rubocop-gusto 10.3.0 → 10.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b80d8e2199d3f26a7c573b61905ea30b866eb0a9f5ca2bf6eb0f6ef9891ecd4
-  data.tar.gz: 88a6fac9e262c3c40caa6ce939b194badf71a84cd05e63165b11a3f36ed4b54d
+  metadata.gz: 8312e221e4e60856991b5771855411eda476845804f95a1b890944880a72c107
+  data.tar.gz: 48247a74fe3523f5d813fc1b36fe9f56782c166347bd1f45997876047d5a9bf4
 SHA512:
-  metadata.gz: 830e8793b87b42c2a727dcbbda20a93de35f5a4887009455e8ff65bc8002dc9499d5fdfadd6971e2e5ce73660e47ddbd4cdf53eeae67c5c26d4840dadda0f092
-  data.tar.gz: 1d6b49aa37716ac6095ae0e261f8673e5c2389bff7432ba5775d39b64a86f8f17725b2f35c4c1ffbea1e32cac36751c1ee7924d6251af30b5ea7bed60466bc1c
+  metadata.gz: b2b908c4b1f5f921371e6368956f57bce33995ab5127f346a59d4958909fd03469a8efde3ab035b52457c67bae2f8fc14efcb3c83250810ade31fe872b60948f
+  data.tar.gz: 5e0ce03d855c35c66a70fd0bbd3f940d3661e6d665fcac97d5c73c4fd57b10a3b5842b170ac9838d46fe6cec9ff042aedcc2e0950dfcfd231e035d3077fd9c27

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 ## Pending
 
+
+## 10.6.0
+
+- Add `Rack/LowercaseHeaderKeys` cop to detect and autocorrect uppercase HTTP response header keys
+- Enable Style/StringLiterals with double quotes enforced
+
+## 10.5.0
+
+- Delete Object#in? cop
+
+## 10.4.0
+
+- Add Gusto/DiscouragedGem cop with `timecop` as the first discouraged gem
+- Update Gusto/PolymorphicTypeValidation settings to be scoped to `**/models/*.rb`
+
 ## 10.3.0
 
 - Add Gusto/RspecDateTimeMock cop

data/config/default.yml

@@ -49,6 +49,11 @@ Gusto/DatadogConstant:
     - '**/spec/**/*'
   Description: 'Do not call Datadog directly, use an appropriate wrapper library.'
 
+Gusto/DiscouragedGem:
+  Description: 'Flags installation of discouraged gems in Gemfiles and gemspecs.'
+  Enabled: false
+  Gems: {}
+
 Gusto/ExecuteMigration:
   Description: "Don't use `execute` in migrations. Use a backfill rake task instead."
   Include:
@@ -72,10 +77,8 @@ Gusto/NoRescueErrorMessageChecking:
 
 Gusto/NoSend:
   Description: 'Do not call a private method via `__send__`.'
-
-Gusto/ObjectIn:
-  Description: 'Use `Range#cover?` instead of `Object#in?`.'
-  Safe: false
+  Exclude:
+    - '**/spec/**/*'
 
 Gusto/PaperclipOrAttachable:
   Description: 'No more new paperclip or Attachable are allowed. Use ActiveStorage instead.'
@@ -89,6 +92,8 @@ Gusto/PerformClassMethod:
 
 Gusto/PolymorphicTypeValidation:
   Description: 'Ensures that polymorphic relations include a type validation, which is necessary for generating Sorbet types.'
+  Include:
+    - '**/models/**/*.rb'
 
 Gusto/PreferProcessLastStatus:
   Description: 'Prefer using `Process.last_status` instead of the global variables: `$?` and `$CHILD_STATUS`.'
@@ -424,6 +429,21 @@ RSpec/StubbedMock:
 RSpec/SubjectStub:
   Enabled: false
 
