rubocop-rails 2.0.1 → 2.19.1

data/lib/rubocop/cop/rails/match_route.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Identifies places where defining routes with `match`
+      # can be replaced with a specific HTTP method.
+      #
+      # Don't use `match` to define any routes unless there is a need to map multiple request types
+      # among [:get, :post, :patch, :put, :delete] to a single action using the `:via` option.
+      #
+      # @example
+      #   # bad
+      #   match ':controller/:action/:id'
+      #   match 'photos/:id', to: 'photos#show', via: :get
+      #
+      #   # good
+      #   get ':controller/:action/:id'
+      #   get 'photos/:id', to: 'photos#show'
+      #   match 'photos/:id', to: 'photos#show', via: [:get, :post]
+      #   match 'photos/:id', to: 'photos#show', via: :all
+      #
+      class MatchRoute < Base
+        extend AutoCorrector
+
+        MSG = 'Use `%<http_method>s` instead of `match` to define a route.'
+        RESTRICT_ON_SEND = %i[match].freeze
+        HTTP_METHODS = %i[get post put patch delete].freeze
+
+        def_node_matcher :match_method_call?, <<~PATTERN
+          (send nil? :match $_ $(hash ...) ?)
+        PATTERN
+
+        def on_send(node)
+          match_method_call?(node) do |path_node, options_node|
+            return unless within_routes?(node)
+
+            options_node = path_node.hash_type? ? path_node : options_node.first
+
+            if options_node.nil?
+              register_offense(node, 'get')
+            else
+              via = extract_via(options_node)
+              return unless via.size == 1 && http_method?(via.first)
+
+              register_offense(node, via.first)
+            end
+          end
+        end
+
+        private
+
+        def register_offense(node, http_method)
+          add_offense(node, message: format(MSG, http_method: http_method)) do |corrector|
+            match_method_call?(node) do |path_node, options_node|
+              options_node = options_node.first
+
+              corrector.replace(node, replacement(path_node, options_node))
+            end
+          end
+        end
+
+        def_node_matcher :routes_draw?, <<~PATTERN
+          (send (send _ :routes) :draw)
+        PATTERN
+
+        def within_routes?(node)
+          node.each_ancestor(:block).any? { |a| routes_draw?(a.send_node) }
+        end
+
+        def extract_via(node)
+          via_pair = via_pair(node)
+          return %i[get] unless via_pair
+
+          _, via = *via_pair
+
+          if via.basic_literal?
+            [via.value]
+          elsif via.array_type?
+            via.values.map(&:value)
+          else
+            []
+          end
+        end
+
+        def via_pair(node)
+          node.pairs.find { |p| p.key.value == :via }
+        end
+
+        def http_method?(method)
+          HTTP_METHODS.include?(method.to_sym)
+        end
+
+        def replacement(path_node, options_node)
+          if path_node.hash_type?
+            http_method, options = *http_method_and_options(path_node)
+            "#{http_method} #{options.map(&:source).join(', ')}"
+          elsif options_node.nil?
+            "get #{path_node.source}"
+          else
+            http_method, options = *http_method_and_options(options_node)
+
+            if options.any?
+              "#{http_method} #{path_node.source}, #{options.map(&:source).join(', ')}"
+            else
+              "#{http_method} #{path_node.source}"
+            end
+          end
+        end
+
+        def http_method_and_options(node)
+          via_pair = via_pair(node)
+          http_method = extract_via(node).first
+          rest_pairs = node.pairs - [via_pair]
+          [http_method, rest_pairs]
