RubyGems - rubocop-vendor - Versions diffs - 0.4.0 → 0.7.0 - Mend

rubocop-vendor 0.4.0 → 0.7.0

Files changed (12) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb +34 -0
data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb +74 -0
data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb +24 -7
data/lib/rubocop/cop/vendor/rollbar_interpolation.rb +1 -0
data/lib/rubocop/cop/vendor/rollbar_log.rb +1 -0
data/lib/rubocop/cop/vendor/rollbar_logger.rb +1 -0
data/lib/rubocop/cop/vendor/rollbar_with_exception.rb +1 -0
data/lib/rubocop/cop/vendor_cops.rb +2 -0
data/lib/rubocop/vendor/version.rb +1 -1
metadata +7 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cfa5c71a43d700d91d855e340c1518a5f56158557a2d67043deb8dc1659ef581
-  data.tar.gz: 03d35e4c72b4b5f6f22a14ac8b407d9c5214daebdaaeadb3b63071f1bdf908d3
+  metadata.gz: 5c7f95e01811c3177f6f45897a3637053eb5b511e374551b97d1130e4032ad6d
+  data.tar.gz: eba723e710aee712fe9fb0772b723f816868e949ad011d42285e7c0229250731
 SHA512:
-  metadata.gz: 171f091f8d6bd081c0a669b12ec4610b8e3b8874b32cfd69d8325b094dfd6c5f841d93b14aacf61567c9ab70ca988ecf2244b7350f69db83b6c1e1d6becffbdb
-  data.tar.gz: fc669e34d8d27b3d8ced74cf5852baf94067ae9cec52263aa82ba1b1fecd8d42716716e3bfbd75ec84c7c658f08e49bac0c1b4afbedd840d92733506b5e05764
+  metadata.gz: b669cc4e4852b7c56a3206ac1c90557c56ea43f7c717ff01a7445af3e305e5a4f3c55349381d2ac3840e5a05955fa2364b7bef10c446659ecc73b72e04751f52
+  data.tar.gz: f3c87ffe11f4e0e496ab9975e015c0ec1ed780c600712834403896e871826e5ede0e5798c3f39e16cf543d2c2eacff64e124c1660f35fdfbbfc608da2db104d7

data/README.md CHANGED Viewed

@@ -1,7 +1,7 @@
-# RuboCop Vendor
+# rubocop-vendor
 [![Gem Version](https://badge.fury.io/rb/rubocop-vendor.svg)](https://badge.fury.io/rb/rubocop-vendor)
-[![CircleCI](https://circleci.com/gh/wealthsimple/rubocop-vendor.svg?style=svg)](https://circleci.com/gh/wealthsimple/rubocop-vendor)
+[![GitHub Actions Badge](https://github.com/wealthsimple/rubocop-vendor/actions/workflows/main.yml/badge.svg)](https://github.com/wealthsimple/rubocop-vendor/actions)
 Vendor integration analysis for your projects, as an extension to [RuboCop](https://github.com/rubocop-hq/rubocop).

data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of the recursive-open-struct gem.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
+      class RecursiveOpenStructGem < Base
+        MSG = <<~MSG.strip
+          Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
+        MSG
+        def on_new_investigation
+          return if processed_source.blank?
+          gem_declarations(processed_source.ast).each do |declaration|
+            next unless declaration.first_argument.str_content.match?('recursive-open-struct')
+            add_offense(declaration)
+          end
+        end
+        # @!method gem_declarations(node)
+        def_node_search :gem_declarations, <<~PATTERN
+          (:send nil? :gem str ...)
+        PATTERN
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb ADDED Viewed

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
+      # Wealthsimple ecosystem that is being phased out due to security issues.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # @safety
+      #
+      #   Note that this cop may flag false positives; for instance, the following legal
+      #   use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
+      #
+      #   ```
+      #   module MyNamespace
+      #     class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
+      #     end
+      #
+      #     def new_struct
+      #       RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
+      #     end
+      #   end
+      #   ```
+      #
+      # @example
+      #
+      #   # bad
+      #   point = RecursiveOpenStruct.new(x: 0, y: 1)
+      #
+      #   # good
+      #   Point = Struct.new(:x, :y)
+      #   point = Point.new(0, 1)
+      #
+      #   # also good
+      #   point = { x: 0, y: 1 }
+      #
+      #   # bad
+      #   test_double = RecursiveOpenStruct.new(a: 'b')
+      #
+      #   # good (assumes test using rspec-mocks)
+      #   test_double = double
+      #   allow(test_double).to receive(:a).and_return('b')
+      #
+      class RecursiveOpenStructUse < Cop
+        MSG = <<~MSG.strip
+          Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
+        MSG
+        # @!method uses_recursive_open_struct?(node)
+        def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
+          (const {nil? (cbase)} :RecursiveOpenStruct)
+        PATTERN
+        def on_const(node)
+          return unless uses_recursive_open_struct?(node)
+          return if custom_class_or_module_definition?(node)
+          add_offense(node)
+        end
+        private
+        def custom_class_or_module_definition?(node)
+          parent = node.parent
+          (parent.class_type? || parent.module_type?) && node.left_siblings.empty?
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb CHANGED Viewed

