rubocop-swallow-exception 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0c755c6d7e8ff63a15867afc9aa4685200b84764
+  data.tar.gz: b445490c52fd37abae40d106b164cd4ebc5ad9a8
+SHA512:
+  metadata.gz: 3bb562f5ec4dbab25dde2f435d600adbc34d631de9d47f6a8720c3b50c26eb1b9b3ede3e7b306cfcf5e9e8dd472402350d3ce893c18dc7de09dcdcbd5ecde6a3
+  data.tar.gz: 13f748452d5097c69dee442f010e422ecc3b88af4bdfddc3c919c47b47ef4ebb7d215b376e92684a0a95e11358a1c88c83e2d59df02e97abde557aba68eda26c

data/.gitignore

@@ -0,0 +1,10 @@
+/.idea/
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-version

@@ -0,0 +1 @@
+2.3.1

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+before_install: gem install bundler -v 1.13.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rubocop-swallow-exception.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 ONDA, Takashi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,106 @@
+# rubocop-swallow-exception
+
+This is mmj's custom Cop that forbids swallowing exception.
+See [OWASP article](https://www.owasp.org/index.php/Exception_handling_techniques#Swallowing_Exceptions)
+to understand why this Cop is required.
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rubocop-swallow-exception'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rubocop-swallow-exception
+
+## Usage
+
+Just add require option when you run rubocop.
+
+    $ rubocop --require rubocop-swallow-exception
+    
+![example using in RubyMine](./rubocop-swallow-exception.png)
+
+
+## Specification
+
+The Cop searches rescue body that does not contain raise statement in top level
+nor `Raven.capture_exception` ([Sentry](https://sentry.io) client) calling
+
+See spec file below in detail.
+
+
+```ruby
+describe RuboCop::SwallowException do
+
+  subject(:cop) { RuboCop::Cop::Lint::SwallowException.new }
+
+  it 'has a version number' do
+    expect(RuboCop::SwallowException::VERSION).not_to be(nil)
+  end
+
+  it 'NG when rescue body is empty' do
+    inspect_source(cop, <<-EOS)
+      def bad_method
+        p :hello
+      rescue => e
+        # do nothing
+      end
+    EOS
+    expect(cop.offenses.size).to eq(1)
+    expect(cop.messages.first).to eq('rescue body is empty!')
+  end
+
+  it 'OK when raise exception in top level' do
+    inspect_source(cop, <<-EOS)
+      def bad_method
+        p :hello
+      rescue => e
+        log.error 'error occured'
+        log.error e.backtrace.join("\n")
+        raise e
+      end
+    EOS
+    expect(cop.offenses.size).to eq(0)
+  end
+
+  it "OK when send error to Sentry, by using `Raven.capture_exception'" do
+    inspect_source(cop, <<-EOS)
+      def bad_method
+        p :hello
+      rescue => e
+        Raven.capture_exception(e)
+      end
+    EOS
+    expect(cop.offenses.size).to eq(0)
+  end
+
+  it 'NG when rescue body does not contain raise nor Raven' do
+    inspect_source(cop, <<-EOS)
+      def bad_method
+        p :hello
+      rescue => e
+        log.error 'error occured'
+        log.error e.backtrace.join("\n")
+      end
+    EOS
+    expect(cop.offenses.size).to eq(1)
+    expect(cop.messages.first).to match(/you have to/)
+  end
+end
+
+```
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "rubocop/swallow/exception"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/default.yml

@@ -0,0 +1,3 @@
+Lint/SwallowException:
+  Description: 'Do not swallow exception'
+  Enabled: true

data/lib/rubocop-swallow-exception.rb

@@ -0,0 +1,6 @@
+require 'rubocop'
+require 'rubocop/swallow_exception/version'
+require 'rubocop/swallow_exception/cop/lint/swallow_exception'
+require 'rubocop/swallow_exception/inject'
+
+RuboCop::SwallowException::Inject.defaults!