+Rack/LowercaseHeaderKeys:
+  Description: 'HTTP response header keys should be lowercase for consistency and compatibility with HTTP/2.'
+  Enabled: true
+  Include:
+    - 'lib/middleware/**/*.rb'
+    - 'app/middleware/**/*.rb'
+    - 'app/controllers/**/*.rb'
+    - 'packs/**/middleware/**/*.rb'
+    - 'packs/**/controllers/**/*.rb'
+    - 'components/**/middleware/**/*.rb'
+    - 'components/**/controllers/**/*.rb'
+    - 'config/initializers/**/*.rb'
+  Exclude:
+    - '**/spec/**/*'
+
 Rake/ClassDefinitionInTask:
   Enabled: false
 
@@ -481,6 +501,10 @@ Style/Alias:
   Enabled: true
   EnforcedStyle: prefer_alias_method
 
+Style/ArgumentsForwarding:
+  # This is incompatible with Sorbet
+  Enabled: false
+
 Style/AsciiComments:
   Enabled: true
 
@@ -569,6 +593,10 @@ Style/IfUnlessModifier:
 Style/ImplicitRuntimeError:
   Enabled: false
 
+Style/ItBlockParameter:
+  Enabled: true
+  EnforcedStyle: only_numbered_parameters
+
 Style/Lambda:
   EnforcedStyle: literal
 

data/config/rails.yml

@@ -17,6 +17,14 @@ AllCops:
     - 'db/**/*schema.rb'
     - 'db/seeds{.rb,/**/*}'
 
+Gusto/DiscouragedGem:
+  Enabled: true
+  Include:
+    - '**/*.gemspec'
+    - '**/Gemfile'
+  Gems:
+    timecop: "Use Rails' time helpers (e.g., freeze_time, travel_to) instead of Timecop."
+
 Performance/DoubleStartEndWith:
   IncludeActiveSupportAliases: true
 

data/lib/rubocop/cop/gusto/bootsnap_load_file.rb

@@ -33,6 +33,7 @@ module RuboCop
             add_offense(node, message: "Use #{constant_node.source}.load_file(#{file_path_node.source}) to improve load time with bootsnap")
           end
         end
+        alias_method :on_itblock, :on_block
         alias_method :on_numblock, :on_block
 
         def on_send(node)

