rubocop-vendor 0.5.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/rubocop/cop/vendor/base.rb +10 -0
- data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb +34 -0
- data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb +74 -0
- data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb +4 -2
- data/lib/rubocop/cop/vendor/rollbar_interpolation.rb +2 -1
- data/lib/rubocop/cop/vendor/rollbar_log.rb +7 -11
- data/lib/rubocop/cop/vendor/rollbar_logger.rb +7 -6
- data/lib/rubocop/cop/vendor/rollbar_with_exception.rb +4 -2
- data/lib/rubocop/cop/vendor_cops.rb +2 -0
- data/lib/rubocop/vendor/version.rb +1 -1
- metadata +9 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 75fb6f80f777001ae08fb11275a2489740ea2477d14c0e76ddae6ad8ab7f7132
|
|
4
|
+
data.tar.gz: 7fda8672d9cd813640f0361d4f10815dc0e534a1e2df220331e042c84e7d098c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 558ad8d98baaa0611ff368bbfd297364e0d84c0cc491c1e8194c11c77cd56fd43fca48671dc24ecc6ed7d41f2d3853b780835850853c4cd732973333e8a2bcc8
|
|
7
|
+
data.tar.gz: 6aae9c4d1b9ff948e392c328f84efa230283aa292d85cc294f59adaddd1e96b2a1341d287907061c798e88f746c24eb5e0bee8265a27c79bbc670c11a603e711
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
#
|
|
1
|
+
# rubocop-vendor
|
|
2
2
|
|
|
3
3
|
[](https://badge.fury.io/rb/rubocop-vendor)
|
|
4
|
-
[](https://github.com/wealthsimple/rubocop-vendor/actions)
|
|
5
5
|
|
|
6
6
|
Vendor integration analysis for your projects, as an extension to [RuboCop](https://github.com/rubocop-hq/rubocop).
|
|
7
7
|
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Vendor
|
|
6
|
+
# This cop flags uses of the recursive-open-struct gem.
|
|
7
|
+
#
|
|
8
|
+
# RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
|
|
9
|
+
# for performance, version compatibility, and security issues.
|
|
10
|
+
#
|
|
11
|
+
# https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
|
|
12
|
+
class RecursiveOpenStructGem < Base
|
|
13
|
+
MSG = <<~MSG.strip
|
|
14
|
+
Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
|
|
15
|
+
MSG
|
|
16
|
+
|
|
17
|
+
def on_new_investigation
|
|
18
|
+
return if processed_source.blank?
|
|
19
|
+
|
|
20
|
+
gem_declarations(processed_source.ast).each do |declaration|
|
|
21
|
+
next unless declaration.first_argument.str_content.match?('recursive-open-struct')
|
|
22
|
+
|
|
23
|
+
add_offense(declaration)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# @!method gem_declarations(node)
|
|
28
|
+
def_node_search :gem_declarations, <<~PATTERN
|
|
29
|
+
(:send nil? :gem str ...)
|
|
30
|
+
PATTERN
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Vendor
|
|
6
|
+
# This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
|
|
7
|
+
# Wealthsimple ecosystem that is being phased out due to security issues.
|
|
8
|
+
#
|
|
9
|
+
# RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
|
|
10
|
+
# for performance, version compatibility, and security issues.
|
|
11
|
+
#
|
|
12
|
+
# @safety
|
|
13
|
+
#
|
|
14
|
+
# Note that this cop may flag false positives; for instance, the following legal
|
|
15
|
+
# use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
|
|
16
|
+
#
|
|
17
|
+
# ```
|
|
18
|
+
# module MyNamespace
|
|
19
|
+
# class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
|
|
20
|
+
# end
|
|
21
|
+
#
|
|
22
|
+
# def new_struct
|
|
23
|
+
# RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
|
|
24
|
+
# end
|
|
25
|
+
# end
|
|
26
|
+
# ```
|
|
27
|
+
#
|
|
28
|
+
# @example
|
|
29
|
+
#
|
|
30
|
+
# # bad
|
|
31
|
+
# point = RecursiveOpenStruct.new(x: 0, y: 1)
|
|
32
|
+
#
|
|
33
|
+
# # good
|
|
34
|
+
# Point = Struct.new(:x, :y)
|
|
35
|
+
# point = Point.new(0, 1)
|
|
36
|
+
#
|
|
37
|
+
# # also good
|
|
38
|
+
# point = { x: 0, y: 1 }
|
|
39
|
+
#
|
|
40
|
+
# # bad
|
|
41
|
+
# test_double = RecursiveOpenStruct.new(a: 'b')
|
|
42
|
+
#
|
|
43
|
+
# # good (assumes test using rspec-mocks)
|
|
44
|
+
# test_double = double
|
|
45
|
+
# allow(test_double).to receive(:a).and_return('b')
|
|
46
|
+
#
|
|
47
|
+
class RecursiveOpenStructUse < Base
|
|
48
|
+
MSG = <<~MSG.strip
|
|
49
|
+
Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
|
|
50
|
+
MSG
|
|
51
|
+
|
|
52
|
+
# @!method uses_recursive_open_struct?(node)
|
|
53
|
+
def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
|
|
54
|
+
(const {nil? (cbase)} :RecursiveOpenStruct)
|
|
55
|
+
PATTERN
|
|
56
|
+
|
|
57
|
+
def on_const(node)
|
|
58
|
+
return unless uses_recursive_open_struct?(node)
|
|
59
|
+
return if custom_class_or_module_definition?(node)
|
|
60
|
+
|
|
61
|
+
add_offense(node)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
private
|
|
65
|
+
|
|
66
|
+
def custom_class_or_module_definition?(node)
|
|
67
|
+
parent = node.parent
|
|
68
|
+
|
|
69
|
+
(parent.class_type? || parent.module_type?) && node.left_siblings.empty?
