rubocop-netlify 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72d44485aa17e77116b7740e79593c17e6c0f181850cd187e0b66aa571187374
-  data.tar.gz: 98313e340f5d5db94a4684b8967ca6b5a62e3e64d1d46cc64f52e993beed7680
+  metadata.gz: f7840def645448a07e1449ee73e06840e07fbbc3f0b98446a16f6e0dd8a9290a
+  data.tar.gz: af284fab249cf5746b8cdf2bee7c4391a2a5b74beecadd300c70e4b336babeba
 SHA512:
-  metadata.gz: 63a173bf1181c0dd8ea4f50e86ccc378ba63b73265e20616e6f07f6b238ac3ddce08eecd18cb6b75f0f66475a1e41a400c44139e20b72263df39b4d1ef6e14c6
-  data.tar.gz: 20602c2ed24300084d38de95985bfc485434b167606febfbdd1d13195f697089cbccae903e74331e142bdf1c25fa7da2b6b8872c22e120cbb2175cd384aef62f
+  metadata.gz: aa2f814950a4fb23af00edd90b1fa78eaf3c8b2889470e4b5b79bc35e3a3ce87cc07b5a961724bce2b670037150e83bcdc8924e9e74916036fbe6107442789a7
+  data.tar.gz: 202af5b55defcbe32e56fe189907609ac95062a21765096d7e662e6df82354fc25690b911e9ba00e10110f19c6249e618449ccf6b29d4f5954e10d69ef5e28cf

data/.github/workflows/fossa.yml

@@ -3,8 +3,8 @@ name: Dependency License Scanning
 on:
   push:
     branches:
-      - master
       - chore/fossa-workflow
+      - main
 
 defaults:
   run:
@@ -21,7 +21,6 @@ jobs:
           mkdir -p $HOME/.local/bin
           curl https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash -s -- -b $HOME/.local/bin
           echo "$HOME/.local/bin" >> $GITHUB_PATH
-
       - name: Fossa init
         run: fossa init
       - name: Set env
@@ -34,3 +33,4 @@ jobs:
         run: fossa analyze --debug
         env:
           FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+

data/README.md

@@ -27,3 +27,12 @@ bundle exec rake test
 
 ## The Cops
 All cops are located under [lib/rubocop/cop/netlify](lib/rubocop/cop/netlify), and contain examples/documentation.
+
+## Release
+
+1. Make sure you have an account in https://rubygems.org/ and be a part of https://rubygems.org/gems/rubocop-netlify owners
+2. Update a version in [lib/rubocop/netlify/version.rb](lib/rubocop/netlify/version.rb)
+3. Tag it (also maybe make a new release in GitHub)
+4. Run `gem build rubocop-netlify.gemspec` to build a gem
+5. Run `gem push` with a newly created gem file
+6. Done done!

data/lib/rubocop/cop/netlify/rails_env_check.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module RuboCop
+    module Cop
+      module Netlify
+        # This cop checks for use of Rails.env to check the environment
+        #
+        # @example
+        #   # bad
+        #   Rails.env.production?
+        #
+        #   # good
+        #   Netlify.env.production?
+        class RailsEnvCheck < Cop
+          MSG = "Prefer using `Netlify.env` instead of `Rails.env` to check the environment"
+
+          def_node_matcher :rails_env?, <<~PATTERN
+            (send (send (const {nil? cbase} :Rails) :env) /staging?|production?/)
+          PATTERN
+
+          def on_send(node)
+            add_offense(node) if rails_env? node
+          end
+        end
+      end
+    end
+  end

