rubocop-vendor 0.6.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69207722d1f85c15ec43d9206abb228f4051f9bf5bb6df6891975427ffbcee57
-  data.tar.gz: 37d1f7a6075504487894018da7f7adb11d70c7e9d774f7a659c9a20f372e93d5
+  metadata.gz: 595f5e0a7a5df8e76e6ac84dbbe195bbddc3feb2aaa1c50be9c6073244eb93b8
+  data.tar.gz: c933229c0d0a244d9e3b918958eee8c9d934adcf60947a00580898b243f784a3
 SHA512:
-  metadata.gz: 7d4bb0376770d8be587725522cacf89ee448d4476d2f92a05656c9847d6169935076cefed131de3e2aad36107fb94893cd4197d88e034358cb68584f27e63284
-  data.tar.gz: e0e48ef333ed5842e26ba7a8b0e3fa4326f35cd240df0d44685dd6e650ad1714daaf0388e72a5ed6ac4f39d10b59623c3eb69462977e47993cefb2c93ad2365a
+  metadata.gz: 4b8925c01fcd0ffd8409c3539c794bf509521dacf03ce52882450dfc6356c7df80140f8db2349acdf3c12436b76dc68db3b6f9e6eecd1f8d45130e6af9fb7b52
+  data.tar.gz: 10384648012c7d2dc85d28d4de95dc38dc8a12403bfa7a3d5595e8aabe0cd2111ad330f9093705a02f1b03b06976f2ca05de26e6b33d946c808c167e4113d83f

data/README.md

@@ -1,7 +1,7 @@
-# RuboCop Vendor
+# rubocop-vendor
 
 [![Gem Version](https://badge.fury.io/rb/rubocop-vendor.svg)](https://badge.fury.io/rb/rubocop-vendor)
-[![CircleCI](https://circleci.com/gh/wealthsimple/rubocop-vendor.svg?style=svg)](https://circleci.com/gh/wealthsimple/rubocop-vendor)
+[![GitHub Actions Badge](https://github.com/wealthsimple/rubocop-vendor/actions/workflows/main.yml/badge.svg)](https://github.com/wealthsimple/rubocop-vendor/actions)
 
 Vendor integration analysis for your projects, as an extension to [RuboCop](https://github.com/rubocop-hq/rubocop).
 

data/lib/rubocop/cop/vendor/base.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      class Base < Rubocop::Cop::Base
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of the recursive-open-struct gem.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
+      class RecursiveOpenStructGem < Base
+        MSG = <<~MSG.strip
+          Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
+        MSG
+
+        def on_new_investigation
+          return if processed_source.blank?
+
+          gem_declarations(processed_source.ast).each do |declaration|
+            next unless declaration.first_argument.str_content.match?('recursive-open-struct')
+
+            add_offense(declaration)
+          end
+        end
+
+        # @!method gem_declarations(node)
+        def_node_search :gem_declarations, <<~PATTERN
+          (:send nil? :gem str ...)
+        PATTERN
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
+      # Wealthsimple ecosystem that is being phased out due to security issues.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # @safety
+      #
+      #   Note that this cop may flag false positives; for instance, the following legal
+      #   use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
+      #
+      #   ```
+      #   module MyNamespace
+      #     class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
+      #     end
+      #
+      #     def new_struct
+      #       RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
+      #     end
+      #   end
+      #   ```
+      #
+      # @example
+      #
+      #   # bad
+      #   point = RecursiveOpenStruct.new(x: 0, y: 1)
+      #
+      #   # good
+      #   Point = Struct.new(:x, :y)
+      #   point = Point.new(0, 1)
+      #
+      #   # also good
+      #   point = { x: 0, y: 1 }
+      #
+      #   # bad
+      #   test_double = RecursiveOpenStruct.new(a: 'b')
+      #
+      #   # good (assumes test using rspec-mocks)
+      #   test_double = double
+      #   allow(test_double).to receive(:a).and_return('b')
+      #
+      class RecursiveOpenStructUse < Base
+        MSG = <<~MSG.strip
+          Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
+        MSG
+
+        # @!method uses_recursive_open_struct?(node)
+        def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
+          (const {nil? (cbase)} :RecursiveOpenStruct)
+        PATTERN
+
+        def on_const(node)
+          return unless uses_recursive_open_struct?(node)
+          return if custom_class_or_module_definition?(node)
+
+          add_offense(node)
+        end
+
+        private
+
+        def custom_class_or_module_definition?(node)
+          parent = node.parent
+
+          (parent.class_type? || parent.module_type?) && node.left_siblings.empty?
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb

@@ -29,7 +29,7 @@ module RuboCop
       #     end
       #   end
       #
-      class RollbarInsideRescue < Cop
+      class RollbarInsideRescue < Base
         MSG = 'Only call Rollbar when handling errors inside a `rescue` block.'
 
