rubocop-eightyfourcodes 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3bdcf879f5dbd72c539cfb616e85279915721d3520667359a6613c8183425c5
-  data.tar.gz: 8052007c2529fef3406fa5a0b3560720ff373030ef1ddbd12b85c96b62e0eac1
+  metadata.gz: caa8bb23e13eed6bbcb9e59c2a4a76db329ae6ec62c7efe251cdcc6e794beff3
+  data.tar.gz: fdc49e8b5e58feb5e438d6c2cc0183cf20a194175cc2fea9c970939d4d51c751
 SHA512:
-  metadata.gz: 329bf23841b2ba450a8fa291fda6ec57bc709f47036e8cb528f6fec1abca6155febc27417fab729acbe6aed0f64456484ed8d2938795d23d71062703ffe3ba50
-  data.tar.gz: a8bd924b5f4e3dfe379d4ee2651ae156dd7c30654c4293de210b6973e03132449d414d45a8948fcd431d2b225844bea177d908fb16985cf019155a673d8e73ed
+  metadata.gz: 7669d1010b6d8521ffbf0b61d0c858c62d851df29c0f3144a5a010ae021737df911488393a8b4538505e774b96e138f769196ae1e514f57558df71cb5dab9517
+  data.tar.gz: 56f7910d7429f6592cf1f3a9ef54b7c02690b55545f1f45f9c02d872249bf3d6c79e815615fe922f4ce22526bcebf7cda73678f9f634f1dbe50504af44664e76

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.0.2 (2020-09-24)
+
+- Added `RubyVersionFile`: Ensure we read Gemfile ruby version from `.ruby-version` file
+
 ## 0.0.1 (2019-09-11)
 
 - Forked from gitlab-security

data/README.md

@@ -69,7 +69,7 @@ AllCops:
 ## The Cops
 
 All cops are located under
-[`lib/rubocop/cop/eightyfourcodes`](lib/rubocop/cop/eightyfourcodes), and contain
+[`lib/rubocop/cop/eighty_four_codes`](lib/rubocop/cop/eighty_four_codes), and contain
 examples/documentation.
 
 In your `.rubocop.yml`, you may treat the eightyfourcodes cops just like any other

data/config/default.yml

@@ -5,5 +5,11 @@ AllCops:
       - ".+"
 
 EightyFourCodes/CommandLiteralInjection:
-  Description: Check for Command Injection in `` and %x
+  Description: "Check for Command Injection in `` and %x"
   Enabled: true
+  VersionAdded: "0.0.1"
+
+EightyFourCodes/RubyVersionFile:
+  Description: "Ensure .ruby-version file use in Gemfile"
+  Enabled: true
+  VersionAdded: "0.0.2"

data/lib/rubocop-eightyfourcodes.rb

@@ -3,20 +3,20 @@ require 'yaml'
 
 require 'rubocop'
 
-require 'rubocop/eightyfourcodes'
-require 'rubocop/eightyfourcodes/version'
-require 'rubocop/eightyfourcodes/inject'
-require 'rubocop/eightyfourcodes/top_level_describe'
-require 'rubocop/eightyfourcodes/wording'
-require 'rubocop/eightyfourcodes/util'
-require 'rubocop/eightyfourcodes/language'
-require 'rubocop/eightyfourcodes/language/node_pattern'
-require 'rubocop/eightyfourcodes/concept'
-require 'rubocop/eightyfourcodes/example_group'
-require 'rubocop/eightyfourcodes/example'
-require 'rubocop/eightyfourcodes/hook'
-require 'rubocop/cop/eightyfourcodes/cop'
+require 'rubocop/eighty_four_codes'
+require 'rubocop/eighty_four_codes/version'
+require 'rubocop/eighty_four_codes/inject'
+require 'rubocop/eighty_four_codes/top_level_describe'
+require 'rubocop/eighty_four_codes/wording'
+require 'rubocop/eighty_four_codes/util'
+require 'rubocop/eighty_four_codes/language'
+require 'rubocop/eighty_four_codes/language/node_pattern'
+require 'rubocop/eighty_four_codes/concept'
+require 'rubocop/eighty_four_codes/example_group'
+require 'rubocop/eighty_four_codes/example'
+require 'rubocop/eighty_four_codes/hook'
+require 'rubocop/cop/eighty_four_codes/cop'
 
 RuboCop::EightyFourCodes::Inject.defaults!
 
-require 'rubocop/cop/eightyfourcodes/command_literal_injection'
+Dir["#{__dir__}/rubocop/cop/eighty_four_codes/**/*.rb"].each { |cop| require cop }

data/lib/rubocop/cop/eighty_four_codes/ruby_version_file.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module RuboCop
+    module Cop
+      module EightyFourCodes
+        # Read Ruby version from a .ruby-version file
+        #
+        # Instead of staticly defining the Ruby runtime version in Gemfile, load it from
+        # a .ruby-version file definition. As this Ruby version file is read by rbenv, chruby etc
+        # it's much easier for the developer to work with multiple projects with different versions.
+        #
+        # @example
+        #   # bad
+        #   ruby 2.6.6
+        #
+        #   # good
+        #   ruby File.read('.ruby-version')
+        class RubyVersionFile < Base
+          extend AutoCorrector
+
+          MSG = "Control Ruby version via .ruby-version, fix by replacing with File.read('.ruby-version')"
+
+          RESTRICT_ON_SEND = %i[ruby].freeze
+
+          def_node_matcher :static_version_found?, <<~PATTERN
+            (send nil? :ruby
+              $(str _))
+          PATTERN
+
+          def on_send(node)
+            return unless File.basename(processed_source.file_path).eql?('Gemfile')
+            static_version_found?(node) do |source_node, source|
+              message = format(MSG, source: source)
+
+              add_offense(
+                source_node,
+                message: message
+              ) do |corrector|
+                corrector.replace(
+                  source_node, "File.read('.ruby-version')"
+                )
+              end
+            end
+          end
+        end
+      end
+    end
+  end

