rubocop-config-captive 1.6.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dc7cafbd64157ecadbe86b5ec9b5c0c1c1947db2f59d8951769d24eeb159f90d
|
|
4
|
+
data.tar.gz: 38307a0c2f1e10efaaa73bc7fdd4645bbccfe9e6e2455071895d7bca2b9ef75a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58ee32d3d141b8a123e50e7b4f0c9ee1d5186108f6d5cc9843633a44c5d79cbaaf32b53349a929e51bc08a341a8b489a76193b3b08dab91306336e10194022be
|
|
7
|
+
data.tar.gz: 5d7d19dee91bbf9d92e393d27148c1f31996f4b13c1a72b7fd385600f934d3421b4441705b3f47b61e54310f16ed1e1cd88db67c34681fe9b641dfc53e04b9c6
|
data/config/default.yml
CHANGED
data/config/rubocop-captive.yml
CHANGED
|
@@ -5,6 +5,7 @@ require:
|
|
|
5
5
|
- ../lib/rubocop/cop/captive/translation/kaminari_i18n_presence.rb
|
|
6
6
|
- ../lib/rubocop/cop/captive/rspec/specify_before_parameter.rb
|
|
7
7
|
- ../lib/rubocop/cop/captive/rails/no_email_from_controller.rb
|
|
8
|
+
- ../lib/rubocop/cop/captive/rails/force_ssl_enabled_in_production.rb
|
|
8
9
|
- ../lib/rubocop/cop/captive/string_where_in_scope.rb
|
|
9
10
|
- ../lib/rubocop/cop/captive/no_app_env.rb
|
|
10
11
|
|
|
@@ -42,6 +43,12 @@ Captive/Rails/NoEmailFromController:
|
|
|
42
43
|
Include:
|
|
43
44
|
- 'app/controllers/**/*'
|
|
44
45
|
|
|
46
|
+
# Rails
|
|
47
|
+
Captive/Rails/ForceSslEnabledInProduction:
|
|
48
|
+
Description: "Ensures SSL is forced in production, so that secure cookies are used."
|
|
49
|
+
Include:
|
|
50
|
+
- 'config/environments/production.rb'
|
|
51
|
+
|
|
45
52
|
# other
|
|
46
53
|
Captive/StringWhereInScope:
|
|
47
54
|
Description: 'The `where` method should be used in a scope in a model.'
|
data/config/rubocop-layout.yml
CHANGED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Captive
|
|
6
|
+
module Rails
|
|
7
|
+
##
|
|
8
|
+
# This cop ensures the config force_ssl is set to true.
|
|
9
|
+
#
|
|
10
|
+
# Pourquoi il faut configurer le `force_ssl` à `true` en production ?
|
|
11
|
+
# 1) Ça redirige les requêtes http → https. C’est une option que permet également le routeur de Scalingo
|
|
12
|
+
# 2) Ça ajoute un flag `Secure` sur les Cookies. S’il n’est pas présent, c’est considéré comme une vulnérabilité car ça peut permettre à un pirate de récupérer le cookie en HTTP et potentiellement voler la session.
|
|
13
|
+
# @see https://www.notion.so/captive/Corriger-la-vuln-rabilit-Insecure-cookie-setting-missing-Secure-flag-7962ae24774d4de39dcda5a80cca4fcf?pvs=26&qid=
|
|
14
|
+
# @see https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag article détaillant la sécurité du cookie
|
|
15
|
+
class ForceSslEnabledInProduction < Base
|
|
16
|
+
extend AutoCorrector
|
|
17
|
+
|
|
18
|
+
MSG = "force_ssl should be enabled in production."
|
|
19
|
+
|
|
20
|
+
def on_send(node)
|
|
21
|
+
if setting_force_ssl_not_true?(node)
|
|
22
|
+
add_offense(node, message: MSG) do |corrector|
|
|
23
|
+
# Replace with 'true' only if the argument is not already 'true'
|
|
24
|
+
unless node.arguments.first.true_type?
|
|
25
|
+
corrector.replace(
|
|
26
|
+
node.arguments.first.source_range,
|
|
27
|
+
"true"
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def on_new_investigation
|
|
35
|
+
processed_source.comments.each do |comment|
|
|
36
|
+
check_comment(comment)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
private
|
|
41
|
+
|
|
42
|
+
def setting_force_ssl_not_true?(node)
|
|
43
|
+
node.method_name == :force_ssl= && !node.arguments.first.true_type?
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def check_comment(comment)
|
|
47
|
+
return unless force_ssl_commented?(comment.text)
|
|
48
|
+
|
|
49
|
+
add_offense(comment.loc.expression, message: MSG) do |corrector|
|
|
50
|
+
corrector.replace(comment.loc.expression, "config.force_ssl = true")
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def force_ssl_commented?(comment_text)
|
|
55
|
+
comment_text.match?(/^\s*#.*config\.force_ssl\s*=\s*true/)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubocop-config-captive
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Captive
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2023-
|
|
13
|
+
date: 2023-11-07 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rubocop
|
|
@@ -169,6 +169,7 @@ files:
|
|
|
169
169
|
- lib/rubocop/captive/version.rb
|
|
170
170
|
- lib/rubocop/cop/captive/active_admin/active_admin_addons_presence.rb
|
|
171
171
|
- lib/rubocop/cop/captive/no_app_env.rb
|
|
172
|
+
- lib/rubocop/cop/captive/rails/force_ssl_enabled_in_production.rb
|
|
172
173
|
- lib/rubocop/cop/captive/rails/no_email_from_controller.rb
|
|
173
174
|
- lib/rubocop/cop/captive/rspec/specify_before_parameter.rb
|
|
174
175
|
- lib/rubocop/cop/captive/string_where_in_scope.rb
|