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -29,14 +29,16 @@ module RuboCop
|
|
|
29
29
|
# end
|
|
30
30
|
# end
|
|
31
31
|
#
|
|
32
|
-
class RollbarInsideRescue <
|
|
32
|
+
class RollbarInsideRescue < Base
|
|
33
33
|
MSG = 'Only call Rollbar when handling errors inside a `rescue` block.'
|
|
34
34
|
|
|
35
|
+
# @!method rollbar?(node)
|
|
35
36
|
def_node_matcher :rollbar?, <<-PATTERN
|
|
36
37
|
(send
|
|
37
38
|
(const nil? :Rollbar) {:log :debug :info :warning :error :critical} ...)
|
|
38
39
|
PATTERN
|
|
39
40
|
|
|
41
|
+
# @!method active_support_rescuable_block?(node)
|
|
40
42
|
def_node_matcher :active_support_rescuable_block?, <<-PATTERN
|
|
41
43
|
(block
|
|
42
44
|
(send nil? :rescue_from ...) ...)
|
|
@@ -46,7 +48,7 @@ module RuboCop
|
|
|
46
48
|
return unless rollbar?(node)
|
|
47
49
|
return if in_rescue_block?(node)
|
|
48
50
|
|
|
49
|
-
add_offense(node
|
|
51
|
+
add_offense(node.children[0].loc.expression)
|
|
50
52
|
end
|
|
51
53
|
|
|
52
54
|
def in_rescue_block?(node)
|
|
@@ -16,9 +16,10 @@ module RuboCop
|
|
|
16
16
|
# # good
|
|
17
17
|
# Rollbar.error(e, "Unable to sync account", account_id: account.id)
|
|
18
18
|
#
|
|
19
|
-
class RollbarInterpolation <
|
|
19
|
+
class RollbarInterpolation < Base
|
|
20
20
|
MSG = 'Send extra fields as hash parameter instead of interpolated message.'
|
|
21
21
|
|
|
22
|
+
# @!method bad_method?(node)
|
|
22
23
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
23
24
|
(send
|
|
24
25
|
(const nil? :Rollbar) {:error :critical}
|
|
@@ -15,11 +15,13 @@ module RuboCop
|
|
|
15
15
|
# # good
|
|
16
16
|
# Rollbar.info('Stale message')
|
|
17
17
|
#
|
|
18
|
-
class RollbarLog <
|
|
18
|
+
class RollbarLog < Base
|
|
19
19
|
include RangeHelp
|
|
20
|
+
extend AutoCorrector
|
|
20
21
|
|
|
21
22
|
MSG = 'Use `Rollbar.%<method>s` instead of `Rollbar.log`.'
|
|
22
23
|
|
|
24
|
+
# @!method bad_method?(node)
|
|
23
25
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
24
26
|
(send
|
|
25
27
|
(const nil? :Rollbar) :log
|
|
@@ -29,13 +31,11 @@ module RuboCop
|
|
|
29
31
|
def on_send(node)
|
|
30
32
|
return unless bad_method?(node)
|
|
31
33
|
|
|
32
|
-
add_offense(node, location: offending_range(node))
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def autocorrect(node)
|
|
36
34
|
range = offending_range(node)
|
|
37
|
-
|
|
38
|
-
|
|
35
|
+
method = node.children[2].value
|
|
36
|
+
|
|
37
|
+
add_offense(range, message: format(MSG, method: method)) do |corrector|
|
|
38
|
+
replacement = "#{method}#{range.source.include?('(') ? '(' : ' '}"
|
|
39
39
|
corrector.replace(range, replacement)
|
|
40
40
|
end
|
|
41
41
|
end
|
|
@@ -48,10 +48,6 @@ module RuboCop
|
|
|
48
48
|
node.children[3].loc.column
|
|
49
49
|
)
|
|
50
50
|
end
|
|
51
|
-
|
|
52
|
-
def message(node)
|
|
53
|
-
format(MSG, method: node.children[2].value)
|
|
54
|
-
end
|
|
55
51
|
end
|
|
56
52
|
end
|
|
57
53
|
end
|
|
@@ -17,9 +17,12 @@ module RuboCop
|
|
|
17
17
|
# # good
|
|
18
18
|
# Rails.logger.info("Stale message")
|
|
19
19
|
#
|
|
20
|
-
class RollbarLogger <
|
|
20
|
+
class RollbarLogger < Base
|
|
21
|
+
extend AutoCorrector
|
|
22
|
+
|
|
21
23
|
MSG = 'Use `Rails.logger` for `debug`, `info` or `warning` calls.'