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/migration_class_name.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Makes sure that each migration file defines a migration class
+      # whose name matches the file name.
+      # (e.g. `20220224111111_create_users.rb` should define `CreateUsers` class.)
+      #
+      # @example
+      #   # db/migrate/20220224111111_create_users.rb
+      #
+      #   # bad
+      #   class SellBooks < ActiveRecord::Migration[7.0]
+      #   end
+      #
+      #   # good
+      #   class CreateUsers < ActiveRecord::Migration[7.0]
+      #   end
+      #
+      class MigrationClassName < Base
+        extend AutoCorrector
+        include MigrationsHelper
+
+        MSG = 'Replace with `%<camelized_basename>s` that matches the file name.'
+
+        def on_class(node)
+          return unless migration_class?(node)
+
+          basename = basename_without_timestamp_and_suffix(processed_source.file_path)
+
+          class_identifier = node.identifier.location.name
+          camelized_basename = camelize(basename)
+          return if class_identifier.source.casecmp(camelized_basename).zero?
+
+          message = format(MSG, camelized_basename: camelized_basename)
+
+          add_offense(class_identifier, message: message) do |corrector|
+            corrector.replace(class_identifier, camelized_basename)
+          end
+        end
+
+        private
+
+        def basename_without_timestamp_and_suffix(filepath)
+          basename = File.basename(filepath, '.rb')
+          basename = remove_gem_suffix(basename)
+
+          basename.sub(/\A\d+_/, '')
+        end
+
+        # e.g.: from `add_blobs.active_storage` to `add_blobs`.
+        def remove_gem_suffix(file_name)
+          file_name.sub(/\..+\z/, '')
+        end
+
+        def camelize(word)
+          word.split('_').map(&:capitalize).join
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/negate_include.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Enforces the use of `collection.exclude?(obj)`
+      # over `!collection.include?(obj)`.
+      #
+      # @safety
+      #   This cop is unsafe because false positive will occur for
+      #   receiver objects that do not have an `exclude?` method. (e.g. `IPAddr`)
+      #
+      # @example
+      #   # bad
+      #   !array.include?(2)
+      #   !hash.include?(:key)
+      #
+      #   # good
+      #   array.exclude?(2)
+      #   hash.exclude?(:key)
+      #
+      class NegateInclude < Base
+        extend AutoCorrector
+
+        MSG = 'Use `.exclude?` and remove the negation part.'
+        RESTRICT_ON_SEND = %i[!].freeze
+
+        def_node_matcher :negate_include_call?, <<~PATTERN
+          (send (send $!nil? :include? $_) :!)
+        PATTERN
+
+        def on_send(node)
+          return unless (receiver, obj = negate_include_call?(node))
+
+          add_offense(node) do |corrector|
+            corrector.replace(node, "#{receiver.source}.exclude?(#{obj.source})")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/not_null_column.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Cop
     module Rails
-      # This cop checks for add_column call with NOT NULL constraint
+      # Checks for add_column call with NOT NULL constraint
       # in migration file.
       #
       # @example
@@ -16,22 +16,23 @@ module RuboCop
       #   add_column :users, :name, :string, null: false, default: ''
       #   add_reference :products, :category
       #   add_reference :products, :category, null: false, default: 1
-      class NotNullColumn < Cop
+      class NotNullColumn < Base
         MSG = 'Do not add a NOT NULL column without a default value.'
+        RESTRICT_ON_SEND = %i[add_column add_reference].freeze
 