data/lib/rubocop/cop/gusto/discouraged_gem.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Gusto
+      # Flags installation of discouraged gems (e.g., timecop) in Gemfiles and gemspecs.
+      #
+      # Configuration:
+      #   Gems:
+      #     timecop: "Use Rails' time helpers (e.g., freeze_time, travel_to) instead of Timecop."
+      #
+      # This cop is intended to be enabled in Rails projects via config/rails.yml.
+      class DiscouragedGem < Base
+        MSG = "Avoid using the '%{gem}' gem. %{advice}"
+
+        RESTRICT_ON_SEND = %i(gem add_dependency add_development_dependency).freeze
+
+        def on_send(node)
+          check_gem_usage(node)
+        end
+
+        private
+
+        def check_gem_usage(node)
+          return unless node.first_argument&.type?(:str, :sym)
+          return unless discouraged_gems.include?(node.first_argument.value.to_s)
+
+          add_offense(node, message: message_for(node.first_argument.value.to_s))
+          # No autocorrect: removing dependencies is a project decision.
+        end
+
+        def discouraged_gems
+          @discouraged_gems ||= gems_config.keys.map(&:to_s)
+        end
+
+        def message_for(gem)
+          format(MSG, gem: gem, advice: advice_for(gem))
+        end
+
+        def advice_for(gem)
+          gems_config[gem]
+        end
+
+        def gems_config
+          cop_config["Gems"] || {}
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rack/lowercase_header_keys.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rack
+      # Detects HTTP response headers with uppercase characters.
+      # HTTP response header keys should be lowercase for consistency
+      # and compatibility with HTTP/2 and modern web standards.
+      #
+      # @example
+      #   # bad
+      #   headers['Content-Type'] = 'application/json'
+      #   response.headers['Location'] = '/redirect'
+      #
+      #   # good
+      #   headers['content-type'] = 'application/json'
+      #   response.headers['location'] = '/redirect'
+      #
+      class LowercaseHeaderKeys < Base
+        extend AutoCorrector
+
+        MSG = "HTTP response header keys should be lowercase. Use `%{downcased}` instead of `%{original}`."
+        RESTRICT_ON_SEND = %i([]=).freeze
+
+        # Known HTTP headers (case-insensitive check)
+        KNOWN_HEADERS = Set.new(
+          %w(
+            Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges
+            Access-Control-Allow-Credentials Access-Control-Allow-Headers
+            Access-Control-Allow-Methods Access-Control-Allow-Origin
+            Access-Control-Allow-Private-Network Access-Control-Expose-Headers
+            Access-Control-Max-Age Access-Control-Request-Headers
+            Access-Control-Request-Method Age Allow Authorization
+            Cache-Control Connection Content-Disposition Content-Encoding
+            Content-Language Content-Length Content-Location Content-Range
+            Content-Security-Policy Content-Security-Policy-Report-Only
+            Content-Type Cookie Date ETag Expect
+            Expires Forwarded From Host If-Match If-Modified-Since
+            If-None-Match If-Range If-Unmodified-Since Last-Modified
+            Link Location Max-Forwards Origin Pragma Proxy-Authenticate
+            Proxy-Authorization Range Referer Referrer-Policy Retry-After
+            Server Set-Cookie SOAPAction Strict-Transport-Security TE Trailer
+            Transfer-Encoding Upgrade User-Agent Vary Via Warning
+            WWW-Authenticate X-Content-Type-Options X-Frame-Options
+            X-XSS-Protection X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto
+            X-Real-IP X-Request-ID X-Request-Start X-Requested-With
+          ).map(&:downcase)
+        ).freeze
+
+        def on_send(node)
+          return unless headers_assignment?(node)
+
+          key_node = node.first_argument
+          return unless key_node.str_type?
+
+          key_value = key_node.value
+          return unless uppercase_known_header?(key_value)
+
+          add_offense_for_header(key_node, key_value)
+        end
+        alias_method :on_csend, :on_send
+
+        private
+
+        def uppercase_known_header?(key)
+          return false if key.empty?
+          return false if key == key.downcase
+
+          KNOWN_HEADERS.include?(key.downcase)
+        end
+
+        # Matches:
+        #   headers['...'] = value (bare method call in controller)
+        #   response.headers['...'] = value
+        # Does NOT match:
+        #   conn.headers, request.headers, client.headers, etc.
+        def headers_assignment?(node)
+          receiver = node.receiver
+          # RESTRICT_ON_SEND ensures we only see []=, which always has a receiver
+          return false unless receiver.send_type?
+
+          headers_method_receiver?(receiver)
+        end
+
+        def headers_method_receiver?(receiver)
+          return false unless receiver.method?(:headers)
+
+          inner = receiver.receiver
+          if inner.nil?
+            # Bare `headers` method call (Rails controller helper)
+            true
+          elsif inner.send_type? && inner.receiver.nil? && inner.method?(:response)
+            # `response.headers`
+            true
+          elsif inner.lvar_type? && inner.children.first == :response
+            # `response.headers` where response is a local var
+            true
+          else
+            false
+          end
+        end
+
+        def add_offense_for_header(node, key_value)
+          downcased = key_value.downcase
+          message = format(MSG, downcased: downcased, original: key_value)
+
+          add_offense(node, message: message) do |corrector|
+            corrector.replace(node, "'#{downcased}'")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/gusto/config_yml.rb

