rubocop-rails 2.19.1 → 2.30.3

data/lib/rubocop/cop/rails/compact_blank.rb

@@ -16,7 +16,6 @@ module RuboCop
       #   And `compact_blank!` has different implementations for `Array`, `Hash`, and
       #   `ActionController::Parameters`.
       #   `Array#compact_blank!`, `Hash#compact_blank!` are equivalent to `delete_if(&:blank?)`.
-      #   `ActionController::Parameters#compact_blank!` is equivalent to `reject!(&:blank?)`.
       #   If the cop makes a mistake, autocorrected code may get unexpected behavior.
       #
       # @example
@@ -24,6 +23,10 @@ module RuboCop
       #   # bad
       #   collection.reject(&:blank?)
       #   collection.reject { |_k, v| v.blank? }
+      #   collection.select(&:present?)
+      #   collection.select { |_k, v| v.present? }
+      #   collection.filter(&:present?)
+      #   collection.filter { |_k, v| v.present? }
       #
       #   # good
       #   collection.compact_blank
@@ -31,8 +34,8 @@ module RuboCop
       #   # bad
       #   collection.delete_if(&:blank?)            # Same behavior as `Array#compact_blank!` and `Hash#compact_blank!`
       #   collection.delete_if { |_k, v| v.blank? } # Same behavior as `Array#compact_blank!` and `Hash#compact_blank!`
-      #   collection.reject!(&:blank?)              # Same behavior as `ActionController::Parameters#compact_blank!`
-      #   collection.reject! { |_k, v| v.blank? }   # Same behavior as `ActionController::Parameters#compact_blank!`
+      #   collection.keep_if(&:present?)            # Same behavior as `Array#compact_blank!` and `Hash#compact_blank!`
+      #   collection.keep_if { |_k, v| v.present? } # Same behavior as `Array#compact_blank!` and `Hash#compact_blank!`
       #
       #   # good
       #   collection.compact_blank!
@@ -43,25 +46,41 @@ module RuboCop
         extend TargetRailsVersion
 
         MSG = 'Use `%<preferred_method>s` instead.'
-        RESTRICT_ON_SEND = %i[reject delete_if reject!].freeze
+        RESTRICT_ON_SEND = %i[reject delete_if select filter keep_if].freeze
+        DESTRUCTIVE_METHODS = %i[delete_if keep_if].freeze
 
         minimum_target_rails_version 6.1
 
         def_node_matcher :reject_with_block?, <<~PATTERN
           (block
-            (send _ {:reject :delete_if :reject!})
+            (send _ {:reject :delete_if})
             $(args ...)
             (send
               $(lvar _) :blank?))
         PATTERN
 
         def_node_matcher :reject_with_block_pass?, <<~PATTERN
-          (send _ {:reject :delete_if :reject!}
+          (send _ {:reject :delete_if}
             (block_pass
               (sym :blank?)))
         PATTERN
 
+        def_node_matcher :select_with_block?, <<~PATTERN
+          (block
+            (send _ {:select :filter :keep_if})
+            $(args ...)
+            (send
+              $(lvar _) :present?))
+        PATTERN
+
+        def_node_matcher :select_with_block_pass?, <<~PATTERN
+          (send _ {:select :filter :keep_if}
+            (block-pass
+              (sym :present?)))
+        PATTERN
+
         def on_send(node)
+          return if target_ruby_version < 2.6 && node.method?(:filter)
           return unless bad_method?(node)
 
           range = offense_range(node)
@@ -75,8 +94,10 @@ module RuboCop
 
         def bad_method?(node)
           return true if reject_with_block_pass?(node)
+          return true if select_with_block_pass?(node)
 
-          if (arguments, receiver_in_block = reject_with_block?(node.parent))
+          arguments, receiver_in_block = reject_with_block?(node.parent) || select_with_block?(node.parent)
+          if arguments
             return use_single_value_block_argument?(arguments, receiver_in_block) ||
                    use_hash_value_block_argument?(arguments, receiver_in_block)
           end
@@ -103,7 +124,7 @@ module RuboCop
         end
 
         def preferred_method(node)
-          node.method?(:reject) ? 'compact_blank' : 'compact_blank!'
+          DESTRUCTIVE_METHODS.include?(node.method_name) ? 'compact_blank!' : 'compact_blank'
         end
       end
     end

data/lib/rubocop/cop/rails/content_tag.rb

@@ -7,7 +7,7 @@ module RuboCop
       #
       # NOTE: Allow `tag` when the first argument is a variable because
       # `tag(name)` is simpler rather than `tag.public_send(name)`.
-      # And this cop will be renamed to something like `LegacyTag` in the future. (e.g. RuboCop Rails 2.0)
+      # And this cop will be renamed to something like `LegacyTag` in the future. (e.g. RuboCop Rails 3.0)
       #
       # @example
       #  # bad
@@ -79,7 +79,7 @@ module RuboCop
         end
 
         def allowed_name?(argument)
-          return false unless argument.str_type? || argument.sym_type?
+          return false unless argument.type?(:str, :sym)
 
