rubocop-gitlab-security 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0de5c70ba259b93d21c8b7516b44699985fe6473
-  data.tar.gz: aebb63f21cb446003f34a24f78bda31666279250
+  metadata.gz: 418947a57b9293b3d1d3a11af563ff17249ae717
+  data.tar.gz: 79cfcb1bb7a3ef41e152a9539f7a98140de119b2
 SHA512:
-  metadata.gz: a355bd388fcf9e8b22757a289de2be26252c72e05a58e22017fe90f7a765f8a3d2309ad87988bd7a1687242539e168ee4cb743337e65fab41f7378d27b874c64
-  data.tar.gz: e50d20427b601c6f92ea8a66ade418e04a5bf256767440c62d3b8c2c5fc760d0c97173eeea198a4eac74624593e365071d90584bfde2ff5260b3ffca890fd7c0
+  metadata.gz: 95d9e45787487cd75eedbf0a333253fa93c89d9da7bc404ac459f0376cc118de697f922dbdac836683ab1c2714b0bb3c8a8c0bb668cd206ae61675302f975493
+  data.tar.gz: a176a812a0e0a6bb93ccc6aebe0f43e2b42ba39dfc329e4a75e8e097653b83eff9c98fca93d38fc90790d7b1a76e7aa9077d5b123cba42194e13f4208605821b

data/Gemfile

@@ -5,5 +5,5 @@ gemspec
 group :development, :test do
   gem 'pry'
   gem 'rspec', '~> 3.6.0'
-  gem 'rubocop-rspec', '~> 1.15.0'
+  gem 'rubocop-rspec', '~> 1.21.0'
 end

data/lib/rubocop/cop/gitlab-security/deep_munge.rb

@@ -16,13 +16,13 @@ module RuboCop
         MSG = 'Never disable the deep munge security option.'.freeze
 
         def_node_matcher :disable_deep_munge?, <<-PATTERN
-          (send (send (send nil :config) :action_dispatch) :perform_deep_munge= (false))
+          (send (send (send nil? :config) :action_dispatch) :perform_deep_munge= (false))
         PATTERN
 
         def on_send(node)
           return unless disable_deep_munge?(node)
 
-          add_offense(node, :selector)
+          add_offense(node, location: :selector)
         end
       end
     end

data/lib/rubocop/cop/gitlab-security/json_serialization.rb

@@ -34,7 +34,7 @@ module RuboCop
         # Check for `to_json` sent to any object that's not a Hash literal or
         # Serializer instance
         def_node_matcher :json_serialization?, <<~PATTERN
-          (send !{nil hash #serializer?} ${:to_json :as_json} $...)
+          (send !{nil? hash #serializer?} ${:to_json :as_json} $...)
         PATTERN
 
         # Check if node is a `only: ...` pair
@@ -54,7 +54,7 @@ module RuboCop
 
         # Check for `SomeConstant.new`
         def_node_search :constant_init, <<~PATTERN
-          (send (const nil $_) :new ...)
+          (send (const nil? $_) :new ...)
         PATTERN
 
         def on_send(node)
@@ -66,7 +66,7 @@ module RuboCop
 
           if matched.last.nil? || matched.last.empty?
             # Empty `to_json` call
-            add_offense(node, :selector, format_message)
+            add_offense(node, location: :selector, message: format_message)
           else
             check_arguments(node, matched)
           end
@@ -98,7 +98,7 @@ module RuboCop
           # Add a top-level offense for the entire argument list, but only if
           # we haven't yet added any offenses to the child Hash values (such
           # as `include`)
-          add_offense(node.children.last, :expression, format_message)
+          add_offense(node.children.last, location: :expression, message: format_message)
         end
 
         def check_pair(pair)
@@ -110,7 +110,7 @@ module RuboCop
             includes.each_child_node do |child_node|
               next if contains_only?(child_node)
 
-              add_offense(child_node, :expression, format_message)
+              add_offense(child_node, location: :expression, message: format_message)
             end
           end
         end

data/lib/rubocop/cop/gitlab-security/public_send.rb

@@ -31,7 +31,7 @@ module RuboCop
           send?(node) do |match|
             next unless node.arguments?
 
