rubocop-vendor 0.4.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb +34 -0
- data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb +74 -0
- data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb +24 -7
- data/lib/rubocop/cop/vendor/rollbar_interpolation.rb +1 -0
- data/lib/rubocop/cop/vendor/rollbar_log.rb +1 -0
- data/lib/rubocop/cop/vendor/rollbar_logger.rb +1 -0
- data/lib/rubocop/cop/vendor/rollbar_with_exception.rb +1 -0
- data/lib/rubocop/cop/vendor_cops.rb +2 -0
- data/lib/rubocop/vendor/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c7f95e01811c3177f6f45897a3637053eb5b511e374551b97d1130e4032ad6d
|
|
4
|
+
data.tar.gz: eba723e710aee712fe9fb0772b723f816868e949ad011d42285e7c0229250731
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b669cc4e4852b7c56a3206ac1c90557c56ea43f7c717ff01a7445af3e305e5a4f3c55349381d2ac3840e5a05955fa2364b7bef10c446659ecc73b72e04751f52
|
|
7
|
+
data.tar.gz: f3c87ffe11f4e0e496ab9975e015c0ec1ed780c600712834403896e871826e5ede0e5798c3f39e16cf543d2c2eacff64e124c1660f35fdfbbfc608da2db104d7
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
#
|
|
1
|
+
# rubocop-vendor
|
|
2
2
|
|
|
3
3
|
[](https://badge.fury.io/rb/rubocop-vendor)
|
|
4
|
-
[](https://github.com/wealthsimple/rubocop-vendor/actions)
|
|
5
5
|
|
|
6
6
|
Vendor integration analysis for your projects, as an extension to [RuboCop](https://github.com/rubocop-hq/rubocop).
|
|
7
7
|
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Vendor
|
|
6
|
+
# This cop flags uses of the recursive-open-struct gem.
|
|
7
|
+
#
|
|
8
|
+
# RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
|
|
9
|
+
# for performance, version compatibility, and security issues.
|
|
10
|
+
#
|
|
11
|
+
# https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
|
|
12
|
+
class RecursiveOpenStructGem < Base
|
|
13
|
+
MSG = <<~MSG.strip
|
|
14
|
+
Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
|
|
15
|
+
MSG
|
|
16
|
+
|
|
17
|
+
def on_new_investigation
|
|
18
|
+
return if processed_source.blank?
|
|
19
|
+
|
|
20
|
+
gem_declarations(processed_source.ast).each do |declaration|
|
|
21
|
+
next unless declaration.first_argument.str_content.match?('recursive-open-struct')
|
|
22
|
+
|
|
23
|
+
add_offense(declaration)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# @!method gem_declarations(node)
|
|
28
|
+
def_node_search :gem_declarations, <<~PATTERN
|
|
29
|
+
(:send nil? :gem str ...)