           !/^[a-zA-Z-][a-zA-Z\-0-9]*$/.match?(argument.value)
         end

data/lib/rubocop/cop/rails/dangerous_column_names.rb

@@ -0,0 +1,448 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Avoid dangerous column names.
+      #
+      # Some column names are considered dangerous because they would overwrite methods already defined.
+      #
+      # @example
+      #   # bad
+      #   add_column :users, :save
+      #
+      #   # good
+      #   add_column :users, :saved
+      class DangerousColumnNames < Base # rubocop:disable Metrics/ClassLength
+        include MigrationsHelper
+
+        COLUMN_TYPE_METHOD_NAMES = %i[
+          bigint
+          binary
+          blob
+          boolean
+          date
+          datetime
+          decimal
+          float
+          integer
+          numeric
+          primary_key
+          string
+          text
+          time
+        ].to_set.freeze
+
+        # Generated from `ActiveRecord::AttributeMethods.dangerous_attribute_methods` on activerecord 7.1.3.
+        # rubocop:disable Metrics/CollectionLiteralLength
+        DANGEROUS_COLUMN_NAMES = %w[
+          __callbacks
+          __id__
+          _assign_attribute
+          _assign_attributes
+          _before_commit_callbacks
+          _commit_callbacks
+          _committed_already_called
+          _create_callbacks
+          _create_record
+          _delete_row
+          _destroy
+          _destroy_callbacks
+          _ensure_no_duplicate_errors
+          _find_callbacks
+          _find_record
+          _has_attribute
+          _initialize_callbacks
+          _lock_value_for_database
+          _merge_attributes
+          _primary_key_constraints_hash
+          _raise_readonly_record_error
+          _raise_record_not_destroyed
+          _raise_record_not_touched_error
+          _read_attribute
+          _record_changed
+          _reflections
+          _rollback_callbacks
+          _run_before_commit_callbacks
+          _run_commit_callbacks
+          _run_create_callbacks
+          _run_destroy_callbacks
+          _run_find_callbacks
+          _run_initialize_callbacks
+          _run_rollback_callbacks
+          _run_save_callbacks
+          _run_touch_callbacks
+          _run_update_callbacks
+          _run_validate_callbacks
+          _run_validation_callbacks
+          _save_callbacks
+          _touch_callbacks
+          _touch_row
+          _trigger_destroy_callback
+          _trigger_update_callback
+          _update_callbacks
+          _update_record
+          _update_row
+          _validate_callbacks
+          _validation_callbacks
+          _validators
+          _write_attribute
+          []
+          []=
+          accessed_fields
+          add_to_transaction
+          aggregate_reflections
+          all_timestamp_attributes_in_model
+          allow_destroy
+          apply_scoping
+          around_save_collection_association
+          assign_attributes
+          assign_multiparameter_attributes
+          assign_nested_attributes_for_collection_association
+          assign_nested_attributes_for_one_to_one_association
+          assign_nested_parameter_attributes
+          assign_to_or_mark_for_destruction
+          associated_records_to_validate_or_save
+          association
+          association_cached
+          association_foreign_key_changed
+          association_instance_get
+          association_instance_set
+          association_valid
+          attachment_changes
+          attachment_reflections
+          attribute
+          attribute_aliases
+          attribute_before_last_save
+          attribute_before_type_cast
+          attribute_came_from_user
+          attribute_change
+          attribute_change_to_be_saved
+          attribute_changed
+          attribute_changed_in_place
+          attribute_for_database
+          attribute_for_inspect
+          attribute_in_database
+          attribute_method
+          attribute_method_matchers
+          attribute_missing
+          attribute_names
+          attribute_names_for_partial_inserts
+          attribute_names_for_partial_updates
+          attribute_names_for_serialization
+          attribute_present
+          attribute_previous_change
+          attribute_previously_changed
+          attribute_previously_was
+          attribute_was
+          attribute_will_change
+          attribute=
+          attributes
+          attributes_before_type_cast
+          attributes_for_create
+          attributes_for_database
+          attributes_for_update
+          attributes_in_database
+          attributes_with_values
+          attributes=
+          automatic_scope_inversing
+          becomes
+          before_committed
+          belongs_to_touch_method
+          broadcast_action
+          broadcast_action_later
+          broadcast_action_later_to
+          broadcast_action_to
+          broadcast_after_to
+          broadcast_append
+          broadcast_append_later
+          broadcast_append_later_to
+          broadcast_append_to
+          broadcast_before_to
+          broadcast_prepend
+          broadcast_prepend_later
+          broadcast_prepend_later_to
+          broadcast_prepend_to
+          broadcast_remove
+          broadcast_remove_to
+          broadcast_render
+          broadcast_render_later
+          broadcast_render_later_to
+          broadcast_render_to
+          broadcast_rendering_with_defaults
+          broadcast_replace
+          broadcast_replace_later
+          broadcast_replace_later_to
+          broadcast_replace_to
+          broadcast_target_default
+          broadcast_update
+          broadcast_update_later
+          broadcast_update_later_to
+          broadcast_update_to
+          build_decrypt_attribute_assignments
+          build_encrypt_attribute_assignments
+          cache_key
+          cache_key_with_version
+          cache_timestamp_format
+          cache_version
+          cache_versioning
+          call_reject_if
+          can_use_fast_cache_version
+          cant_modify_encrypted_attributes_when_frozen
+          changed
+          changed_attribute_names_to_save
+          changed_attributes
+          changed_for_autosave
+          changes
+          changes_applied
+          changes_to_save
+          check_record_limit
+          ciphertext_for
+          class
+          clear_attribute_change
+          clear_attribute_changes
+          clear_changes_information
+          clear_timestamp_attributes
+          clear_transaction_record_state
+          clone
+          collection_cache_versioning
+          column_for_attribute
+          committed
+          connection_handler
+          create_or_update
+          current_time_from_proper_timezone
+          custom_inspect_method_defined
+          custom_validation_context
+          decrement
+          decrypt
+          decrypt_attributes
