
@@ -63,6 +63,48 @@ module RuboCop
             x&.children&.first
           }.compact
         end
+
+        def self.params_from_arguments(arguments) # rubocop:disable Metrics/PerceivedComplexity
+          parameter_names = []
+
+          arguments.each do |arg|
+            if arg.hash_type?
+              arg.children.each do |pair|
+                value = pair.value
+                parameter_names << value.value if value.sym_type? || value.str_type?
+              end
+            elsif arg.sym_type? || arg.str_type?
+              parameter_names << arg.value
+            end
+          end
+
+          parameter_names
+        end
+
+        def self.get_extracted_parameters(node, param_aliases: []) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          return [] unless node.send_type?
+
+          parameter_names = []
+          param_aliases << :params
+
+          return node.arguments.map(&:value) if node.method?(:[]) && param_aliases.include?(get_root_token(node))
+
+          children = node.descendants.select do |child|
+            child.send_type? && param_aliases.include?(child.method_name)
+          end
+
+          children.each do |child|
+            ancestors = child.ancestors.select do |ancestor|
+              ancestor.send_type? && ancestor.method?(:permit)
+            end
+
+            ancestors.each do |ancestor|
+              parameter_names += params_from_arguments(ancestor.arguments)
+            end
+          end
+
+          parameter_names.map(&:to_sym)
+        end
       end
     end
   end

metadata

@@ -1,43 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-betterment
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 2.0.0.pre
 platform: ruby
 authors:
 - Development
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-18 00:00:00.000000000 Z
+date: 2021-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 0.61.1
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.61.1
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -101,7 +143,9 @@ files:
 - lib/rubocop/cop/betterment/site_prism_loaded.rb
 - lib/rubocop/cop/betterment/spec_helper_required_outside_spec_dir.rb
 - lib/rubocop/cop/betterment/timeout.rb
+- lib/rubocop/cop/betterment/unsafe_job.rb
 - lib/rubocop/cop/betterment/unscoped_find.rb
+- lib/rubocop/cop/betterment/utils/method_return_table.rb
 - lib/rubocop/cop/betterment/utils/parser.rb
 homepage:
 licenses:
@@ -115,14 +159,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: Betterment rubocop configuration