data/lib/rubocop/cop/eighty_four_codes/shell_escape.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# TODO: when finished, run `rake generate_cops_documentation` to update the docs
+module RuboCop
+  module Cop
+    module EightyFourCodes
+      # TODO: Write cop description and example of bad / good code. For every
+      # `SupportedStyle` and unique configuration, there needs to be examples.
+      # Examples must have valid Ruby syntax. Do not use upticks.
+      #
+      # @example EnforcedStyle: bar (default)
+      #   # Description of the `bar` style.
+      #
+      #   # bad
+      #   bad_bar_method
+      #
+      #   # bad
+      #   bad_bar_method(args)
+      #
+      #   # good
+      #   good_bar_method
+      #
+      #   # good
+      #   good_bar_method(args)
+      #
+      # @example EnforcedStyle: foo
+      #   # Description of the `foo` style.
+      #
+      #   # bad
+      #   bad_foo_method
+      #
+      #   # bad
+      #   bad_foo_method(args)
+      #
+      #   # good
+      #   good_foo_method
+      #
+      #   # good
+      #   good_foo_method(args)
+      #
+      class ShellEscape < Cop
+        # TODO: Implement the cop in here.
+        #
+        # In many cases, you can use a node matcher for matching node pattern.
+        # See https://github.com/rubocop-hq/rubocop/blob/master/lib/rubocop/node_pattern.rb
+        #
+        # For example
+        MSG = 'Use `#good_method` instead of `#bad_method`.'.freeze
+
+        def_node_matcher :bad_method?, <<~PATTERN
+          (send nil? :bad_method ...)
+        PATTERN
+
+        def on_send(node)
+          return unless bad_method?(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/{eightyfourcodes → eighty_four_codes}/version.rb

@@ -4,7 +4,7 @@ module RuboCop
   module EightyFourCodes
     # Version information for the eightyfourcodes Rubocop plugin.
     module Version
-      STRING = '0.0.1'
+      STRING = '0.0.2'
     end
   end
 end

data/rubocop-eightyfourcodes.gemspec

@@ -1,5 +1,5 @@
 $LOAD_PATH.unshift File.expand_path('lib', __dir__)
-require 'rubocop/eightyfourcodes/version'
+require 'rubocop/eighty_four_codes/version'
 
 Gem::Specification.new do |spec|
   spec.name = 'rubocop-eightyfourcodes'

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-eightyfourcodes
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Anders Bälter
 - Brian Neel
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-09-11 00:00:00.000000000 Z
+date: 2020-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -58,28 +58,30 @@ files:
 - README.md
 - config/default.yml
 - lib/rubocop-eightyfourcodes.rb
-- lib/rubocop/cop/eightyfourcodes/command_literal_injection.rb
-- lib/rubocop/cop/eightyfourcodes/cop.rb
-- lib/rubocop/eightyfourcodes.rb
-- lib/rubocop/eightyfourcodes/concept.rb
-- lib/rubocop/eightyfourcodes/config_formatter.rb
-- lib/rubocop/eightyfourcodes/description_extractor.rb
-- lib/rubocop/eightyfourcodes/example.rb
-- lib/rubocop/eightyfourcodes/example_group.rb
-- lib/rubocop/eightyfourcodes/hook.rb
-- lib/rubocop/eightyfourcodes/inject.rb
-- lib/rubocop/eightyfourcodes/language.rb
-- lib/rubocop/eightyfourcodes/language/node_pattern.rb
-- lib/rubocop/eightyfourcodes/top_level_describe.rb
-- lib/rubocop/eightyfourcodes/util.rb
-- lib/rubocop/eightyfourcodes/version.rb
-- lib/rubocop/eightyfourcodes/wording.rb
+- lib/rubocop/cop/eighty_four_codes/command_literal_injection.rb
+- lib/rubocop/cop/eighty_four_codes/cop.rb
+- lib/rubocop/cop/eighty_four_codes/ruby_version_file.rb
+- lib/rubocop/cop/eighty_four_codes/shell_escape.rb
+- lib/rubocop/eighty_four_codes.rb
+- lib/rubocop/eighty_four_codes/concept.rb
+- lib/rubocop/eighty_four_codes/config_formatter.rb
+- lib/rubocop/eighty_four_codes/description_extractor.rb
+- lib/rubocop/eighty_four_codes/example.rb
+- lib/rubocop/eighty_four_codes/example_group.rb
+- lib/rubocop/eighty_four_codes/hook.rb
+- lib/rubocop/eighty_four_codes/inject.rb
+- lib/rubocop/eighty_four_codes/language.rb
+- lib/rubocop/eighty_four_codes/language/node_pattern.rb
+- lib/rubocop/eighty_four_codes/top_level_describe.rb
+- lib/rubocop/eighty_four_codes/util.rb
+- lib/rubocop/eighty_four_codes/version.rb
+- lib/rubocop/eighty_four_codes/wording.rb
 - rubocop-eightyfourcodes.gemspec
 homepage: https://github.com/84codes/rubocop-eightyfourcodes/
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -94,8 +96,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Basic security checks for projects
 test_files: []