-            add_offense(node, :selector, format(MSG, match))
+            add_offense(node, location: :selector, message: format(MSG, match))
           end
         end
       end

data/lib/rubocop/cop/gitlab-security/redirect_to_params_update.rb

@@ -17,13 +17,13 @@ module RuboCop
         MSG = 'Avoid using redirect_to(params.update()). Only pass whitelisted arguments into redirect_to() (e.g. not including `host`)'.freeze
 
         def_node_matcher :redirect_to_params_update_node, <<-PATTERN
-           (send nil :redirect_to (send (send nil :params) ${:update :merge} ...))
+           (send nil :redirect_to (send (send nil? :params) ${:update :merge} ...))
         PATTERN
 
         def on_send(node)
           return unless redirect_to_params_update_node(node)
 
-          add_offense(node, :selector)
+          add_offense(node, location: :selector)
         end
       end
     end

data/lib/rubocop/cop/gitlab-security/send_file_params.rb

@@ -23,14 +23,14 @@ module RuboCop
         this warning can be disabled using `#rubocop:disable GitlabSecurity/SendFileParams`'.freeze
 
         def_node_search :params_node?, <<-PATTERN
-           (send (send nil :params) ... )
+           (send (send nil? :params) ... )
         PATTERN
 
         def on_send(node)
           return unless node.command?(:send_file)
-          return unless node.method_args.any? { |e| params_node?(e) }
+          return unless node.arguments.any? { |e| params_node?(e) }
 
-          add_offense(node, :selector)
+          add_offense(node, location: :selector)
         end
       end
     end

data/lib/rubocop/cop/gitlab-security/sql_injection.rb

@@ -28,9 +28,9 @@ module RuboCop
 
         def on_send(node)
           return unless where_user_input?(node)
-          return unless node.method_args.any? { |e| string_var_string?(e) }
+          return unless node.arguments.any? { |e| string_var_string?(e) }
 
-          add_offense(node, :selector)
+          add_offense(node, location: :selector)
         end
       end
     end

data/lib/rubocop/cop/gitlab-security/system_command_injection.rb

@@ -25,9 +25,9 @@ module RuboCop
 
         def on_send(node)
           return unless node.command?(:system)
-          return unless node.method_args.any? { |e| system_var?(e) }
+          return unless node.arguments.any? { |e| system_var?(e) }
 
-          add_offense(node, :selector)
+          add_offense(node, location: :selector)
         end
       end
     end

data/lib/rubocop/gitlab-security/hook.rb

@@ -42,7 +42,7 @@ module RuboCop
       end
 
       def scope_argument
-        node.method_args.first
+        node.first_argument
       end
     end
   end

data/lib/rubocop/gitlab-security/version.rb

@@ -4,7 +4,7 @@ module RuboCop
   module GitlabSecurity
     # Version information for the GitlabSecurity Rubocop plugin.
     module Version
-      STRING = '0.1.0'
+      STRING = '0.1.1'
     end
   end
 end

data/rubocop-gitlab-security.gemspec

@@ -1,15 +1,13 @@
-# encoding: utf-8
-
 $LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
 require 'rubocop/gitlab-security/version'
 
 Gem::Specification.new do |spec|
   spec.name = 'rubocop-gitlab-security'
   spec.summary = 'Basic security checks for projects'
-  spec.description = <<-end_description
+  spec.description = <<~DESCRIPTION
     Basic security checking for Ruby files.
     A plugin for the RuboCop code style enforcing & linting tool.
-  end_description
+  DESCRIPTION
   spec.homepage = 'https://gitlab.com/gitlab-org/rubocop-gitlab-security/'
   spec.authors = ['Brian Neel']
   spec.email = [
@@ -19,7 +17,7 @@ Gem::Specification.new do |spec|
 
   spec.version = RuboCop::GitlabSecurity::Version::STRING
   spec.platform = Gem::Platform::RUBY
-  spec.required_ruby_version = '>= 2.1.0'
+  spec.required_ruby_version = '>= 2.3.0'
 
   spec.require_paths = ['lib']
   spec.files = Dir[
@@ -30,7 +28,7 @@ Gem::Specification.new do |spec|
   ]
   spec.extra_rdoc_files = ['MIT-LICENSE.md', 'README.md']
 
-  spec.add_runtime_dependency 'rubocop', '>= 0.47.1'
+  spec.add_runtime_dependency 'rubocop', '>= 0.51'
 
   spec.add_development_dependency 'rake'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-gitlab-security
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Brian Neel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-24 00:00:00.000000000 Z
+date: 2017-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.47.1
+        version: '0.51'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.47.1
+        version: '0.51'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -38,9 +38,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: |2
-      Basic security checking for Ruby files.
-      A plugin for the RuboCop code style enforcing & linting tool.
+description: |
+  Basic security checking for Ruby files.
+  A plugin for the RuboCop code style enforcing & linting tool.
 email:
 - brian@gitlab.com
 executables: []
@@ -90,7 +90,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.1.0
+      version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -98,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Basic security checks for projects