data/lib/rubocop/cop/netlify/require_scope_base.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Netlify
+      class RequireScopeBase < Cop
+        RESTRICT_ON_SEND = [:require_scope, :public, :private, :protected]
+        
+        def on_class(node)
+          @require_scopes = []
+          @method_protection = :public
+          @is_controller = node.identifier.short_name.to_s.end_with?("Controller")
+        end
+        
+        def on_send(node)
+          if node.method_name == :require_scope
+            scopes = []
+            limits = {}
+            node.arguments.each do |option|
+              if option.is_a? RuboCop::AST::StrNode
+                scopes << option.value
+              elsif option.is_a? RuboCop::AST::HashNode
+                option.pairs.each do |pair|
+                  if pair.value.is_a? RuboCop::AST::ArrayNode
+                    limits[pair.key.value] = pair.value.values.map(&:value)
+                  elsif pair.value.is_a? RuboCop::AST::SymbolNode
+                    limits[pair.key.value] = [pair.value.value]
+                  end
+                end
+              end
+            end
+
+            @require_scopes << {
+              scopes: scopes,
+              limits: limits,
+              node: node
+            }
+          else
+            @method_protection = node.method_name
+          end
+        end
+
+        private
+
+        def require_scopes_for_method(action)
+          matches = []
+          @require_scopes.each do |require_scope|
+            if require_scope[:limits][:only]
+              matches << require_scope if require_scope[:limits][:only].include?(action)
+            elsif require_scope[:limits][:except]
+              matches << require_scope unless require_scope[:limits][:except].include?(action)
+            else
+              matches << require_scope
+            end
+          end
+
+          return matches
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/netlify/require_scope_duplication.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require_relative "require_scope_base"
+
+module RuboCop
+  module Cop
+    module Netlify
+      # This cop checks OAuth scope definition duplication
+      #
+      # @example
+      #   # bad
+      #   require_scope "all:read"
+      #   require_scope "public"
+      #
+      #   # good
+      #   require_scope "public", "all:read"
+      #
+      #   # bad
+      #   require_scope "all:read", only: :index
+      #   require_scope "all:read", only: [:index, :show]
+      #
+      #   # good
+      #   require_scope "all:read", only: [:index, :show]
+      #
+      #   # bad
+      #   require_scope "all:read"
+      #   require_scope "all:write"
+      #
+      #   # good
+      #   require_scope "??" # Be careful! 
+      class RequireScopeDuplication < RequireScopeBase
+        def on_def(node)
+          return unless @is_controller
+          return unless @method_protection == :public
+      
+          require_scopes = require_scopes_for_method(node.method_name)
+          if require_scopes.size > 1
+            add_offense(require_scopes.last[:node], message: "Multiple overlapping definitions: #{require_scopes.map { |rs| rs[:scopes].inspect }.join(" and ")}.")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/netlify/require_scope_semantics.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require_relative "require_scope_base"
+
+module RuboCop
+  module Cop
+    module Netlify
+      # This cop checks OAuth scope semantic mismatches
+      #
+      # @example
+      #   # bad
+      #   require_scope "all:read"
+      #   def destroy
+      #
+      #   # good
+      #   require_scope "all:read"
+      #   def index
+      class RequireScopeSemantics < RequireScopeBase
+        WRITE_KEYWORDS = ["update", "create", "destroy", "new", "edit", "revoke", "delete"].freeze
+        READ_KEYWORDS = ["show", "index"].freeze
+
+        def on_def(node)
+          return unless @is_controller
+          return unless @method_protection == :public
+
+          require_scopes = require_scopes_for_method(node.method_name)
+          return if require_scopes.empty?
+          require_scope = require_scopes.last # this is the observed matching behavior
+          scopes = require_scope[:scopes]
+
+          if WRITE_KEYWORDS.any? { |s| node.method_name.to_s.include?(s) }
+            read_semantic_scopes = scopes.select { |scope| scope.include?("read") }
+            unless read_semantic_scopes.empty?
+              add_offense(node, message: format("Semantic naming mismatch between method `%s` and scope `%s`", node.method_name, read_semantic_scopes[0]))
+            end
+          end
+
+          if READ_KEYWORDS.any? { |s| node.method_name.to_s.include?(s) }
+            write_semantic_scopes = scopes.select { |scope| scope.include?("write") }
+            unless write_semantic_scopes.empty?
+              add_offense(node, message: format("Semantic naming mismatch between method `%s` and scope `%s`", node.method_name, write_semantic_scopes[0]))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/netlify_cops.rb

@@ -3,3 +3,6 @@
 require_relative "netlify/request_tests_param_encoding"
 require_relative "netlify/sidekiq_keyword_arguments"
 require_relative "netlify/invalid_model_assignment"
+require_relative "netlify/rails_env_check"
+require_relative "netlify/require_scope_semantics"
+require_relative "netlify/require_scope_duplication"

data/lib/rubocop/netlify/version.rb

@@ -2,6 +2,6 @@
 
 module RuboCop
   module Netlify
-    VERSION = "0.5.0"
+    VERSION = "0.6.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-netlify
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Esteban Pastorino
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-11 00:00:00.000000000 Z
+date: 2023-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -62,7 +62,11 @@ files:
 - bin/setup
 - lib/rubocop-netlify.rb
 - lib/rubocop/cop/netlify/invalid_model_assignment.rb
+- lib/rubocop/cop/netlify/rails_env_check.rb
 - lib/rubocop/cop/netlify/request_tests_param_encoding.rb
+- lib/rubocop/cop/netlify/require_scope_base.rb
+- lib/rubocop/cop/netlify/require_scope_duplication.rb
+- lib/rubocop/cop/netlify/require_scope_semantics.rb
 - lib/rubocop/cop/netlify/sidekiq_keyword_arguments.rb
 - lib/rubocop/cop/netlify_cops.rb
 - lib/rubocop/netlify.rb
@@ -72,7 +76,7 @@ homepage: https://github.com/netlify/rubocop-netlify
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -87,8 +91,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: RuboCop Netlify
 test_files: []