rubocop-rails 2.19.1 → 2.21.2

data/lib/rubocop/cop/rails/dangerous_column_names.rb

@@ -0,0 +1,439 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Avoid dangerous column names.
+      #
+      # Some column names are considered dangerous because they would overwrite methods already defined.
+      #
+      # @example
+      #   # bad
+      #   add_column :users, :save
+      #
+      #   # good
+      #   add_column :users, :saved
+      class DangerousColumnNames < Base # rubocop:disable Metrics/ClassLength
+        COLUMN_TYPE_METHOD_NAMES = %i[
+          bigint
+          binary
+          blob
+          boolean
+          date
+          datetime
+          decimal
+          float
+          integer
+          numeric
+          primary_key
+          string
+          text
+          time
+        ].to_set.freeze
+
+        # Generated from `ActiveRecord::AttributeMethods.dangerous_attribute_methods` on activerecord 7.0.5.
+        # rubocop:disable Metrics/CollectionLiteralLength
+        DANGEROUS_COLUMN_NAMES = %w[
+          __callbacks
+          _assign_attribute
+          _assign_attributes
+          _before_commit_callbacks
+          _commit_callbacks
+          _committed_already_called
+          _create_callbacks
+          _create_record
+          _delete_row
+          _destroy
+          _destroy_callbacks
+          _ensure_no_duplicate_errors
+          _find_callbacks
+          _find_record
+          _has_attribute
+          _initialize_callbacks
+          _lock_value_for_database
+          _merge_attributes
+          _primary_key_constraints_hash
+          _raise_readonly_record_error
+          _raise_record_not_destroyed
+          _raise_record_not_touched_error
+          _read_attribute
+          _record_changed
+          _reflections
+          _rollback_callbacks
+          _run_before_commit_callbacks
+          _run_commit_callbacks
+          _run_create_callbacks
+          _run_destroy_callbacks
+          _run_find_callbacks
+          _run_initialize_callbacks
+          _run_rollback_callbacks
+          _run_save_callbacks
+          _run_touch_callbacks
+          _run_update_callbacks
+          _run_validate_callbacks
+          _run_validation_callbacks
+          _save_callbacks
+          _touch_callbacks
+          _touch_row
+          _trigger_destroy_callback
+          _trigger_update_callback
+          _update_callbacks
+          _update_record
+          _update_row
+          _validate_callbacks
+          _validation_callbacks
+          _validators
+          _write_attribute
+          []
+          []=
+          accessed_fields
+          add_to_transaction
+          aggregate_reflections
+          all_timestamp_attributes_in_model
+          allow_destroy
+          apply_scoping
+          around_save_collection_association
+          assign_attributes
+          assign_multiparameter_attributes
+          assign_nested_attributes_for_collection_association
+          assign_nested_attributes_for_one_to_one_association
+          assign_nested_parameter_attributes
+          assign_to_or_mark_for_destruction
+          associated_records_to_validate_or_save
+          association
+          association_cached
+          association_foreign_key_changed
+          association_instance_get
+          association_instance_set
+          association_valid
+          attachment_changes
+          attachment_reflections
+          attribute
+          attribute_aliases
+          attribute_before_last_save
+          attribute_before_type_cast
+          attribute_came_from_user
+          attribute_change
+          attribute_change_to_be_saved
+          attribute_changed
+          attribute_changed_in_place
+          attribute_for_database
+          attribute_for_inspect
+          attribute_in_database
+          attribute_method
+          attribute_method_matchers
+          attribute_missing
+          attribute_names
+          attribute_names_for_partial_inserts
+          attribute_names_for_partial_updates
+          attribute_names_for_serialization
+          attribute_present
+          attribute_previous_change
+          attribute_previously_changed
+          attribute_previously_was
+          attribute_was
+          attribute_will_change
+          attribute=
+          attributes
+          attributes_before_type_cast
+          attributes_for_create
+          attributes_for_database
+          attributes_for_update
+          attributes_in_database
+          attributes_with_values
+          attributes=
+          automatic_scope_inversing
+          becomes
+          before_committed
+          belongs_to_touch_method
+          broadcast_action
+          broadcast_action_later
+          broadcast_action_later_to
+          broadcast_action_to
+          broadcast_after_to
+          broadcast_append
+          broadcast_append_later
+          broadcast_append_later_to
+          broadcast_append_to
+          broadcast_before_to
+          broadcast_prepend
+          broadcast_prepend_later
+          broadcast_prepend_later_to
+          broadcast_prepend_to
+          broadcast_remove
+          broadcast_remove_to
+          broadcast_render
+          broadcast_render_later
+          broadcast_render_later_to
+          broadcast_render_to
+          broadcast_rendering_with_defaults
+          broadcast_replace
+          broadcast_replace_later
+          broadcast_replace_later_to
+          broadcast_replace_to
+          broadcast_target_default
+          broadcast_update
+          broadcast_update_later
+          broadcast_update_later_to
+          broadcast_update_to
+          build_decrypt_attribute_assignments
+          build_encrypt_attribute_assignments
+          cache_key
+          cache_key_with_version
+          cache_timestamp_format
+          cache_version
+          cache_versioning
+          call_reject_if
+          can_use_fast_cache_version
+          cant_modify_encrypted_attributes_when_frozen
+          changed
+          changed_attribute_names_to_save
+          changed_attributes
+          changed_for_autosave
+          changes
+          changes_applied
+          changes_to_save
+          check_record_limit
+          ciphertext_for
+          clear_attribute_change
+          clear_attribute_changes
+          clear_changes_information
+          clear_timestamp_attributes
+          clear_transaction_record_state
+          collection_cache_versioning
+          column_for_attribute
+          committed
+          connection_handler
+          create_or_update
+          current_time_from_proper_timezone
+          custom_inspect_method_defined
+          custom_validation_context
+          decrement
+          decrypt
+          decrypt_attributes
+          decrypt_rich_texts
