rubocop-eightyfourcodes 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f3bdcf879f5dbd72c539cfb616e85279915721d3520667359a6613c8183425c5
+  data.tar.gz: 8052007c2529fef3406fa5a0b3560720ff373030ef1ddbd12b85c96b62e0eac1
+SHA512:
+  metadata.gz: 329bf23841b2ba450a8fa291fda6ec57bc709f47036e8cb528f6fec1abca6155febc27417fab729acbe6aed0f64456484ed8d2938795d23d71062703ffe3ba50
+  data.tar.gz: a8bd924b5f4e3dfe379d4ee2651ae156dd7c30654c4293de210b6973e03132449d414d45a8948fcd431d2b225844bea177d908fb16985cf019155a673d8e73ed

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+# Changelog
+
+## 0.0.1 (2019-09-11)
+
+- Forked from gitlab-security
+- Added `CommandLiteralInjection`: Passing user input to `` and %x without sanitization and parameterization can result in command injection)

data/CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# Contributing
+
+<https://docs.rubocop.org/en/latest/contributing/>

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gemspec
+
+group :development, :test do
+  gem 'pry'
+  gem 'rspec', '~> 3.6.0'
+  gem 'rubocop-rspec', '~> 1.21.0'
+end

data/LICENSE.md

@@ -0,0 +1,19 @@
+Copyright (c) 2019 eightyfourcodes AB
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+This is a collection of cops developed and used by 84codes AB
+This code is based heavily upon the [rubocop-gitlab-security](https://gitlab.com/gitlab-org/rubocop-gitlab-security)
+code released under the MIT License.
+
+## Installation
+
+Just install the `rubocop-eightyfourcodes` gem
+
+```bash
+gem install rubocop-eightyfourcodes
+```
+
+or if you use bundler put this in your `Gemfile`
+
+```yaml
+gem 'rubocop-eightyfourcodes'
+```
+
+## Usage
+
+You need to tell RuboCop to load the eightyfourcodes extension. There are three
+ways to do this:
+
+### RuboCop configuration file
+
+Put this into your `.rubocop.yml`.
+
+```yaml
+require: rubocop-eightyfourcodes
+```
+
+Now you can run `rubocop` and it will automatically load the RuboCop eightyfourcodes
+cops together with the standard cops.
+
+### Command line
+
+```bash
+rubocop --require rubocop-eightyfourcodes
+```
+
+### Rake task
+
+```ruby
+RuboCop::RakeTask.new do |task|
+  task.requires << 'rubocop-eightyfourcodes'
+end
+```
+
+## Inspecting specific files
+
+By default, `rubocop-eightyfourcodes` inspects all files. You can override this setting in your config file by specifying one or more patterns:
+
+```yaml
+# Inspect all files
+AllCops:
+  EightyFourCodes:
+    Patterns:
+    - '.+'
+```
+
+```yaml
+# Inspect only controller files.
+AllCops:
+  EightyFourCodes:
+    Patterns:
+    - app/controllers/**/*.rb
+```
+
+## The Cops
+
+All cops are located under
+[`lib/rubocop/cop/eightyfourcodes`](lib/rubocop/cop/eightyfourcodes), and contain
+examples/documentation.
+
+In your `.rubocop.yml`, you may treat the eightyfourcodes cops just like any other
+cop. For example:
+
+```yaml
+EightyFourCodes/CommandLiteralInjection:
+  Exclude:
+    - 'spec/**/*'
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Merge Request
+
+## License
+
+`rubocop-eightyfourcodes` is MIT licensed. [See the accompanying file](LICENSE.md) for
+the full text.