+          decrypt_rich_texts
+          default_connection_handler
+          default_role
+          default_scope_override
+          default_scopes
+          default_shard
+          default_validation_context
+          defined_enums
+          delete
+          destroy
+          destroy_association_async_job
+          destroy_associations
+          destroy_row
+          destroyed
+          destroyed_by_association
+          destroyed_by_association=
+          dup
+          each_counter_cached_associations
+          encode_with
+          encrypt
+          encrypt_attributes
+          encrypt_rich_texts
+          encryptable_rich_texts
+          encrypted_attribute
+          encrypted_attributes
+          encrypted_attributes=
+          ensure_proper_type
+          errors
+          execute_callstack_for_multiparameter_attributes
+          extract_callstack_for_multiparameter_attributes
+          find_parameter_position
+          forget_attribute_assignments
+          format_for_inspect
+          freeze
+          from_json
+          frozen?
+          halted_callback_hook
+          has_attribute
+          has_changes_to_save
+          has_defer_touch_attrs
+          has_destroy_flag
+          has_encrypted_attributes
+          has_encrypted_rich_texts
+          has_transactional_callbacks
+          hash
+          id
+          id_before_type_cast
+          id_for_database
+          id_in_database
+          id_was
+          id=
+          include_root_in_json
+          increment
+          init_internals
+          init_with
+          init_with_attributes
+          initialize_internals_callback
+          inspection_filter
+          invalid
+          lock
+          lock_optimistically
+          locking_enabled
+          logger
+          mark_for_destruction
+          marked_for_destruction
+          matched_attribute_method
+          max_updated_column_timestamp
+          missing_attribute
+          model_name
+          mutations_before_last_save
+          mutations_from_database
+          nested_attributes_options
+          nested_records_changed_for_autosave
+          new_record
+          no_touching
+          normalize_reflection_attribute
+          partial_inserts
+          partial_updates
+          perform_validations
+          persisted
+          pk_attribute
+          pluralize_table_names
+          populate_with_current_scope_attributes
+          previous_changes
+          previously_new_record
+          previously_persisted
+          primary_key_prefix_type
+          query_attribute
+          raise_nested_attributes_record_not_found
+          raise_validation_error
+          raw_timestamp_to_cache_version
+          read_attribute
+          read_attribute_before_type_cast
+          read_attribute_for_serialization
+          read_attribute_for_validation
+          read_store_attribute
+          readonly
+          record_timestamps
+          record_timestamps=
+          reject_new_record
+          reload
+          remember_transaction_record_state
+          respond_to_without_attributes
+          restore_attribute
+          restore_attributes
+          restore_transaction_record_state
+          rolledback
+          run_callbacks
+          run_validations
+          sanitize_for_mass_assignment
+          sanitize_forbidden_attributes
+          save
+          save_belongs_to_association
+          save_collection_association
+          save_has_one_association
+          saved_change_to_attribute
+          saved_changes
+          serializable_add_includes
+          serializable_attributes
+          serializable_hash
+          should_record_timestamps
+          signed_id
+          signed_id_verifier_secret
+          skip_time_zone_conversion_for_attributes
+          slice
+          store_accessor_for
+          store_full_class_name
+          store_full_sti_class
+          strict_loaded_associations
+          strict_loading
+          strict_loading_mode
+          strict_loading_n_plus_one_only
+          surreptitiously_touch
+          table_name_prefix
+          table_name_suffix
+          time_zone_aware_attributes
+          time_zone_aware_types
+          timestamp_attributes_for_create_in_model
+          timestamp_attributes_for_update_in_model
+          to_ary
+          to_gid
+          to_gid_param
+          to_global_id
+          to_key
+          to_model
+          to_partial_path
+          to_sgid
+          to_sgid_param
+          to_signed_global_id
+          toggle
+          touch
+          touch_deferred_attributes
+          touch_later
+          transaction
+          transaction_include_any_action
+          trigger_transactional_callbacks
+          type_cast_attribute_value
+          type_for_attribute
+          update
+          update_attribute
+          update_column
+          update_columns
+          valid
+          validate
+          validate_collection_association
+          validate_encryption_allowed
+          validate_single_association
+          validates_absence_of
+          validates_acceptance_of
+          validates_comparison_of
+          validates_confirmation_of
+          validates_exclusion_of
+          validates_format_of
+          validates_inclusion_of
+          validates_length_of
+          validates_numericality_of
+          validates_presence_of
+          validates_size_of
+          validates_with
+          validation_context
+          validation_context=
+          values_at
+          verify_readonly_attribute
+          will_be_destroyed
+          will_save_change_to_attribute
+          with_lock
+          with_transaction_returning_status
+          write_attribute
+          write_store_attribute
+        ].freeze
+        # rubocop:enable Metrics/CollectionLiteralLength
+
+        MSG = 'Avoid dangerous column names.'
+
+        RESTRICT_ON_SEND = [:add_column, :rename, :rename_column, *COLUMN_TYPE_METHOD_NAMES].freeze
+
+        def on_send(node)
+          column_name_node = column_name_node_from(node)
+          return false unless column_name_node
+          return false unless dangerous_column_name_node?(column_name_node)
+
+          add_offense(column_name_node)
+        end
+
+        private
+
+        def column_name_node_from(node)
+          case node.method_name
+          when :add_column, :rename
+            node.arguments[1]
+          when :rename_column
+            node.arguments[2]
+          when *COLUMN_TYPE_METHOD_NAMES
+            node.first_argument
+          end
+        end
+
+        def dangerous_column_name_node?(node)
+          return false unless node.respond_to?(:value)
+
+          dangerous_column_name?(node.value.to_s)
+        end
+
+        def dangerous_column_name?(column_name)
+          DANGEROUS_COLUMN_NAMES.include?(column_name)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/date.rb