+          default_connection_handler
+          default_role
+          default_scope_override
+          default_scopes
+          default_shard
+          default_validation_context
+          defined_enums
+          delete
+          destroy
+          destroy_association_async_job
+          destroy_associations
+          destroy_row
+          destroyed
+          destroyed_by_association
+          destroyed_by_association=
+          each_counter_cached_associations
+          encode_with
+          encrypt
+          encrypt_attributes
+          encrypt_rich_texts
+          encryptable_rich_texts
+          encrypted_attribute
+          encrypted_attributes
+          encrypted_attributes=
+          ensure_proper_type
+          errors
+          execute_callstack_for_multiparameter_attributes
+          extract_callstack_for_multiparameter_attributes
+          find_parameter_position
+          forget_attribute_assignments
+          format_for_inspect
+          from_json
+          halted_callback_hook
+          has_attribute
+          has_changes_to_save
+          has_defer_touch_attrs
+          has_destroy_flag
+          has_encrypted_attributes
+          has_encrypted_rich_texts
+          has_transactional_callbacks
+          id
+          id_before_type_cast
+          id_for_database
+          id_in_database
+          id_was
+          id=
+          include_root_in_json
+          increment
+          init_internals
+          init_with
+          init_with_attributes
+          initialize_internals_callback
+          inspection_filter
+          invalid
+          lock
+          lock_optimistically
+          locking_enabled
+          logger
+          mark_for_destruction
+          marked_for_destruction
+          matched_attribute_method
+          max_updated_column_timestamp
+          missing_attribute
+          model_name
+          mutations_before_last_save
+          mutations_from_database
+          nested_attributes_options
+          nested_records_changed_for_autosave
+          new_record
+          no_touching
+          normalize_reflection_attribute
+          partial_inserts
+          partial_updates
+          perform_validations
+          persisted
+          pk_attribute
+          pluralize_table_names
+          populate_with_current_scope_attributes
+          previous_changes
+          previously_new_record
+          previously_persisted
+          primary_key_prefix_type
+          query_attribute
+          raise_nested_attributes_record_not_found
+          raise_validation_error
+          raw_timestamp_to_cache_version
+          read_attribute
+          read_attribute_before_type_cast
+          read_attribute_for_serialization
+          read_attribute_for_validation
+          read_store_attribute
+          readonly
+          record_timestamps
+          record_timestamps=
+          reject_new_record
+          reload
+          remember_transaction_record_state
+          respond_to_without_attributes
+          restore_attribute
+          restore_attributes
+          restore_transaction_record_state
+          rolledback
+          run_callbacks
+          run_validations
+          sanitize_for_mass_assignment
+          sanitize_forbidden_attributes
+          save
+          save_belongs_to_association
+          save_collection_association
+          save_has_one_association
+          saved_change_to_attribute
+          saved_changes
+          serializable_add_includes
+          serializable_attributes
+          serializable_hash
+          should_record_timestamps
+          signed_id
+          signed_id_verifier_secret
+          skip_time_zone_conversion_for_attributes
+          slice
+          store_accessor_for
+          store_full_class_name
+          store_full_sti_class
+          strict_loaded_associations
+          strict_loading
+          strict_loading_mode
+          strict_loading_n_plus_one_only
+          surreptitiously_touch
+          table_name_prefix
+          table_name_suffix
+          time_zone_aware_attributes
+          time_zone_aware_types
+          timestamp_attributes_for_create_in_model
+          timestamp_attributes_for_update_in_model
+          to_ary
+          to_gid
+          to_gid_param
+          to_global_id
+          to_key
+          to_model
+          to_partial_path
+          to_sgid
+          to_sgid_param
+          to_signed_global_id
+          toggle
+          touch
+          touch_deferred_attributes
+          touch_later
+          transaction
+          transaction_include_any_action
+          trigger_transactional_callbacks
+          type_cast_attribute_value
+          type_for_attribute
+          update
+          update_attribute
+          update_column
+          update_columns
+          valid
+          validate
+          validate_collection_association
+          validate_encryption_allowed
+          validate_single_association
+          validates_absence_of
+          validates_acceptance_of
+          validates_comparison_of
+          validates_confirmation_of
+          validates_exclusion_of
+          validates_format_of
+          validates_inclusion_of
+          validates_length_of
+          validates_numericality_of
+          validates_presence_of
+          validates_size_of
+          validates_with
+          validation_context
+          validation_context=
+          values_at
+          verify_readonly_attribute
+          will_be_destroyed
+          will_save_change_to_attribute
+          with_lock
+          with_transaction_returning_status
+          write_attribute
+          write_store_attribute
+        ].freeze
+        # rubocop:enable Metrics/CollectionLiteralLength
+
+        MSG = 'Avoid dangerous column names.'
+
+        RESTRICT_ON_SEND = [:add_column, :rename, :rename_column, *COLUMN_TYPE_METHOD_NAMES].freeze
+
+        def on_send(node)
+          column_name_node = column_name_node_from(node)
+          return false unless column_name_node
+          return false unless dangerous_column_name_node?(column_name_node)
+
+          add_offense(column_name_node)
+        end
+
+        private
+
+        def column_name_node_from(node)
+          case node.method_name
+          when :add_column, :rename
+            node.arguments[1]
+          when :rename_column
+            node.arguments[2]
+          when *COLUMN_TYPE_METHOD_NAMES
+            node.arguments[0]
+          end
+        end
+
+        def dangerous_column_name_node?(node)
+          return false unless node.respond_to?(:value)
+
+          dangerous_column_name?(node.value.to_s)
+        end
+
+        def dangerous_column_name?(column_name)
+          DANGEROUS_COLUMN_NAMES.include?(column_name)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/date.rb