data/lib/rubocop/swallow_exception/cop/lint/swallow_exception.rb

@@ -0,0 +1,62 @@
+module RuboCop
+  module Cop
+    module Lint
+
+      class SwallowException < Cop
+
+        def on_resbody(node)
+          # rescue の中身が空ならエラー
+          unless node.children[2]
+            add_offense(node, :expression, 'rescue body is empty!', :fatal)
+            return
+          end
+          body = node.children[2]
+          # トップレベルで条件なしに raise していれば OK
+          return if has_raise?(body)
+          # トップレベルで Raven.capture_exception 呼び出していれば OK
+          return if has_raven_capture_exception?(body)
+          # raise も Raven.capture_exception もなければエラー
+          add_offense(node, :expression, (<<-MSG).strip, :fatal)
+            you have to raise exception or capture exception by Raven in rescue body.
+          MSG
+        end
+
+        def has_raven_capture_exception?(node)
+          case node.type
+            when :send
+              raven_capture_exception?(node)
+            when :begin
+              node.children.any? { |c| raven_capture_exception?(c) }
+          end
+        end
+
+        def has_raise?(node)
+          case node.type
+            when :send
+              raise?(node)
+            when :begin
+              node.children.any? { |c| raise?(c) }
+          end
+        end
+
+        def raven_capture_exception?(node)
+          node.type == :send &&
+              raven?(node.children[0]) &&
+              node.children[1] == :capture_exception
+        end
+
+        def raven?(node)
+          node.type == :const && node.children[1] == :Raven
+        end
+
+        def raise?(node)
+          node.type == :send &&
+              node.children[0] == nil &&
+              node.children[1] == :raise
+        end
+
+      end
+
+    end
+  end
+end

data/lib/rubocop/swallow_exception/inject.rb

@@ -0,0 +1,17 @@
+require 'rubocop/config_loader'
+
+module RuboCop
+  module SwallowException
+    module Inject
+
+      DEFAULT_FILE = File.expand_path('../../../../config/default.yml', __FILE__)
+
+      def self.defaults!
+        default = ConfigLoader.load_file(DEFAULT_FILE)
+        config = ConfigLoader.merge_with_default(default, DEFAULT_FILE)
+        ConfigLoader.instance_variable_set(:@default_configuration, config)
+      end
+
+    end
+  end
+end

data/lib/rubocop/swallow_exception/version.rb

@@ -0,0 +1,5 @@
+module RuboCop
+  module SwallowException
+    VERSION = '0.1.0'
+  end
+end

data/rubocop-swallow-exception.gemspec

@@ -0,0 +1,43 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rubocop/swallow_exception/version'
+
+Gem::Specification.new do |spec|
+  
+  spec.name          = 'rubocop-swallow-exception'
+  spec.version       = RuboCop::SwallowException::VERSION
+  spec.authors       = ['ONDA, Takashi']
+  spec.email         = ['onda@mmj.ne.jp']
+
+  spec.summary       = %q{custom Cop forbids swallowing exception}
+  spec.description   = <<-EOD
+    This custom Cop forbids swallowing exception.
+    See OWASP article.
+    https://www.owasp.org/index.php/Exception_handling_techniques#Swallowing_Exceptions
+  EOD
+  spec.homepage      = 'https://github.com/mediamaxjapan/rubocop-swallow-exception'
+  spec.license       = 'MIT'
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
+  # end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+
+  spec.add_runtime_dependency('rubocop', '~> 0.43')
+
+end

data/rubocop-swallow-exception.iml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="RUBY_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="jdk" jdkName="ruby-2.3.1-p112" jdkType="RUBY_SDK" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" scope="PROVIDED" name="ast (v2.3.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="bundler (v1.13.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.2.5, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="parser (v2.3.1.4, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="powerpack (v0.1.1, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rainbow (v2.1.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rake (v10.4.2, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec (v3.5.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.5.3, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.5.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.5.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.5.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rubocop (v0.43.0, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.8.1, ruby-2.3.1-p112) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v1.1.1, ruby-2.3.1-p112) [gem]" level="application" />
+  </component>
+</module>

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: rubocop-swallow-exception
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- ONDA, Takashi
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-09-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.43'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.43'
+description: |2
+      This custom Cop forbids swallowing exception.
+      See OWASP article.
+      https://www.owasp.org/index.php/Exception_handling_techniques#Swallowing_Exceptions
+email:
+- onda@mmj.ne.jp
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- config/default.yml
+- lib/rubocop-swallow-exception.rb
+- lib/rubocop/swallow_exception/cop/lint/swallow_exception.rb
+- lib/rubocop/swallow_exception/inject.rb
+- lib/rubocop/swallow_exception/version.rb
+- rubocop-swallow-exception.gemspec
+- rubocop-swallow-exception.iml
+- rubocop-swallow-exception.png
+homepage: https://github.com/mediamaxjapan/rubocop-swallow-exception
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: custom Cop forbids swallowing exception
+test_files: []