data/config/default.yml

@@ -0,0 +1,9 @@
+---
+AllCops:
+  EightyFourCodes:
+    Patterns:
+      - ".+"
+
+EightyFourCodes/CommandLiteralInjection:
+  Description: Check for Command Injection in `` and %x
+  Enabled: true

data/lib/rubocop/cop/eightyfourcodes/command_literal_injection.rb

@@ -0,0 +1,37 @@
+module RuboCop
+  module Cop
+    module EightyFourCodes
+      # Check for use of `/bin/ls #{params[:file]}` and %x(/bin/ls #{params[:file]})
+      #
+      # Passing user input to `` and %x without sanitization and parameterization can result in command injection
+      #
+      # @example
+      #
+      #   # bad
+      #   %x(/bin/ls #{filename})
+      #
+      #   # good (parameters)
+      #   system("/bin/ls", filename)
+      #   # even better
+      #   exec("/bin/ls", shell_escape(filename))
+      #
+      class CommandLiteralInjection < RuboCop::Cop::Cop
+        MSG = 'Do not include variables command literals. Use parameters "system(cmd, params)" or exec() instead'.freeze
+
+        def_node_matcher :literal_var?, <<-PATTERN
+          (begin ...)
+        PATTERN
+
+        def on_xstr(node)
+          check_for_interpolation(node)
+        end
+
+        def check_for_interpolation(node)
+          return if node.children.none? { |n| literal_var?(n) }
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/eightyfourcodes/cop.rb

@@ -0,0 +1,70 @@
+module RuboCop
+  module Cop # rubocop:disable Style/Documentation
+    WorkaroundCop84 = Cop.dup
+
+    # Clone of the the normal RuboCop::Cop::Cop class so we can rewrite
+    # the inherited method without breaking functionality
+    class WorkaroundCop84
+      # Overwrite the cop inherited method to be a noop. Our RSpec::Cop
+      # class will invoke the inherited hook instead
+      def self.inherited(*); end
+
+      # Special case `Module#<` so that the rspec support rubocop exports
+      # is compatible with our subclass
+      def self.<(other)
+        other.equal?(RuboCop::Cop::Cop) || super
+      end
+    end
+    private_constant(:WorkaroundCop84)
+
+    module EightyFourCodes
+      # @abstract parent class to rspec cops
+      #
+      # The criteria for whether rubocop-rspec analyzes a certain ruby file
+      # is configured via `AllCops/RSpec`. For example, if you want to
+      # customize your project to scan all files within a `test/` directory
+      # then you could add this to your configuration:
+      #
+      # @example configuring analyzed paths
+      #
+      #   AllCops:
+      #     RSpec:
+      #       Patterns:
+      #       - '_test.rb$'
+      #       - '(?:^|/)test/'
+      class Cop < WorkaroundCop84
+        include RuboCop::EightyFourCodes::Language
+        include RuboCop::EightyFourCodes::Language::NodePattern
+
+        DEFAULT_CONFIGURATION =
+          RuboCop::EightyFourCodes::CONFIG.fetch('AllCops').fetch('EightyFourCodes')
+
+        # Invoke the original inherited hook so our cops are recognized
+        def self.inherited(subclass)
+          RuboCop::Cop::Cop.inherited(subclass)
+        end
+
+        def relevant_file?(file)
+          relevant_rubocop_rspec_file?(file) && super
+        end
+
+        private
+
+        def relevant_rubocop_rspec_file?(file)
+          rspec_pattern =~ file
+        end
+
+        def rspec_pattern
+          Regexp.union(rspec_pattern_config.map(&Regexp.public_method(:new)))
+        end
+
+        def rspec_pattern_config
+          config
+            .for_all_cops
+            .fetch('EightyFourCodes', DEFAULT_CONFIGURATION)
+            .fetch('Patterns')
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/concept.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Wrapper for RSpec DSL methods
+    class Concept
+      include Language
+      include Language::NodePattern
+      extend NodePattern::Macros
+
+      def initialize(node)
+        @node = node
+      end
+
+      def eql?(other)
+        node == other.node
+      end
+
+      alias == eql?
+
+      def hash
+        [self.class, node].hash
+      end
+
+      def to_node
+        node
+      end
+
+      protected
+
+      attr_reader :node
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/config_formatter.rb

