RubyGems - rubocop-rails - Versions diffs - 2.35.0 → 2.35.4 - Mend

rubocop-rails 2.35.0 → 2.35.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/rubocop/cop/rails/redundant_active_record_all_method.rb +1 -1
data/lib/rubocop/cop/rails/strong_parameters_expect.rb +46 -6
data/lib/rubocop/rails/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e4946e79ccf9661248df014d69703665df3b0a72aa800e8c456afc59594ad944
-  data.tar.gz: 7575ea946eb4e6985d6c0c365a0f39345fc6d32b0634c74949526f987d1ac38d
+  metadata.gz: 45b000a9e63ce4154fb6b1acbb97c84253448ead8bac7539aa773dbc1a7e3f8b
+  data.tar.gz: 26646956ab4da49c53a4d9105771e83658b07c65912799e5eea7f4d88e5f399f
 SHA512:
-  metadata.gz: 7a660eb16537b1dafe092cb100229fd9f039f8d98b51e1408b9438997176c8fc0fde61494ae462bfa8ea15e65524f5ec99e4d2efac42d0461395da65bfe8cb8b
-  data.tar.gz: ad601bb6b3296dceb196159604975b5e2efecaca5c66f715523368344f8a77e62d93cf8e22c4b3d53ce67d849a34cf9a1f4d184d6b655ecea0f12da23490bb35
+  metadata.gz: f8e1594a6edae31940c736c45a37966d09d02ada59afad3146b8941c4668b500c288e30da7293ae34d6ee38d1e2fc47b69900c8afa8f7e598da92e91d55f4d46
+  data.tar.gz: 15994ecea386276d46a19c17ec5bc962138a1476b4508f36353a9fb10e20f6fb30a1b1d78f837d9beef9980103a9786160d50b1fc610f06a092bc874b9621050

data/lib/rubocop/cop/rails/redundant_active_record_all_method.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module RuboCop
       # which can affect their behavior.
       #
       # @safety
-      #   This cop is unsafe for autocorrection if the receiver for `all` is not an Active Record object.
+      #   This cop is unsafe because false positives will occur if the receiver is not an Active Record object.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/rails/strong_parameters_expect.rb CHANGED Viewed