@@ -22,6 +22,9 @@ module RuboCop
       # And you can set a warning for `to_time` with `AllowToTime: false`.
       # `AllowToTime` is `true` by default to prevent false positive on `DateTime` object.
       #
+      # @safety
+      #   This cop's autocorrection is unsafe because it may change handling time.
+      #
       # @example EnforcedStyle: flexible (default)
       #   # bad
       #   Date.today
@@ -51,6 +54,8 @@ module RuboCop
       #   # bad
       #   date.to_time
       class Date < Base
+        extend AutoCorrector
+
         include ConfigurableEnforcedStyle
 
         MSG = 'Do not use `Date.%<method_called>s` without zone. Use `Time.zone.%<day>s` instead.'
@@ -92,7 +97,9 @@ module RuboCop
 
             message = format(DEPRECATED_MSG, deprecated: method[:deprecated], relevant: method[:relevant])
 
-            add_offense(node.loc.selector, message: message)
+            add_offense(node.loc.selector, message: message) do |corrector|
+              corrector.replace(node.loc.selector, method[:relevant].to_s)
+            end
           end
         end
 
@@ -108,7 +115,9 @@ module RuboCop
 
           message = format(MSG, method_called: method_name, day: day)
 
-          add_offense(node.loc.selector, message: message)
+          add_offense(node.loc.selector, message: message) do |corrector|
+            corrector.replace(node.receiver.loc.name, 'Time.zone')
+          end
         end
 
         def extract_method_chain(node)
@@ -130,7 +139,7 @@ module RuboCop
         end
 
         def safe_to_time?(node)
-          return unless node.method?(:to_time)
+          return false unless node.method?(:to_time)
 
           if node.receiver.str_type?
             zone_regexp = /([+-][\d:]+|\dZ)\z/

data/lib/rubocop/cop/rails/duplicate_association.rb

@@ -24,6 +24,7 @@ module RuboCop
         include RangeHelp
         extend AutoCorrector
         include ClassSendNodeHelper
+        include ActiveRecordHelper
 
         MSG = "Association `%<name>s` is defined multiple times. Don't repeat associations."
 
@@ -32,6 +33,8 @@ module RuboCop
         PATTERN
 
         def on_class(class_node)
+          return unless active_record?(class_node.parent_class)
+
           offenses(class_node).each do |name, nodes|
             nodes.each do |node|
               add_offense(node, message: format(MSG, name: name)) do |corrector|

data/lib/rubocop/cop/rails/dynamic_find_by.rb

@@ -74,13 +74,13 @@ module RuboCop
         end
 
         def allowed_method?(node)
-          return unless cop_config['AllowedMethods']
+          return false unless cop_config['AllowedMethods']
 
           cop_config['AllowedMethods'].include?(node.method_name.to_s)
         end
 
         def allowed_receiver?(node)
-          return unless cop_config['AllowedReceivers'] && node.receiver
+          return false unless cop_config['AllowedReceivers'] && node.receiver
 
           cop_config['AllowedReceivers'].include?(node.receiver.source)
         end
@@ -88,7 +88,7 @@ module RuboCop
         # config option `WhiteList` will be deprecated soon
         def whitelisted?(node)
           whitelist_config = cop_config['Whitelist']
-          return unless whitelist_config
+          return false unless whitelist_config
 
           whitelist_config.include?(node.method_name.to_s)
         end