@@ -0,0 +1,33 @@
+require 'yaml'
+
+module RuboCop
+  module EightyFourCodes
+    # Builds a YAML config file from two config hashes
+    class ConfigFormatter
+      NAMESPACES = /^(#{Regexp.union('eightyfourcodes')})/
+
+      def initialize(config, descriptions)
+        @config       = config
+        @descriptions = descriptions
+      end
+
+      def dump
+        YAML.dump(unified_config).gsub(NAMESPACES, "\n\\1")
+      end
+
+      private
+
+      def unified_config
+        cops.each_with_object(config.dup) do |cop, unified|
+          unified[cop] = config.fetch(cop).merge(descriptions.fetch(cop))
+        end
+      end
+
+      def cops
+        (descriptions.keys | config.keys).grep(NAMESPACES)
+      end
+
+      attr_reader :config, :descriptions
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/description_extractor.rb

@@ -0,0 +1,72 @@
+module RuboCop
+  module EightyFourCodes
+    # Extracts cop descriptions from YARD docstrings
+    class DescriptionExtractor
+      def initialize(yardocs)
+        @code_objects = yardocs.map(&CodeObject.public_method(:new))
+      end
+
+      def to_h
+        code_objects
+          .select(&:rspec_cop?)
+          .map(&:configuration)
+          .reduce(:merge)
+      end
+
+      private
+
+      attr_reader :code_objects
+
+      # Decorator of a YARD code object for working with documented rspec cops
+      class CodeObject
+        RSPEC_NAMESPACE = 'RuboCop::Cop::eightyfourcodes'.freeze
+
+        def initialize(yardoc)
+          @yardoc = yardoc
+        end
+
+        # Test if the YARD code object documents a concrete rspec cop class
+        #
+        # @return [Boolean]
+        def rspec_cop?
+          class_documentation? && rspec_cop_namespace? && !abstract?
+        end
+
+        # Configuration for the documented cop that would live in default.yml
+        #
+        # @return [Hash]
+        def configuration
+          { cop_name => { 'Description' => description } }
+        end
+
+        private
+
+        def cop_name
+          Object.const_get(documented_constant).cop_name
+        end
+
+        def description
+          yardoc.docstring.split("\n\n").first.to_s
+        end
+
+        def class_documentation?
+          yardoc.type.equal?(:class)
+        end
+
+        def rspec_cop_namespace?
+          documented_constant.start_with?(RSPEC_NAMESPACE)
+        end
+
+        def documented_constant
+          yardoc.to_s
+        end
+
+        def abstract?
+          yardoc.tags.any? { |tag| tag.tag_name.eql?('abstract') }
+        end
+
+        attr_reader :yardoc
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/example.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Wrapper for RSpec examples
+    class Example < Concept
+      def_node_matcher :extract_doc_string,     '(send _ _ $str ...)'
+      def_node_matcher :extract_metadata,       '(send _ _ _ $...)'
+      def_node_matcher :extract_implementation, '(block send args $_)'
+
+      def doc_string
+        extract_doc_string(definition)
+      end
+
+      def metadata
+        extract_metadata(definition)
+      end
+
+      def implementation
+        extract_implementation(node)
+      end
+
+      def definition
+        if node.send_type?
+          node
+        else
+          node.children.first