|
|
22
24
|
|
|
25
|
+
# @!method bad_method?(node)
|
|
23
26
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
24
27
|
(send (const nil? :Rollbar) {:debug :info :warning} {str hash})
|
|
25
28
|
PATTERN
|
|
@@ -27,12 +30,10 @@ module RuboCop
|
|
|
27
30
|
def on_send(node)
|
|
28
31
|
return unless bad_method?(node)
|
|
29
32
|
|
|
30
|
-
|
|
31
|
-
end
|
|
33
|
+
offending_node = node.children.first
|
|
32
34
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
corrector.replace(node.children[0].loc.expression, 'Rails.logger')
|
|
35
|
+
add_offense(offending_node) do |corrector|
|
|
36
|
+
corrector.replace(offending_node.loc.expression, 'Rails.logger')
|
|
36
37
|
end
|
|
37
38
|
end
|
|
38
39
|
end
|
|
@@ -19,11 +19,12 @@ module RuboCop
|
|
|
19
19
|
# # good
|
|
20
20
|
# Rollbar.error(exception, "Unable to sync account")
|
|
21
21
|
#
|
|
22
|
-
class RollbarWithException <
|
|
22
|
+
class RollbarWithException < Base
|
|
23
23
|
include RangeHelp
|
|
24
24
|
|
|
25
25
|
MSG = 'Send exception as first parameter when calling `error` or `critical`.'
|
|
26
26
|
|
|
27
|
+
# @!method bad_method?(node)
|
|
27
28
|
def_node_matcher :bad_method?, <<-PATTERN
|
|
28
29
|
(send
|
|
29
30
|
(const nil? :Rollbar) {:error :critical}
|
|
@@ -36,7 +37,8 @@ module RuboCop
|
|
|
36
37
|
return unless first_param
|
|
37
38
|
|
|
38
39
|
begin_pos = first_param.loc.expression.begin.begin_pos
|
|
39
|
-
|
|
40
|
+
|
|
41
|
+
add_offense(range_between(begin_pos, begin_pos + 1))
|
|
40
42
|
end
|
|
41
43
|
end
|
|
42
44
|
end
|
|
@@ -3,6 +3,8 @@
|
|
|
3
3
|
module RuboCop
|
|
4
4
|
end
|
|
5
5
|
|
|
6
|
+
require_relative 'vendor/recursive_open_struct_gem'
|
|
7
|
+
require_relative 'vendor/recursive_open_struct_use'
|
|
6
8
|
require_relative 'vendor/rollbar_inside_rescue'
|
|
7
9
|
require_relative 'vendor/rollbar_interpolation'
|
|
8
10
|
require_relative 'vendor/rollbar_log'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubocop-vendor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Danilo Cabello
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2021-12-07 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rubocop
|
|
@@ -82,6 +82,9 @@ files:
|
|
|
82
82
|
- README.md
|
|
83
83
|
- config/default.yml
|
|
84
84
|
- lib/rubocop-vendor.rb
|
|
85
|
+
- lib/rubocop/cop/vendor/base.rb
|
|
86
|
+
- lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
|
|
87
|
+
- lib/rubocop/cop/vendor/recursive_open_struct_use.rb
|
|
85
88
|
- lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
|
|
86
89
|
- lib/rubocop/cop/vendor/rollbar_interpolation.rb
|
|
87
90
|
- lib/rubocop/cop/vendor/rollbar_log.rb
|
|
@@ -96,10 +99,11 @@ licenses:
|
|
|
96
99
|
- MIT
|
|
97
100
|
metadata:
|
|
98
101
|
homepage_uri: https://rubocop-vendor.readthedocs.io/
|
|
99
|
-
changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/
|
|
102
|
+
changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/main/CHANGELOG.md
|
|
100
103
|
source_code_uri: https://github.com/wealthsimple/rubocop-vendor/
|
|
101
104
|
documentation_uri: https://rubocop-vendor.readthedocs.io/
|
|
102
105
|
bug_tracker_uri: https://github.com/wealthsimple/rubocop-vendor/issues
|
|
106
|
+
rubygems_mfa_required: 'true'
|
|
103
107
|
post_install_message:
|
|
104
108
|
rdoc_options: []
|
|
105
109
|
require_paths:
|
|
@@ -108,14 +112,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
108
112
|
requirements:
|
|
109
113
|
- - ">="
|
|
110
114
|
- !ruby/object:Gem::Version
|
|
111
|
-
version: '2.
|
|
115
|
+
version: '2.7'
|
|
112
116
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
113
117
|
requirements:
|
|
114
118
|
- - ">="
|
|
115
119
|
- !ruby/object:Gem::Version
|
|
116
120
|
version: '0'
|
|
117
121
|
requirements: []
|
|
118
|
-
rubygems_version: 3.
|
|
122
|
+
rubygems_version: 3.1.6
|
|
119
123
|
signing_key:
|
|
120
124
|
specification_version: 4
|
|
121
125
|
summary: Automatic vendor integration checking tool for Ruby code.
|