@@ -8,7 +8,10 @@ module RuboCop
       # In the following cases, `params[:key]` is treated as a key that is expected to be passed from the HTTP client,
       # and the cop detects it using the `expect` method.
       #
-      # - Method calls on `params[:key]` without comparison methods
+      # - Method calls on `params[:key]` without comparison methods, methods that are safe to call
+      #   on `nil` (such as `to_i`, `to_s`, or `is_a?`), key-check methods such as `key?`,
+      #   collection methods such as `keys`, `merge`, or `slice`, or block-style calls such as
+      #   `params[:key].each { ... }` or `params[:key].map(&:to_s)`
       # - Passing `params[:key]` as an argument to finder methods that raise on missing records
       # - Strong parameter methods using `require` or `permit`
       #
@@ -20,6 +23,18 @@ module RuboCop
       #   incompatibility introduced for valid reasons by the `expect` method, which aligns better with
       #   strong parameter conventions.
       #
+      #   It is also unsafe because `expect` is stricter about the structure of the parameters than
+      #   `require`/`permit`. Nested attributes that hold an array of records need an extra array wrapper,
+      #   such as `expect(user: [{ pets_attributes: [[:name]] }])`. The cop cannot tell a single nested hash
+      #   from an array of nested hashes, so it always generates the single-hash form, which can turn
+      #   a previously successful request into a failure.
+      #
+      #   It is also unsafe when `params[:key]` is passed to a finder method such as `find`, because
+      #   `find` accepts an array of IDs. `Model.find(params[:id])` loads every record for an array of IDs,
+      #   but the corrected `Model.find(params.expect(:id))` raises `ActionController::ParameterMissing`
+      #   for an array value, since `expect` requires a scalar. The cop cannot tell a scalar ID from
+      #   an array of IDs, so the autocorrection can turn a previously successful request into a failure.
+      #
       # @example
       #
       #   # bad
@@ -53,7 +68,18 @@ module RuboCop
         MSG = 'Use `%<prefer>s` instead.'
         RESTRICT_ON_SEND = %i[[] require permit].freeze
-        PRESENCE_CHECK_METHODS = %i[nil? blank? present? presence].freeze
+        # Method calls on `params[:key]` that should not be rewritten with `expect(:key)`.
+        # Covers presence/nil checks, nil-safe conversions and type checks, key-check methods,
+        # and collection methods that imply `params[:key]` is a Hash/Array.
+        IGNORED_METHODS = %i[
+          ! blank? compact compact! compact_blank compact_blank! deep_merge deep_merge!
+          delete delete_if dig each except exclude? extract! fetch has_key? has_value?
+          include? inspect instance_of? is_a? keep_if key? keys kind_of? member? merge merge!
+          nil? presence present? reverse_merge reverse_merge! slice stringify_keys
+          to_a to_f to_h to_hash to_i to_s to_unsafe_h to_unsafe_hash
+          transform_keys transform_keys! transform_values transform_values! try try!
+          value? values values_at with_defaults with_defaults! without
+        ].freeze
         RAISING_FINDER_METHODS = %i[find find_by! find_sole_by].freeze
         minimum_target_rails_version 8.0
@@ -62,10 +88,18 @@ module RuboCop
           (send (send nil? :params) :[] $_)
         PATTERN
+        # `require` with an array literal expects multiple top-level keys and has no single `expect` equivalent,
+        # so such calls are excluded to avoid generating broken code.
+        # A single dynamic argument to `permit` (such as a method call or variable that may return an array)
+        # has no safe `expect` rewrite, because the cop cannot tell whether the value is a list of attributes
+        # or a nested hash. Such calls are excluded to avoid generating broken code.
         def_node_matcher :params_require_permit, <<~PATTERN
-          $(call
+          [
             $(call
-              (send nil? :params) :require _) :permit _+)
+              $(call
+                (send nil? :params) :require !array) :permit _+)
+            !(call _ :permit {call lvar ivar cvar gvar const})
+          ]
         PATTERN
         def_node_matcher :params_permit_require, <<~PATTERN
@@ -127,13 +161,15 @@ module RuboCop
         def offensive_bracket_access?(node)
           return false unless (parent = node.parent)
           return false if parent.or_type?
+          return false if parent.csend_type? && parent.receiver == node
           return true if parent.each_ancestor(:call).any? { |node| raising_finder_method?(node) }
           return false unless parent.call_type?
           if parent.receiver == node
-            return false if parent.comparison_method?
+            return false if parent.comparison_method? || parent.method?(:[])
+            return false if block_call?(parent)
-            !parent.method?(:[]) && !PRESENCE_CHECK_METHODS.include?(parent.method_name)
+            !IGNORED_METHODS.include?(parent.method_name)
           else
             raising_finder_method?(parent)
           end
@@ -144,6 +180,10 @@ module RuboCop
           RAISING_FINDER_METHODS.include?(node.method_name)
         end
+        def block_call?(send_node)
+          send_node.block_literal? || send_node.last_argument&.block_pass_type?
+        end
         def offense_range(method_node, node)
           method_node.loc.selector.join(node.source_range.end)
         end

data/lib/rubocop/rails/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module RuboCop
   module Rails
     # This module holds the RuboCop Rails version information.
     module Version
-      STRING = '2.35.0'
+      STRING = '2.35.4'
       def self.document_version
         STRING.match('\d+\.\d+').to_s

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-rails
 version: !ruby/object:Gem::Version
-  version: 2.35.0
+  version: 2.35.4
 platform: ruby
 authors:
 - Bozhidar Batsov