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/example_group.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Wrapper for RSpec example groups
+    class ExampleGroup < Concept
+      # @!method scope_change?(node)
+      #
+      #   Detect if the node is an example group or shared example
+      #
+      #   Selectors which indicate that we should stop searching
+      #
+      def_node_matcher :scope_change?,
+                       (ExampleGroups::ALL + SharedGroups::ALL).block_pattern
+
+      # @!method hook(node)
+      #
+      #   Detect if node is `before`, `after`, `around`
+      def_node_matcher :hook, <<-PATTERN
+        (block {$(send nil #{Hooks::ALL.node_pattern_union} ...)} ...)
+      PATTERN
+
+      def_node_matcher :subject, Subject::ALL.block_pattern
+
+      def subjects
+        subjects_in_scope(node)
+      end
+
+      def examples
+        examples_in_scope(node).map(&Example.public_method(:new))
+      end
+
+      def hooks
+        hooks_in_scope(node).map(&Hook.public_method(:new))
+      end
+
+      private
+
+      def subjects_in_scope(node)
+        node.each_child_node.flat_map do |child|
+          find_subjects(child)
+        end
+      end
+
+      def find_subjects(node)
+        return [] if scope_change?(node)
+
+        if subject(node)
+          [node]
+        else
+          subjects_in_scope(node)
+        end
+      end
+
+      def hooks_in_scope(node)
+        node.each_child_node.flat_map do |child|
+          find_hooks(child)
+        end
+      end
+
+      def find_hooks(node)
+        return [] if scope_change?(node) || example?(node)
+
+        if hook(node)
+          [node]
+        else
+          hooks_in_scope(node)
+        end
+      end
+
+      def examples_in_scope(node, &blk)
+        node.each_child_node.flat_map do |child|
+          find_examples(child, &blk)
+        end
+      end
+
+      # Recursively search for examples within the current scope
+      #
+      # Searches node for examples and halts when a scope change is detected
+      #
+      # @param node [RuboCop::Node] node to recursively search for examples
+      #
+      # @return [Array<RuboCop::Node>] discovered example nodes
+      def find_examples(node)
+        return [] if scope_change?(node)
+
+        if example?(node)
+          [node]
+        else
+          examples_in_scope(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/hook.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Wrapper for RSpec hook
+    class Hook < Concept
+      STANDARDIZED_SCOPES = %i[each context suite].freeze
+      private_constant(:STANDARDIZED_SCOPES)
+
+      def name
+        node.method_name
+      end
+
+      def knowable_scope?
+        return true unless scope_argument
+
+        scope_argument.sym_type?
+      end
+
+      def valid_scope?
+        STANDARDIZED_SCOPES.include?(scope)
+      end
+
+      def example?
+        scope.equal?(:each)
+      end
+
+      def scope
+        case scope_name
+        when nil, :each, :example then :each
+        when :context, :all       then :context
+        when :suite               then :suite
+        else
+          scope_name
+        end
+      end
+
+      private
+
+      def scope_name
+        scope_argument.to_a.first
+      end
+
+      def scope_argument
+        node.first_argument
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/inject.rb