|
|
30
|
+
PATTERN
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Vendor
|
|
6
|
+
# This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
|
|
7
|
+
# Wealthsimple ecosystem that is being phased out due to security issues.
|
|
8
|
+
#
|
|
9
|
+
# RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
|
|
10
|
+
# for performance, version compatibility, and security issues.
|
|
11
|
+
#
|
|
12
|
+
# @safety
|
|
13
|
+
#
|
|
14
|
+
# Note that this cop may flag false positives; for instance, the following legal
|
|
15
|
+
# use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
|
|
16
|
+
#
|
|
17
|
+
# ```
|
|
18
|
+
# module MyNamespace
|
|
19
|
+
# class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
|
|
20
|
+
# end
|
|
21
|
+
#
|
|
22
|
+
# def new_struct
|
|
23
|
+
# RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
|
|
24
|
+
# end
|
|
25
|
+
# end
|
|
26
|
+
# ```
|
|
27
|
+
#
|
|
28
|
+
# @example
|
|
29
|
+
#
|
|
30
|
+
# # bad
|
|
31
|
+
# point = RecursiveOpenStruct.new(x: 0, y: 1)
|
|
32
|
+
#
|
|
33
|
+
# # good
|
|
34
|
+
# Point = Struct.new(:x, :y)
|
|
35
|
+
# point = Point.new(0, 1)
|
|
36
|
+
#
|
|
37
|
+
# # also good
|
|
38
|
+
# point = { x: 0, y: 1 }
|
|
39
|
+
#
|
|
40
|
+
# # bad
|
|
41
|
+
# test_double = RecursiveOpenStruct.new(a: 'b')
|
|
42
|
+
#
|
|
43
|
+
# # good (assumes test using rspec-mocks)
|
|
44
|
+
# test_double = double
|
|
45
|
+
# allow(test_double).to receive(:a).and_return('b')
|
|
46
|
+
#
|
|
47
|
+
class RecursiveOpenStructUse < Cop
|
|
48
|
+
MSG = <<~MSG.strip
|
|
49
|
+
Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
|
|
50
|
+
MSG
|
|
51
|
+
|
|
52
|
+
# @!method uses_recursive_open_struct?(node)
|
|
53
|
+
def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
|
|
54
|
+
(const {nil? (cbase)} :RecursiveOpenStruct)
|
|
55
|
+
PATTERN
|
|
56
|
+
|
|
57
|
+
def on_const(node)
|
|
58
|
+
return unless uses_recursive_open_struct?(node)
|
|
59
|
+
return if custom_class_or_module_definition?(node)
|
|
60
|
+
|
|
61
|
+
add_offense(node)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
private
|
|
65
|
+
|
|
66
|
+
def custom_class_or_module_definition?(node)
|
|
67
|
+
parent = node.parent
|
|
68
|
+
|
|
69
|
+
(parent.class_type? || parent.module_type?) && node.left_siblings.empty?
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -22,28 +22,45 @@ module RuboCop
|
|
|
22
22
|
# Rollbar.error(exception, "Unable to sync account")
|
|
23
23
|
# end
|
|
24
24
|
#
|
|
25
|
+
# # good
|
|
26
|
+
# class ApplicationController < ActionController::Base
|
|
27
|
+
# rescue_from InvalidRecord do |e|
|
|
28
|
+
# Rollbar.error(e)
|
|
29
|
+
# end
|
|
30
|
+
# end
|
|
31
|
+
#
|
|
25
32
|
class RollbarInsideRescue < Cop
|
|
26
33
|
MSG = 'Only call Rollbar when handling errors inside a `rescue` block.'
|
|
27
34
|
|
|
35
|
+
# @!method rollbar?(node)
|
|
28
36
|
def_node_matcher :rollbar?, <<-PATTERN
|
|
29
37
|
(send
|
|
30
38
|
(const nil? :Rollbar) {:log :debug :info :warning :error :critical} ...)
|
|
31
39
|
PATTERN
|
|
32
40
|
|
|
41
|
+
# @!method active_support_rescuable_block?(node)
|
|
42
|
+
def_node_matcher :active_support_rescuable_block?, <<-PATTERN
|
|
43
|
+
(block
|
|
44
|
+
(send nil? :rescue_from ...) ...)
|
|
45
|
+
PATTERN
|
|
46
|
+
|
|
33
47
|
def on_send(node)
|
|
34
48
|
return unless rollbar?(node)
|
|
49
|
+
return if in_rescue_block?(node)
|
|
50
|
+
|
|
51
|
+
add_offense(node, location: node.children[0].loc.expression)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def in_rescue_block?(node)
|
|
55
|
+
current_node = node
|
|
35
56
|
|
|
36
|
-
current_node =
|
|
37
|
-
|
|
38
|
-
return if current_node
|
|
57
|
+
while (current_node = current_node.parent)
|
|
58
|
+
return true if current_node.rescue_type?
|
|
59
|
+
return true if active_support_rescuable_block?(current_node)
|
|
39
60
|
|
|
40
61
|
break if current_node.def_type?