@@ -12,16 +12,19 @@ module RuboCop
       # The cop also reports warnings when you are using `to_time` method,
       # because it doesn't know about Rails time zone either.
       #
-      # Two styles are supported for this cop. When `EnforcedStyle` is 'strict'
+      # Two styles are supported for this cop. When `EnforcedStyle` is `strict`
       # then the Date methods `today`, `current`, `yesterday`, and `tomorrow`
       # are prohibited and the usage of both `to_time`
-      # and 'to_time_in_current_zone' are reported as warning.
+      # and `to_time_in_current_zone` are reported as warning.
       #
       # When `EnforcedStyle` is `flexible` then only `Date.today` is prohibited.
       #
       # And you can set a warning for `to_time` with `AllowToTime: false`.
       # `AllowToTime` is `true` by default to prevent false positive on `DateTime` object.
       #
+      # @safety
+      #   This cop's autocorrection is unsafe because it may change handling time.
+      #
       # @example EnforcedStyle: flexible (default)
       #   # bad
       #   Date.today
@@ -51,6 +54,8 @@ module RuboCop
       #   # bad
       #   date.to_time
       class Date < Base
+        extend AutoCorrector
+
         include ConfigurableEnforcedStyle
 
         MSG = 'Do not use `Date.%<method_called>s` without zone. Use `Time.zone.%<day>s` instead.'
@@ -92,7 +97,9 @@ module RuboCop
 
             message = format(DEPRECATED_MSG, deprecated: method[:deprecated], relevant: method[:relevant])
 
-            add_offense(node.loc.selector, message: message)
+            add_offense(node.loc.selector, message: message) do |corrector|
+              corrector.replace(node.loc.selector, method[:relevant].to_s)
+            end
           end
         end
 
@@ -108,7 +115,9 @@ module RuboCop
 
           message = format(MSG, method_called: method_name, day: day)
 
-          add_offense(node.loc.selector, message: message)
+          add_offense(node.loc.selector, message: message) do |corrector|
+            corrector.replace(node.receiver.loc.name, 'Time.zone')
+          end
         end
 
         def extract_method_chain(node)
@@ -130,7 +139,7 @@ module RuboCop
         end
 
         def safe_to_time?(node)
-          return unless node.method?(:to_time)
+          return false unless node.method?(:to_time)
 
           if node.receiver.str_type?
             zone_regexp = /([+-][\d:]+|\dZ)\z/