         # @!method rollbar?(node)
@@ -48,7 +48,7 @@ module RuboCop
           return unless rollbar?(node)
           return if in_rescue_block?(node)
 
-          add_offense(node, location: node.children[0].loc.expression)
+          add_offense(node.children[0].loc.expression)
         end
 
         def in_rescue_block?(node)

data/lib/rubocop/cop/vendor/rollbar_interpolation.rb

@@ -16,7 +16,7 @@ module RuboCop
       #   # good
       #   Rollbar.error(e, "Unable to sync account", account_id: account.id)
       #
-      class RollbarInterpolation < Cop
+      class RollbarInterpolation < Base
         MSG = 'Send extra fields as hash parameter instead of interpolated message.'
 
         # @!method bad_method?(node)

data/lib/rubocop/cop/vendor/rollbar_log.rb

@@ -15,8 +15,9 @@ module RuboCop
       #   # good
       #   Rollbar.info('Stale message')
       #
-      class RollbarLog < Cop
+      class RollbarLog < Base
         include RangeHelp
+        extend AutoCorrector
 
         MSG = 'Use `Rollbar.%<method>s` instead of `Rollbar.log`.'
 
@@ -30,13 +31,11 @@ module RuboCop
         def on_send(node)
           return unless bad_method?(node)
 
-          add_offense(node, location: offending_range(node))
-        end
-
-        def autocorrect(node)
           range = offending_range(node)
-          replacement = "#{node.children[2].value}#{range.source.include?('(') ? '(' : ' '}"
-          lambda do |corrector|
+          method = node.children[2].value
+
+          add_offense(range, message: format(MSG, method: method)) do |corrector|
+            replacement = "#{method}#{range.source.include?('(') ? '(' : ' '}"
             corrector.replace(range, replacement)
           end
         end
@@ -49,10 +48,6 @@ module RuboCop
             node.children[3].loc.column
           )
         end
-
-        def message(node)
-          format(MSG, method: node.children[2].value)
-        end
       end
     end
   end

data/lib/rubocop/cop/vendor/rollbar_logger.rb

@@ -17,7 +17,9 @@ module RuboCop
       #   # good
       #   Rails.logger.info("Stale message")
       #
-      class RollbarLogger < Cop
+      class RollbarLogger < Base
+        extend AutoCorrector
+
         MSG = 'Use `Rails.logger` for `debug`, `info` or `warning` calls.'
 
         # @!method bad_method?(node)
@@ -28,12 +30,10 @@ module RuboCop
         def on_send(node)
           return unless bad_method?(node)
 
-          add_offense(node, location: node.children[0].loc.expression)
-        end
+          offending_node = node.children.first
 
-        def autocorrect(node)
-          lambda do |corrector|
-            corrector.replace(node.children[0].loc.expression, 'Rails.logger')
+          add_offense(offending_node) do |corrector|
+            corrector.replace(offending_node.loc.expression, 'Rails.logger')
           end
         end
       end

data/lib/rubocop/cop/vendor/rollbar_with_exception.rb

@@ -19,7 +19,7 @@ module RuboCop
       #   # good
       #   Rollbar.error(exception, "Unable to sync account")
       #
-      class RollbarWithException < Cop
+      class RollbarWithException < Base
         include RangeHelp
 
         MSG = 'Send exception as first parameter when calling `error` or `critical`.'
@@ -37,7 +37,8 @@ module RuboCop
           return unless first_param
 
           begin_pos = first_param.loc.expression.begin.begin_pos
-          add_offense(first_param, location: range_between(begin_pos, begin_pos + 1))
+
+          add_offense(range_between(begin_pos, begin_pos + 1))
         end
       end
     end

data/lib/rubocop/cop/vendor_cops.rb

@@ -3,6 +3,8 @@
 module RuboCop
 end
 
+require_relative 'vendor/recursive_open_struct_gem'
+require_relative 'vendor/recursive_open_struct_use'
 require_relative 'vendor/rollbar_inside_rescue'
 require_relative 'vendor/rollbar_interpolation'
 require_relative 'vendor/rollbar_log'

data/lib/rubocop/vendor/version.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Vendor
     module Version
-      STRING = '0.6.0'
+      STRING = '0.8.0'
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-vendor
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Danilo Cabello
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2022-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -82,6 +82,9 @@ files:
 - README.md
 - config/default.yml
 - lib/rubocop-vendor.rb
+- lib/rubocop/cop/vendor/base.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_use.rb
 - lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
 - lib/rubocop/cop/vendor/rollbar_interpolation.rb
 - lib/rubocop/cop/vendor/rollbar_log.rb
@@ -96,10 +99,11 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://rubocop-vendor.readthedocs.io/
-  changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/wealthsimple/rubocop-vendor/blob/main/CHANGELOG.md
   source_code_uri: https://github.com/wealthsimple/rubocop-vendor/
   documentation_uri: https://rubocop-vendor.readthedocs.io/
   bug_tracker_uri: https://github.com/wealthsimple/rubocop-vendor/issues
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -108,14 +112,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Automatic vendor integration checking tool for Ruby code.