@@ -18,7 +18,7 @@ module RuboCop
 
       # @param [String] file_path the path to the .rubocop.yml file
       def self.load_file(file_path = ".rubocop.yml")
-        new(File.readlines(file_path))
+        new(File.readlines(file_path, encoding: "UTF-8"))
       rescue Errno::ENOENT
         new([])
       end
@@ -75,9 +75,10 @@ module RuboCop
 
       def sort!
         # Sort the preamble chunks by our preferred order, falling back to key name
+        # Comment-only chunks (nil key) sort to the end with "ZZZZZ"
         preamble.sort_by! do |chunk|
           key = chunk_name(chunk)
-          PREAMBLE_KEYS.index(key)&.to_s || key
+          PREAMBLE_KEYS.index(key)&.to_s || key || "ZZZZZ"
         end
 
         # Sort the cops by their key name, putting comments at the top

data/lib/rubocop/gusto/version.rb

@@ -2,6 +2,6 @@
 
 module RuboCop
   module Gusto
-    VERSION = "10.3.0"
+    VERSION = "10.6.0"
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-gusto
 version: !ruby/object:Gem::Version
-  version: 10.3.0
+  version: 10.6.0
 platform: ruby
 authors:
 - Gusto Engineering
 bindir: exe
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: lint_roller
@@ -125,13 +125,13 @@ files:
 - lib/rubocop-gusto.rb
 - lib/rubocop/cop/gusto/bootsnap_load_file.rb
 - lib/rubocop/cop/gusto/datadog_constant.rb
+- lib/rubocop/cop/gusto/discouraged_gem.rb
 - lib/rubocop/cop/gusto/execute_migration.rb
 - lib/rubocop/cop/gusto/factory_classes_or_modules.rb
 - lib/rubocop/cop/gusto/min_by_max_by.rb
 - lib/rubocop/cop/gusto/no_metaprogramming.rb
 - lib/rubocop/cop/gusto/no_rescue_error_message_checking.rb
 - lib/rubocop/cop/gusto/no_send.rb
-- lib/rubocop/cop/gusto/object_in.rb
 - lib/rubocop/cop/gusto/paperclip_or_attachable.rb
 - lib/rubocop/cop/gusto/perform_class_method.rb
 - lib/rubocop/cop/gusto/polymorphic_type_validation.rb
@@ -147,6 +147,7 @@ files:
 - lib/rubocop/cop/gusto/vcr_recordings.rb
 - lib/rubocop/cop/internal_affairs/assignment_first.rb
 - lib/rubocop/cop/internal_affairs/require_restrict_on_send.rb
+- lib/rubocop/cop/rack/lowercase_header_keys.rb
 - lib/rubocop/gusto.rb
 - lib/rubocop/gusto/cli.rb
 - lib/rubocop/gusto/config_yml.rb
@@ -173,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.1
+rubygems_version: 3.6.2
 specification_version: 4
 summary: A gem for sharing gusto rubocop rules
 test_files: []

data/lib/rubocop/cop/gusto/object_in.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-module RuboCop
-  module Cop
-    module Gusto
-      # Identifies uses of `Object#in?`, which iterates over each
-      # item in a `Range` to see if a specified item is there. In contrast,
-      # `Range#cover?` simply compares the target item with the beginning and
-      # end points of the `Range`. In a great majority of cases, this is what
-      # is wanted.
-      #
-      # @safety
-      # This cop is unsafe. Here is an example of a case where `Range#cover?`
-      # may not provide the desired result:
-      #
-      #  ('a'..'z').cover?('yellow') # => true
-      #
-      class ObjectIn < Base
-        MSG = "Use `Range#cover?` instead of `Object#in?`."
-        RESTRICT_ON_SEND = [:in?].freeze
-
-        # @!method object_in(node)
-        def_node_matcher :object_in, <<-PATTERN
-          (call _ :in? {range (begin range)})
-        PATTERN
-
-        def on_send(node)
-          return unless object_in(node)
-
-          add_offense(node)
-        end
-        alias_method :on_csend, :on_send
-      end
-    end
-  end
-end