@@ -0,0 +1,16 @@
+module RuboCop
+  module EightyFourCodes
+    # Because RuboCop doesn't yet support plugins, we have to monkey patch in a
+    # bit of our configuration.
+    module Inject
+      def self.defaults!
+        path = CONFIG_DEFAULT.to_s
+        hash = ConfigLoader.send(:load_yaml_configuration, path)
+        config = Config.new(hash, path)
+        puts "configuration from #{path}" if ConfigLoader.debug?
+        config = ConfigLoader.merge_with_default(config, path)
+        ConfigLoader.instance_variable_set(:@default_configuration, config)
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/language/node_pattern.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    module Language
+      # Common node matchers used for matching against the rspec DSL
+      module NodePattern
+        extend RuboCop::NodePattern::Macros
+
+        def_node_matcher :example_group?, ExampleGroups::ALL.block_pattern
+
+        def_node_matcher :example_group_with_body?, <<-PATTERN
+          (block #{ExampleGroups::ALL.send_pattern} args [!nil])
+        PATTERN
+
+        def_node_matcher :example?, Examples::ALL.block_pattern
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/language.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # RSpec public API methods that are commonly used in cops
+    module Language
+      # Set of method selectors
+      class SelectorSet
+        def initialize(selectors)
+          @selectors = selectors
+        end
+
+        def ==(other)
+          selectors.eql?(other.selectors)
+        end
+
+        def +(other)
+          self.class.new(selectors + other.selectors)
+        end
+
+        def include?(selector)
+          selectors.include?(selector)
+        end
+
+        def block_pattern
+          "(block #{send_pattern} ...)"
+        end
+
+        def send_pattern
+          "(send _ #{node_pattern_union} ...)"
+        end
+
+        def node_pattern_union
+          "{#{node_pattern}}"
+        end
+
+        def node_pattern
+          selectors.map(&:inspect).join(' ')
+        end
+
+        protected
+
+        attr_reader :selectors
+      end
+
+      module Matchers
+        MESSAGE_CHAIN = SelectorSet.new(%i[receive_message_chain stub_chain])
+      end
+
+      module ExampleGroups
+        GROUPS  = SelectorSet.new(%i[describe context feature example_group])
+        SKIPPED = SelectorSet.new(%i[xdescribe xcontext xfeature])
+        FOCUSED = SelectorSet.new(%i[fdescribe fcontext ffeature])
+
+        ALL = GROUPS + SKIPPED + FOCUSED
+      end
+
+      module SharedGroups
+        EXAMPLES = SelectorSet.new(%i[shared_examples shared_examples_for])
+        CONTEXT = SelectorSet.new(%i[shared_context])
+
+        ALL = EXAMPLES + CONTEXT
+      end
+
+      module Includes
+        EXAMPLES = SelectorSet.new(
+          %i[
+            it_behaves_like
+            it_should_behave_like
+            include_examples
+          ]
+        )
+        CONTEXT = SelectorSet.new(%i[include_context])
+
+        ALL = EXAMPLES + CONTEXT
+      end
+
+      module Examples
+        EXAMPLES = SelectorSet.new(%i[it specify example scenario its])
+        FOCUSED  = SelectorSet.new(%i[fit fspecify fexample fscenario focus])
+        SKIPPED  = SelectorSet.new(%i[xit xspecify xexample xscenario skip])
+        PENDING  = SelectorSet.new(%i[pending])
+
+        ALL = EXAMPLES + FOCUSED + SKIPPED + PENDING
+      end
+
+      module Hooks
+        ALL = SelectorSet.new(
+          %i[
+            prepend_before
+            before
+            append_before
+            around
+            prepend_after
+            after
+            append_after
+          ]
+        )
+      end
+
+      module Helpers
+        ALL = SelectorSet.new(%i[let let!])
+      end
+
+      module Subject
+        ALL = SelectorSet.new(%i[subject subject!])
+      end
+
+      ALL =
+        ExampleGroups::ALL +
+        SharedGroups::ALL  +
+        Examples::ALL      +
+        Hooks::ALL         +
+        Helpers::ALL       +
+        Subject::ALL
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/top_level_describe.rb