-        def_node_matcher :add_not_null_column?, <<-PATTERN
-          (send nil? :add_column _ _ _ (hash $...))
+        def_node_matcher :add_not_null_column?, <<~PATTERN
+          (send nil? :add_column _ _ $_ (hash $...))
         PATTERN
 
-        def_node_matcher :add_not_null_reference?, <<-PATTERN
+        def_node_matcher :add_not_null_reference?, <<~PATTERN
           (send nil? :add_reference _ _ (hash $...))
         PATTERN
 
-        def_node_matcher :null_false?, <<-PATTERN
+        def_node_matcher :null_false?, <<~PATTERN
           (pair (sym :null) (false))
         PATTERN
 
-        def_node_matcher :default_option?, <<-PATTERN
+        def_node_matcher :default_option?, <<~PATTERN
           (pair (sym :default) !nil)
         PATTERN
 
@@ -43,17 +44,20 @@ module RuboCop
         private
 
         def check_add_column(node)
-          pairs = add_not_null_column?(node)
-          check_pairs(pairs)
+          add_not_null_column?(node) do |type, pairs|
+            return if type.value == :virtual || type.value == 'virtual'
+
+            check_pairs(pairs)
+          end
         end
 
         def check_add_reference(node)
-          pairs = add_not_null_reference?(node)
-          check_pairs(pairs)
+          add_not_null_reference?(node) do |pairs|
+            check_pairs(pairs)
+          end
         end
 
         def check_pairs(pairs)
-          return unless pairs
           return if pairs.any? { |pair| default_option?(pair) }
 
           null_false = pairs.find { |pair| null_false?(pair) }

data/lib/rubocop/cop/rails/order_by_id.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Checks for places where ordering by `id` column is used.
+      #
+      # Don't use the `id` column for ordering. The sequence of ids is not guaranteed
+      # to be in any particular order, despite often (incidentally) being chronological.
+      # Use a timestamp column to order chronologically. As a bonus the intent is clearer.
+      #
+      # NOTE: Make sure the changed order column does not introduce performance
+      # bottlenecks and appropriate database indexes are added.
+      #
+      # @example
+      #   # bad
+      #   scope :chronological, -> { order(id: :asc) }
+      #   scope :chronological, -> { order(primary_key => :asc) }
+      #
+      #   # good
+      #   scope :chronological, -> { order(created_at: :asc) }
+      #
+      class OrderById < Base
+        include RangeHelp
+
+        MSG = 'Do not use the `id` column for ordering. Use a timestamp column to order chronologically.'
+        RESTRICT_ON_SEND = %i[order].freeze
+
+        def_node_matcher :order_by_id?, <<~PATTERN
+          (send _ :order
+            {
+              (sym :id)
+              (hash (pair (sym :id) _))
+              (send _ :primary_key)
+              (hash (pair (send _ :primary_key) _))
+            })
+        PATTERN
+
+        def on_send(node)
+          add_offense(offense_range(node)) if order_by_id?(node)
+        end
+
+        private
+
+        def offense_range(node)
+          range_between(node.loc.selector.begin_pos, node.source_range.end_pos)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/output.rb

@@ -3,7 +3,11 @@
 module RuboCop
   module Cop
     module Rails
-      # This cop checks for the use of output calls like puts and print
+      # Checks for the use of output calls like puts and print
+      #
+      # @safety
+      #   This cop's autocorrection is unsafe because depending on the Rails log level configuration,
+      #   changing from `puts` to `Rails.logger.debug` could result in no output being shown.
       #
       # @example
       #   # bad
@@ -13,29 +17,36 @@ module RuboCop
       #
       #   # good
       #   Rails.logger.debug 'A debug message'
-      class Output < Cop
-        MSG = 'Do not write to stdout. ' \
-              "Use Rails's logger if you want to log."
+      class Output < Base
+        include RangeHelp
+        extend AutoCorrector
+
+        MSG = "Do not write to stdout. Use Rails's logger if you want to log."
+        RESTRICT_ON_SEND = %i[ap p pp pretty_print print puts binwrite syswrite write write_nonblock].freeze
 
-        def_node_matcher :output?, <<-PATTERN
+        def_node_matcher :output?, <<~PATTERN
           (send nil? {:ap :p :pp :pretty_print :print :puts} ...)
         PATTERN
 
-        def_node_matcher :io_output?, <<-PATTERN
+        def_node_matcher :io_output?, <<~PATTERN
           (send
             {
               (gvar #match_gvar?)
-              {(const nil? :STDOUT) (const nil? :STDERR)}
+              (const {nil? cbase} {:STDOUT :STDERR})
             }
             {:binwrite :syswrite :write :write_nonblock}
             ...)
         PATTERN
 
         def on_send(node)
-          return unless (output?(node) || io_output?(node)) &&
-                        node.arguments?
+          return if node.parent&.call_type?
+          return unless output?(node) || io_output?(node)
+
+          range = offense_range(node)
 