@@ -22,28 +22,45 @@ module RuboCop
       #     Rollbar.error(exception, "Unable to sync account")
       #   end
       #
+      #   # good
+      #   class ApplicationController < ActionController::Base
+      #     rescue_from InvalidRecord do |e|
+      #       Rollbar.error(e)
+      #     end
+      #   end
+      #
       class RollbarInsideRescue < Cop
         MSG = 'Only call Rollbar when handling errors inside a `rescue` block.'
+        # @!method rollbar?(node)
         def_node_matcher :rollbar?, <<-PATTERN
           (send
             (const nil? :Rollbar) {:log :debug :info :warning :error :critical} ...)
         PATTERN
+        # @!method active_support_rescuable_block?(node)
+        def_node_matcher :active_support_rescuable_block?, <<-PATTERN
+          (block
+            (send nil? :rescue_from ...) ...)
+        PATTERN
         def on_send(node)
           return unless rollbar?(node)
+          return if in_rescue_block?(node)
+          add_offense(node, location: node.children[0].loc.expression)
+        end
+        def in_rescue_block?(node)
+          current_node = node
-          current_node = node.parent
-          until current_node.nil?
-            return if current_node.rescue_type?
+          while (current_node = current_node.parent)
+            return true if current_node.rescue_type?
+            return true if active_support_rescuable_block?(current_node)
             break if current_node.def_type?
             break if current_node.class_type?
-            current_node = current_node.parent
           end
-          add_offense(node, location: node.children[0].loc.expression)
         end
       end
     end

data/lib/rubocop/cop/vendor/rollbar_interpolation.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module RuboCop
       class RollbarInterpolation < Cop
         MSG = 'Send extra fields as hash parameter instead of interpolated message.'
+        # @!method bad_method?(node)
         def_node_matcher :bad_method?, <<-PATTERN
           (send
             (const nil? :Rollbar) {:error :critical}

data/lib/rubocop/cop/vendor/rollbar_log.rb CHANGED Viewed

@@ -20,6 +20,7 @@ module RuboCop
         MSG = 'Use `Rollbar.%<method>s` instead of `Rollbar.log`.'
+        # @!method bad_method?(node)
         def_node_matcher :bad_method?, <<-PATTERN
           (send
             (const nil? :Rollbar) :log

data/lib/rubocop/cop/vendor/rollbar_logger.rb CHANGED Viewed

@@ -20,6 +20,7 @@ module RuboCop
       class RollbarLogger < Cop
         MSG = 'Use `Rails.logger` for `debug`, `info` or `warning` calls.'
+        # @!method bad_method?(node)
         def_node_matcher :bad_method?, <<-PATTERN
           (send (const nil? :Rollbar) {:debug :info :warning} {str hash})
         PATTERN

data/lib/rubocop/cop/vendor/rollbar_with_exception.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module RuboCop
         MSG = 'Send exception as first parameter when calling `error` or `critical`.'
+        # @!method bad_method?(node)
         def_node_matcher :bad_method?, <<-PATTERN
           (send
             (const nil? :Rollbar) {:error :critical}

data/lib/rubocop/cop/vendor_cops.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 module RuboCop
 end
+require_relative 'vendor/recursive_open_struct_gem'
+require_relative 'vendor/recursive_open_struct_use'
 require_relative 'vendor/rollbar_inside_rescue'
 require_relative 'vendor/rollbar_interpolation'
 require_relative 'vendor/rollbar_log'

data/lib/rubocop/vendor/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module RuboCop
   module Vendor
     module Version
-      STRING = '0.4.0'
+      STRING = '0.7.0'
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-vendor
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Danilo Cabello
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-13 00:00:00.000000000 Z
+date: 2021-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -82,6 +82,8 @@ files:
 - README.md
 - config/default.yml
 - lib/rubocop-vendor.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_use.rb
 - lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
 - lib/rubocop/cop/vendor/rollbar_interpolation.rb
 - lib/rubocop/cop/vendor/rollbar_log.rb
@@ -96,7 +98,7 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://rubocop-vendor.readthedocs.io/
-  changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/main/CHANGELOG.md
   source_code_uri: https://github.com/wealthsimple/rubocop-vendor/
   documentation_uri: https://rubocop-vendor.readthedocs.io/
   bug_tracker_uri: https://github.com/wealthsimple/rubocop-vendor/issues
@@ -108,14 +110,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Automatic vendor integration checking tool for Ruby code.