@@ -0,0 +1,57 @@
+module RuboCop
+  module EightyFourCodes
+    # Helper methods for top level describe cops
+    module TopLevelDescribe
+      extend NodePattern::Macros
+
+      def_node_matcher :described_constant, <<-PATTERN
+        (block $(send _ :describe $(const ...)) (args) $_)
+      PATTERN
+
+      def on_send(node)
+        return unless respond_to?(:on_top_level_describe)
+        return unless top_level_describe?(node)
+
+        _receiver, _method_name, *args = *node
+
+        on_top_level_describe(node, args)
+      end
+
+      private
+
+      def top_level_describe?(node)
+        _receiver, method_name, *_args = *node
+        return false unless method_name == :describe
+
+        top_level_nodes.include?(node)
+      end
+
+      def top_level_nodes
+        nodes = describe_statement_children(root_node)
+        # If we have no top level describe statements, we need to check any
+        # blocks on the top level (e.g. after a require).
+        if nodes.empty?
+          nodes = root_node.each_child_node(:block).flat_map do |child|
+            describe_statement_children(child)
+          end
+        end
+
+        nodes
+      end
+
+      def root_node
+        processed_source.ast
+      end
+
+      def single_top_level_describe?
+        top_level_nodes.one?
+      end
+
+      def describe_statement_children(node)
+        node.each_child_node(:send).select do |element|
+          element.children[1] == :describe
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/util.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Utility methods
+    module Util
+      # Error raised by `Util.one` if size is less than zero or greater than one
+      SizeError = Class.new(IndexError)
+
+      # Return only element in array if it contains exactly one member
+      def one(array)
+        return array.first if array.one?
+
+        raise SizeError,
+              "expected size to be exactly 1 but size was #{array.size}"
+      end
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/version.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # Version information for the eightyfourcodes Rubocop plugin.
+    module Version
+      STRING = '0.0.1'
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes/wording.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module EightyFourCodes
+    # RSpec example wording rewriter
+    class Wording
+      SHOULDNT_PREFIX    = /\Ashould(?:n't| not)\b/i
+      SHOULDNT_BE_PREFIX = /#{SHOULDNT_PREFIX} be\b/i
+      ES_SUFFIX_PATTERN  = /(?:o|s|x|ch|sh|z)\z/i
+      IES_SUFFIX_PATTERN = /[^aeou]y\z/i
+
+      def initialize(text, ignore:, replace:)
+        @text         = text
+        @ignores      = ignore
+        @replacements = replace
+      end
+
+      def rewrite
+        case text
+        when SHOULDNT_BE_PREFIX
+          replace_prefix(SHOULDNT_BE_PREFIX, 'is not')
+        when SHOULDNT_PREFIX
+          replace_prefix(SHOULDNT_PREFIX, 'does not')
+        else
+          remove_should_and_pluralize
+        end
+      end
+
+      private
+
+      attr_reader :text, :ignores, :replacements
+
+      def replace_prefix(pattern, replacement)
+        text.sub(pattern) do |shouldnt|
+          uppercase?(shouldnt) ? replacement.upcase : replacement
+        end
+      end
+
+      def uppercase?(word)
+        word.upcase.eql?(word)
+      end
+
+      def remove_should_and_pluralize
+        _should, *words = text.split
+
+        words.each_with_index do |word, index|
+          next if ignored_word?(word)
+
+          words[index] = substitute(word)
+
+          break
+        end
+
+        words.join(' ')
+      end
+
+      def ignored_word?(word)
+        ignores.any? { |ignore| ignore.casecmp(word).zero? }
+      end
+
+      def substitute(word)
+        # NOTE: Custom replacements are case sensitive.
+        return replacements.fetch(word) if replacements.key?(word)
+
+        case word
+        when ES_SUFFIX_PATTERN  then append_suffix(word, 'es')
+        when IES_SUFFIX_PATTERN then append_suffix(word[0..-2], 'ies')
+        else append_suffix(word, 's')
+        end
+      end
+
+      def append_suffix(word, suffix)
+        suffix = suffix.upcase if uppercase?(word)
+
+        "#{word}#{suffix}"
+      end
+
+      private_constant(*constants(false))
+    end
+  end
+end