-          add_offense(node, location: :selector)
+          add_offense(range) do |corrector|
+            corrector.replace(range, 'Rails.logger.debug')
+          end
         end
 
         private
@@ -43,6 +54,14 @@ module RuboCop
         def match_gvar?(sym)
           %i[$stdout $stderr].include?(sym)
         end
+
+        def offense_range(node)
+          if node.receiver
+            range_between(node.source_range.begin_pos, node.loc.selector.end_pos)
+          else
+            node.loc.selector
+          end
+        end
       end
     end
   end

data/lib/rubocop/cop/rails/output_safety.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Cop
     module Rails
-      # This cop checks for the use of output safety calls like `html_safe`,
+      # Checks for the use of output safety calls like `html_safe`,
       # `raw`, and `safe_concat`. These methods do not escape content. They
       # simply return a SafeBuffer containing the content as is. Instead,
       # use `safe_join` to join content and escape it and concat to
@@ -62,17 +62,22 @@ module RuboCop
       #   safe_join([user_content, " ", content_tag(:span, user_content)])
       #   # => ActiveSupport::SafeBuffer
       #   #    "&lt;b&gt;hi&lt;/b&gt; <span>&lt;b&gt;hi&lt;/b&gt;</span>"
-      class OutputSafety < Cop
+      class OutputSafety < Base
         MSG = 'Tagging a string as html safe may be a security risk.'
+        RESTRICT_ON_SEND = %i[html_safe raw safe_concat].freeze
+
+        def_node_search :i18n_method?, <<~PATTERN
+          (send {nil? (const {nil? cbase} :I18n)} {:t :translate :l :localize} ...)
+        PATTERN
 
         def on_send(node)
-          return if non_interpolated_string?(node)
+          return if non_interpolated_string?(node) || i18n_method?(node)
 
           return unless looks_like_rails_html_safe?(node) ||
                         looks_like_rails_raw?(node) ||
                         looks_like_rails_safe_concat?(node)
 
-          add_offense(node, location: :selector)
+          add_offense(node.loc.selector)
         end
         alias on_csend on_send
 

