RubyGems - rubocop-dev_doc - Versions diffs - 0.1.0 → 0.2.0 - Mend

rubocop-dev_doc 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

data/lib/rubocop/cop/dev_doc/style/string_symbol_comparison.rb ADDED Viewed

@@ -0,0 +1,91 @@
+module RuboCop
+  module Cop
+    module DevDoc
+      module Style
+        # Flag direct `==` / `!=` comparisons between a known-string source
+        # and a symbol literal. Such comparisons are silently always false
+        # (`'draft' == :draft` is `false` in Ruby), so they signal that the
+        # caller forgot to convert at the boundary.
+        #
+        # ## Rationale
+        # Strings and symbols are not equal in Ruby, and string-typed values
+        # arrive from boundaries the developer doesn't control: HTTP params,
+        # request headers, ENV. Comparing one of these directly against a
+        # symbol literal is a guaranteed bug. Convert at the boundary instead
+        # — see `best_practices/backend/en/01a_defensive_programming.md` item 7.
+        #
+        #   ❌
+        #   if params[:status] == :draft   # always false
+        #
+        #   ✔ Convert at the boundary, then compare
+        #   @filter_status = params[:status]&.to_sym
+        #   if @filter_status == :draft
+        #
+        # ## Sources detected
+        # - `params[…]`
+        # - `request.headers[…]`
+        # - `ENV[…]`
+        #
+        # ## Limitations
+        # The cop only catches the *direct* comparison form. Once the value
+        # flows into a local or instance variable, type information is lost
+        # and Rubocop cannot trace it back to the original string source.
+        # Those cases are caught by review.
+        #
+        # @example
+        #   # bad
+        #   params[:status] == :draft
+        #   :production == ENV['MODE']
+        #   request.headers['X-Mode'] != :debug
+        #
+        #   # good
+        #   params[:status]&.to_sym == :draft
+        #   ENV['MODE'] == 'production'
+        class StringSymbolComparison < Base
+          MSG = 'Comparing string-typed `%<source>s` to a symbol literal is always false. ' \
+                'Convert at the boundary with `&.to_sym` or compare against a string instead ' \
+                '(see backend/01a_defensive_programming.md item 7).'.freeze
+          RESTRICT_ON_SEND = %i[== !=].freeze
+          def_node_matcher :params_access?, <<~PATTERN
+            (send (send nil? :params) :[] _)
+          PATTERN
+          def_node_matcher :request_headers_access?, <<~PATTERN
+            (send (send _ :headers) :[] _)
+          PATTERN
+          def_node_matcher :env_access?, <<~PATTERN
+            (send (const nil? :ENV) :[] _)
+          PATTERN
+          def on_send(node)
+            lhs = node.receiver
+            rhs = node.first_argument
+            return unless lhs && rhs
+            source_node = pick_string_source(lhs, rhs)
+            return unless source_node
+            add_offense(node, message: format(MSG, source: source_node.source))
+          end
+          private
+          def pick_string_source(left, right)
+            if string_source?(left) && right.sym_type?
+              left
+            elsif string_source?(right) && left.sym_type?
+              right
+            end
+          end
+          def string_source?(node)
+            params_access?(node) || request_headers_access?(node) || env_access?(node)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop-dev_doc.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 require "rubocop"
+require "rubocop-rails"
 require "lint_roller"
 require_relative "rubocop/dev_doc"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-dev_doc
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - dev-doc contributors
@@ -10,65 +10,73 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: lint_roller
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.72'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.72'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop-rails
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.72'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.72'
 - !ruby/object:Gem::Dependency
-  name: lint_roller
+  name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - config/default.yml
 - lib/rubocop-dev_doc.rb
+- lib/rubocop/cop/dev_doc/migration/amount_column_in_cents.rb
+- lib/rubocop/cop/dev_doc/migration/avoid_bypassing_validation.rb
 - lib/rubocop/cop/dev_doc/migration/avoid_column_default.rb
 - lib/rubocop/cop/dev_doc/migration/avoid_json_column.rb
-- lib/rubocop/cop/dev_doc/migration/avoid_update_column.rb
 - lib/rubocop/cop/dev_doc/migration/avoid_vague_column_names.rb
 - lib/rubocop/cop/dev_doc/migration/date_column_naming.rb
+- lib/rubocop/cop/dev_doc/migration/no_create_join_table.rb
 - lib/rubocop/cop/dev_doc/migration/prefer_belongs_to.rb
+- lib/rubocop/cop/dev_doc/migration/require_primary_key.rb
 - lib/rubocop/cop/dev_doc/migration/require_timestamps.rb
+- lib/rubocop/cop/dev_doc/rails/application_record_transaction.rb
+- lib/rubocop/cop/dev_doc/rails/avoid_rails_callbacks.rb
+- lib/rubocop/cop/dev_doc/rails/enum_must_be_symbolized.rb
 - lib/rubocop/cop/dev_doc/rails/no_deliver_later_in_transaction.rb
 - lib/rubocop/cop/dev_doc/rails/no_perform_later_in_model.rb
 - lib/rubocop/cop/dev_doc/route/resources_require_only.rb
 - lib/rubocop/cop/dev_doc/style/avoid_head_response.rb
+- lib/rubocop/cop/dev_doc/style/avoid_options_hash.rb
 - lib/rubocop/cop/dev_doc/style/avoid_send.rb
+- lib/rubocop/cop/dev_doc/style/string_symbol_comparison.rb
 - lib/rubocop/dev_doc.rb
 - lib/rubocop/dev_doc/plugin.rb
 - lib/rubocop/dev_doc/version.rb

data/lib/rubocop/cop/dev_doc/migration/avoid_update_column.rb DELETED Viewed

@@ -1,53 +0,0 @@
-module RuboCop
-  module Cop
-    module DevDoc
-      module Migration
-        # Avoid `update_column`, `update_columns`, and `update_all` in migrations.
-        #
-        # ## Rationale
-        # Avoid bypassing validation unless absolutely necessary. These methods
-        # skip validations and callbacks, which hides data integrity issues
-        # rather than surfacing them.
-        #
-        # Even in migrations, check the code to see if there is any blatant
-        # reason why existing records may be invalid. If there is, fix those
-        # records first rather than bypassing validation.
-        #
-        #   ❌ Bypasses validation — hides data integrity issues
-        #   Faq.where(purpose: nil).update_all(purpose: :intro)
-        #
-        #   ✔️ Runs validation — surfaces problems early
-        #   Faq.where(purpose: nil).find_each do |faq|
-        #     faq.purpose = :intro
-        #     faq.save!
-        #   end
-        #
-        # NOTE: The broader principle ("avoid bypassing validation") also covers
-        # things this cop does not catch, e.g. `save(validate: false)`,
-        # `insert_all`, `upsert_all`, `delete_all`. Apply the same judgement to
-        # those patterns.
-        #
-        # @example
-        #   # bad
-        #   Faq.where(purpose: nil).update_all(purpose: :intro)
-        #
-        #   # bad
-        #   user.update_column(:status, 'active')
-        #
-        #   # good
-        #   Faq.where(purpose: nil).find_each do |faq|
-        #     faq.purpose = :intro
-        #     faq.save!
-        #   end
-        class AvoidUpdateColumn < Base
-          MSG = 'Avoid `%<method>s` in migrations; it bypasses validations. Use `save!` instead.'.freeze
-          RESTRICT_ON_SEND = %i[update_column update_columns update_all].freeze
-          def on_send(node)
-            add_offense(node.loc.selector, message: format(MSG, method: node.method_name))
-          end
-        end
-      end
-    end
-  end
-end