data/lib/rubocop/eightyfourcodes.rb

@@ -0,0 +1,10 @@
+module RuboCop
+  # RuboCop RSpec project namespace
+  module EightyFourCodes
+    PROJECT_ROOT   = Pathname.new(__dir__).parent.parent.expand_path.freeze
+    CONFIG_DEFAULT = PROJECT_ROOT.join('config', 'default.yml').freeze
+    CONFIG         = YAML.safe_load(CONFIG_DEFAULT.read).freeze
+
+    private_constant(:CONFIG_DEFAULT, :PROJECT_ROOT)
+  end
+end

data/lib/rubocop-eightyfourcodes.rb

@@ -0,0 +1,22 @@
+require 'pathname'
+require 'yaml'
+
+require 'rubocop'
+
+require 'rubocop/eightyfourcodes'
+require 'rubocop/eightyfourcodes/version'
+require 'rubocop/eightyfourcodes/inject'
+require 'rubocop/eightyfourcodes/top_level_describe'
+require 'rubocop/eightyfourcodes/wording'
+require 'rubocop/eightyfourcodes/util'
+require 'rubocop/eightyfourcodes/language'
+require 'rubocop/eightyfourcodes/language/node_pattern'
+require 'rubocop/eightyfourcodes/concept'
+require 'rubocop/eightyfourcodes/example_group'
+require 'rubocop/eightyfourcodes/example'
+require 'rubocop/eightyfourcodes/hook'
+require 'rubocop/cop/eightyfourcodes/cop'
+
+RuboCop::EightyFourCodes::Inject.defaults!
+
+require 'rubocop/cop/eightyfourcodes/command_literal_injection'

data/rubocop-eightyfourcodes.gemspec

@@ -0,0 +1,35 @@
+$LOAD_PATH.unshift File.expand_path('lib', __dir__)
+require 'rubocop/eightyfourcodes/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'rubocop-eightyfourcodes'
+  spec.summary = 'Basic security checks for projects'
+  spec.description = <<~DESCRIPTION
+    Basic security checking for Ruby files.
+    A plugin for the RuboCop code style enforcing & linting tool.
+  DESCRIPTION
+  spec.homepage = 'https://github.com/84codes/rubocop-eightyfourcodes/'
+  spec.authors = ['Anders Bälter', 'Brian Neel']
+  spec.email = [
+    'anders@eightyfourcodes.com',
+    'brian@gitlab.com'
+  ]
+  spec.licenses = ['MIT']
+
+  spec.version = RuboCop::EightyFourCodes::Version::STRING
+  spec.platform = Gem::Platform::RUBY
+  spec.required_ruby_version = '>= 2.3.0'
+
+  spec.require_paths = ['lib']
+  spec.files = Dir[
+    '{config,lib}/**/*',
+    '*.md',
+    '*.gemspec',
+    'Gemfile'
+  ]
+  spec.extra_rdoc_files = ['LICENSE.md', 'README.md']
+
+  spec.add_runtime_dependency 'rubocop', '>= 0.51'
+
+  spec.add_development_dependency 'rake'
+end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: rubocop-eightyfourcodes
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Anders Bälter
+- Brian Neel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-09-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.51'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.51'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |
+  Basic security checking for Ruby files.
+  A plugin for the RuboCop code style enforcing & linting tool.
+email:
+- anders@eightyfourcodes.com
+- brian@gitlab.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.md
+- README.md
+files:
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE.md
+- README.md
+- config/default.yml
+- lib/rubocop-eightyfourcodes.rb
+- lib/rubocop/cop/eightyfourcodes/command_literal_injection.rb
+- lib/rubocop/cop/eightyfourcodes/cop.rb
+- lib/rubocop/eightyfourcodes.rb
+- lib/rubocop/eightyfourcodes/concept.rb
+- lib/rubocop/eightyfourcodes/config_formatter.rb
+- lib/rubocop/eightyfourcodes/description_extractor.rb
+- lib/rubocop/eightyfourcodes/example.rb
+- lib/rubocop/eightyfourcodes/example_group.rb
+- lib/rubocop/eightyfourcodes/hook.rb
+- lib/rubocop/eightyfourcodes/inject.rb
+- lib/rubocop/eightyfourcodes/language.rb
+- lib/rubocop/eightyfourcodes/language/node_pattern.rb
+- lib/rubocop/eightyfourcodes/top_level_describe.rb
+- lib/rubocop/eightyfourcodes/util.rb
+- lib/rubocop/eightyfourcodes/version.rb
+- lib/rubocop/eightyfourcodes/wording.rb
+- rubocop-eightyfourcodes.gemspec
+homepage: https://github.com/84codes/rubocop-eightyfourcodes/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Basic security checks for projects
+test_files: []