data/lib/rubocop/cop/rails/pick.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Enforces the use of `pick` over `pluck(...).first`.
+      #
+      # Using `pluck` followed by `first` creates an intermediate array, which
+      # `pick` avoids. When called on an Active Record relation, `pick` adds a
+      # limit to the query so that only one value is fetched from the database.
+      #
+      # @safety
+      #   This cop is unsafe because `pluck` is defined on both `ActiveRecord::Relation` and `Enumerable`,
+      #   whereas `pick` is only defined on `ActiveRecord::Relation` in Rails 6.0. This was addressed
+      #   in Rails 6.1 via rails/rails#38760, at which point the cop is safe.
+      #
+      #   See: https://github.com/rubocop/rubocop-rails/pull/249
+      #
+      # @example
+      #   # bad
+      #   Model.pluck(:a).first
+      #   [{ a: :b, c: :d }].pluck(:a, :b).first
+      #
+      #   # good
+      #   Model.pick(:a)
+      #   [{ a: :b, c: :d }].pick(:a, :b)
+      class Pick < Base
+        extend AutoCorrector
+        extend TargetRailsVersion
+
+        MSG = 'Prefer `pick(%<args>s)` over `pluck(%<args>s).first`.'
+        RESTRICT_ON_SEND = %i[first].freeze
+
+        minimum_target_rails_version 6.0
+
+        def_node_matcher :pick_candidate?, <<~PATTERN
+          (send (send _ :pluck ...) :first)
+        PATTERN
+
+        def on_send(node)
+          pick_candidate?(node) do
+            receiver = node.receiver
+            receiver_selector = receiver.loc.selector
+            node_selector = node.loc.selector
+            range = receiver_selector.join(node_selector)
+
+            add_offense(range, message: message(receiver)) do |corrector|
+              first_range = receiver.source_range.end.join(node_selector)
+
+              corrector.remove(first_range)
+              corrector.replace(receiver_selector, 'pick')
+            end
+          end
+        end
+
+        private
+
+        def message(receiver)
+          format(MSG, args: receiver.arguments.map(&:source).join(', '))
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/pluck.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Enforces the use of `pluck` over `map`.
+      #
+      # `pluck` can be used instead of `map` to extract a single key from each
+      # element in an enumerable. When called on an Active Record relation, it
+      # results in a more efficient query that only selects the necessary key.
+      #
+      # @safety
+      #   This cop is unsafe because model can use column aliases.
+      #
+      #   [source,ruby]
+      #   ----
+      #   # Original code
+      #   User.select('name AS nickname').map { |user| user[:nickname] } # => array of nicknames
+      #
+      #   # After autocorrection
+      #   User.select('name AS nickname').pluck(:nickname) # => raises ActiveRecord::StatementInvalid
+      #   ----
+      #
+      # @example
+      #   # bad
+      #   Post.published.map { |post| post[:title] }
+      #   [{ a: :b, c: :d }].collect { |el| el[:a] }
+      #
+      #   # good
+      #   Post.published.pluck(:title)
+      #   [{ a: :b, c: :d }].pluck(:a)
+      class Pluck < Base
+        extend AutoCorrector
+        extend TargetRailsVersion
+
+        MSG = 'Prefer `%<replacement>s` over `%<current>s`.'
+
+        minimum_target_rails_version 5.0
+
+        def_node_matcher :pluck_candidate?, <<~PATTERN
+          ({block numblock} (send _ {:map :collect}) $_argument (send lvar :[] $_key))
+        PATTERN
+
+        def on_block(node)
+          pluck_candidate?(node) do |argument, key|
+            next if key.regexp_type? || !use_one_block_argument?(argument)
+
+            match = if node.block_type?
+                      block_argument = argument.children.first.source
+                      use_block_argument_in_key?(block_argument, key)
+                    else # numblock
+                      argument == 1 && use_block_argument_in_key?('_1', key)
+                    end
+            next unless match
+
+            register_offense(node, key)
+          end
+        end
+        alias on_numblock on_block
+
+        private
+
+        def use_one_block_argument?(argument)
+          return true if argument == 1 # Checks for numbered argument `_1`.
+
+          argument.respond_to?(:one?) && argument.one?
+        end
+
+        def use_block_argument_in_key?(block_argument, key)
+          return false if block_argument == key.source
+
+          key.each_descendant(:lvar).none? { |lvar| block_argument == lvar.source }
+        end
+
+        def offense_range(node)
+          node.send_node.loc.selector.join(node.loc.end)
+        end
+
+        def register_offense(node, key)
+          replacement = "pluck(#{key.source})"
+          message = message(replacement, node)
+
+          add_offense(offense_range(node), message: message) do |corrector|
+            corrector.replace(offense_range(node), replacement)
+          end
+        end
+
+        def message(replacement, node)
+          current = offense_range(node).source
+
+          format(MSG, replacement: replacement, current: current)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/pluck_id.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Enforces the use of `ids` over `pluck(:id)` and `pluck(primary_key)`.
+      #
+      # @safety
+      #   This cop is unsafe if the receiver object is not an Active Record object.
+      #
+      # @example
+      #   # bad
+      #   User.pluck(:id)
+      #   user.posts.pluck(:id)
+      #
+      #   def self.user_ids
+      #     pluck(primary_key)
+      #   end
+      #
+      #   # good
+      #   User.ids
+      #   user.posts.ids
+      #
+      #   def self.user_ids
+      #     ids
+      #   end
+      #
+      class PluckId < Base
+        include RangeHelp
+        include ActiveRecordHelper
+        extend AutoCorrector
+
+        MSG = 'Use `ids` instead of `%<bad_method>s`.'
+        RESTRICT_ON_SEND = %i[pluck].freeze
+
+        def_node_matcher :pluck_id_call?, <<~PATTERN
+          (send _ :pluck {(sym :id) (send nil? :primary_key)})
+        PATTERN
+
+        def on_send(node)
+          return if !pluck_id_call?(node) || in_where?(node)
+
+          range = offense_range(node)
+          message = format(MSG, bad_method: range.source)
+
+          add_offense(range, message: message) do |corrector|
+            corrector.replace(offense_range(node), 'ids')
+          end
+        end
+
+        private
+
+        def offense_range(node)
+          range_between(node.loc.selector.begin_pos, node.source_range.end_pos)
+        end
+      end
+    end
+  end
+end