rubocop-config-captive 1.7.0 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f1d61dafacd0ed80612f8c8de5d490c45993c62c710ce0738c0581dfc59651b
-  data.tar.gz: 3b3d699014fae2e060b399bf8446da4add05e02dbd35f7d26ff8a392c667617d
+  metadata.gz: 39dbb9aa92c28b0b4fdc2261998070f806320408ccb3c22db2ae1fcfb5d3397a
+  data.tar.gz: 4b57010fca3ff9afa6cd45b9e0b77f53ddae1cf6c2bd529b6351bf8662bdd544
 SHA512:
-  metadata.gz: 2cdef15db8aa0798729695f2c413c0f55169387d2e97e4236cc6dd93e505b5671156049c4de6247cbb28c9b356a1e54d7ece3301d6d71020e75c275dfb674343
-  data.tar.gz: 77aa0ae5f2454b877e826dd59e94ba35a8968c638c1eda04230b10edb2b47d1377756524c1e15f3ac4fd64521059ab2c88fd22b959006380ce7df57712512a6c
+  metadata.gz: e272228a09888fea439fda8016db538fad6ac7741158685509a8c07ee231466369eb37157218bb3afe18cd99f1caa0c9032a18b19160899acc4d47d3e7910297
+  data.tar.gz: ce886fac54be48d39466999a0552f43be31d60860f95440bf6265999a448150812537c67f02dc6b9001d941bdc013b07bcf6e7da2da46f55072edf01e95bcc06

data/config/default.yml

@@ -45,6 +45,7 @@ inherit_from:
   - './rubocop-gemspec.yml'
   - './rubocop-layout.yml'
   - './rubocop-lint.yml'
+  - './rubocop-magic_numbers.yml'
   - './rubocop-metrics.yml'
   - './rubocop-naming.yml'
   - './rubocop-performance.yml'

data/config/rubocop-captive.yml

@@ -5,6 +5,7 @@ require:
   - ../lib/rubocop/cop/captive/translation/kaminari_i18n_presence.rb
   - ../lib/rubocop/cop/captive/rspec/specify_before_parameter.rb
   - ../lib/rubocop/cop/captive/rails/no_email_from_controller.rb
+  - ../lib/rubocop/cop/captive/rails/force_ssl_enabled_in_production.rb
   - ../lib/rubocop/cop/captive/string_where_in_scope.rb
   - ../lib/rubocop/cop/captive/no_app_env.rb
 
@@ -42,6 +43,12 @@ Captive/Rails/NoEmailFromController:
   Include:
     - 'app/controllers/**/*'
 
+# Rails
+Captive/Rails/ForceSslEnabledInProduction:
+  Description: "Ensures SSL is forced in production, so that secure cookies are used."
+  Include:
+    - 'config/environments/production.rb'
+
 # other
 Captive/StringWhereInScope:
   Description: 'The `where` method should be used in a scope in a model.'

data/config/rubocop-magic_numbers.yml

@@ -0,0 +1,25 @@
+require:
+  - rubocop-magic_numbers
+
+MagicNumbers/NoArgument:
+  Enabled: true
+  PermittedValues:
+    - 0
+  Exclude:
+    - spec/**/*_spec.rb
+
+# Cette règle empeche de pouvoir faire des variables d'instances qui servent de compteur
+MagicNumbers/NoAssignment:
+  Enabled: false
+  Exclude:
+    - spec/**/*_spec.rb
+
+MagicNumbers/NoDefault:
+  Enabled: true
+  Exclude:
+    - spec/**/*_spec.rb
+
+MagicNumbers/NoReturn:
+  Enabled: true
+  Exclude:
+    - spec/**/*_spec.rb

data/lib/rubocop/captive/version.rb

@@ -3,6 +3,6 @@
 module RuboCop
   module Captive
     # Version information for the the Airbnb RuboCop plugin.
-    VERSION = "1.7.0"
+    VERSION = "1.9.0"
   end
 end