|
|
41
62
|
break if current_node.class_type?
|
|
42
|
-
|
|
43
|
-
current_node = current_node.parent
|
|
44
63
|
end
|
|
45
|
-
|
|
46
|
-
add_offense(node, location: node.children[0].loc.expression)
|
|
47
64
|
end
|
|
48
65
|
end
|
|
49
66
|
end
|
|
@@ -19,6 +19,7 @@ module RuboCop
|
|
|
19
19
|
class RollbarInterpolation < Cop
|
|
20
20
|
MSG = 'Send extra fields as hash parameter instead of interpolated message.'
|
|
21
21
|
|
|
22
|
+
# @!method bad_method?(node)
|
|
22
23
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
23
24
|
(send
|
|
24
25
|
(const nil? :Rollbar) {:error :critical}
|
|
@@ -20,6 +20,7 @@ module RuboCop
|
|
|
20
20
|
class RollbarLogger < Cop
|
|
21
21
|
MSG = 'Use `Rails.logger` for `debug`, `info` or `warning` calls.'
|
|
22
22
|
|
|
23
|
+
# @!method bad_method?(node)
|
|
23
24
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
24
25
|
(send (const nil? :Rollbar) {:debug :info :warning} {str hash})
|
|
25
26
|
PATTERN
|
|
@@ -3,6 +3,8 @@
|
|
|
3
3
|
module RuboCop
|
|
4
4
|
end
|
|
5
5
|
|
|
6
|
+
require_relative 'vendor/recursive_open_struct_gem'
|
|
7
|
+
require_relative 'vendor/recursive_open_struct_use'
|
|
6
8
|
require_relative 'vendor/rollbar_inside_rescue'
|
|
7
9
|
require_relative 'vendor/rollbar_interpolation'
|
|
8
10
|
require_relative 'vendor/rollbar_log'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubocop-vendor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Danilo Cabello
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2021-12-06 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rubocop
|
|
@@ -82,6 +82,8 @@ files:
|
|
|
82
82
|
- README.md
|
|
83
83
|
- config/default.yml
|
|
84
84
|
- lib/rubocop-vendor.rb
|
|
85
|
+
- lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
|
|
86
|
+
- lib/rubocop/cop/vendor/recursive_open_struct_use.rb
|
|
85
87
|
- lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
|
|
86
88
|
- lib/rubocop/cop/vendor/rollbar_interpolation.rb
|
|
87
89
|
- lib/rubocop/cop/vendor/rollbar_log.rb
|
|
@@ -96,7 +98,7 @@ licenses:
|
|
|
96
98
|
- MIT
|
|
97
99
|
metadata:
|
|
98
100
|
homepage_uri: https://rubocop-vendor.readthedocs.io/
|
|
99
|
-
changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/
|
|
101
|
+
changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/main/CHANGELOG.md
|
|
100
102
|
source_code_uri: https://github.com/wealthsimple/rubocop-vendor/
|
|
101
103
|
documentation_uri: https://rubocop-vendor.readthedocs.io/
|
|
102
104
|
bug_tracker_uri: https://github.com/wealthsimple/rubocop-vendor/issues
|
|
@@ -108,14 +110,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
108
110
|
requirements:
|
|
109
111
|
- - ">="
|
|
110
112
|
- !ruby/object:Gem::Version
|
|
111
|
-
version: '2.
|
|
113
|
+
version: '2.7'
|
|
112
114
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
113
115
|
requirements:
|
|
114
116
|
- - ">="
|
|
115
117
|
- !ruby/object:Gem::Version
|
|
116
118
|
version: '0'
|
|
117
119
|
requirements: []
|
|
118
|
-
rubygems_version: 3.
|
|
120
|
+
rubygems_version: 3.1.6
|
|
119
121
|
signing_key:
|
|
120
122
|
specification_version: 4
|
|
121
123
|
summary: Automatic vendor integration checking tool for Ruby code.
|