data/lib/rubocop/cop/captive/rails/force_ssl_enabled_in_production.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Captive
+      module Rails
+        ##
+        # This cop ensures the config force_ssl is set to true.
+        #
+        # Pourquoi il faut configurer le `force_ssl` à `true` en production ?
+        # 1) Ça redirige les requêtes http → https. C’est une option que permet également le routeur de Scalingo
+        # 2) Ça ajoute un flag `Secure` sur les Cookies. S’il n’est pas présent, c’est considéré comme une vulnérabilité car ça peut permettre à un pirate de récupérer le cookie en HTTP et potentiellement voler la session.
+        # @see https://www.notion.so/captive/Corriger-la-vuln-rabilit-Insecure-cookie-setting-missing-Secure-flag-7962ae24774d4de39dcda5a80cca4fcf?pvs=26&qid=
+        # @see https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag article détaillant la sécurité du cookie
+        class ForceSslEnabledInProduction < Base
+          extend AutoCorrector
+
+          MSG = "force_ssl should be enabled in production."
+
+          def on_send(node)
+            if setting_force_ssl_not_true?(node)
+              add_offense(node, message: MSG) do |corrector|
+                # Replace with 'true' only if the argument is not already 'true'
+                unless node.arguments.first.true_type?
+                  corrector.replace(
+                    node.arguments.first.source_range,
+                    "true"
+                  )
+                end
+              end
+            end
+          end
+
+          def on_new_investigation
+            processed_source.comments.each do |comment|
+              check_comment(comment)
+            end
+          end
+
+          private
+
+          def setting_force_ssl_not_true?(node)
+            node.method_name == :force_ssl= && !node.arguments.first.true_type?
+          end
+
+          def check_comment(comment)
+            return unless force_ssl_commented?(comment.text)
+
+            add_offense(comment.loc.expression, message: MSG) do |corrector|
+              corrector.replace(comment.loc.expression, "config.force_ssl = true")
+            end
+          end
+
+          def force_ssl_commented?(comment_text)
+            comment_text.match?(/^\s*#.*config\.force_ssl\s*=\s*true/)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/captive/rspec/specify_before_parameter.rb

@@ -52,8 +52,9 @@ module RuboCop
           private
 
           def add_parameter(node)
+            magic_number = 6
             source = node.loc.expression.source
-            source.insert(source.index("before") + 6, "(:each)")
+            source.insert(source.index("before") + magic_number, "(:each)")
           end
         end
       end

data/rubocop-config-captive.gemspec

@@ -32,6 +32,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency("rubocop-rspec", "~> 2.22.0")
   gem.add_dependency("rubocop-capybara", "~> 2.18.0")
   gem.add_dependency("rubocop-factory_bot", "~> 2.23.1")
+  gem.add_dependency("rubocop-magic_numbers", "~> 0.4.0")
   gem.add_development_dependency("rspec", "~> 3.12")
   # gem.metadata['rubygems_mfa_required'] = 'true'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-config-captive
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.9.0
 platform: ruby
 authors:
 - Captive
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-24 00:00:00.000000000 Z
+date: 2023-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -110,6 +110,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.23.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-magic_numbers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -155,6 +169,7 @@ files:
 - config/rubocop-gemspec.yml
 - config/rubocop-layout.yml
 - config/rubocop-lint.yml
+- config/rubocop-magic_numbers.yml
 - config/rubocop-metrics.yml
 - config/rubocop-naming.yml
 - config/rubocop-performance.yml
@@ -169,6 +184,7 @@ files:
 - lib/rubocop/captive/version.rb
 - lib/rubocop/cop/captive/active_admin/active_admin_addons_presence.rb
 - lib/rubocop/cop/captive/no_app_env.rb
+- lib/rubocop/cop/captive/rails/force_ssl_enabled_in_production.rb
 - lib/rubocop/cop/captive/rails/no_email_from_controller.rb
 - lib/rubocop/cop/captive/rspec/specify_before_parameter.rb
 - lib/rubocop/cop/captive/string_where_in_scope.rb