rubocop-vendor 0.6.1 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14c18d2f337b52f8134c40f8e43c92e68a2124fe963c28f51538305f10c256d0
-  data.tar.gz: ee0e68653af5d24dd75d29a894c8da2725030c92714e75924603db2c984e3430
+  metadata.gz: 7d867562f8a9e85f0d94caae5dd1563c02076139244c4a76368e227875d74dab
+  data.tar.gz: bc40f7a41d3f016395040735a6b9b1373cd8e154971bf1310c6f1422d083a7f3
 SHA512:
-  metadata.gz: 96d0eb7c18afbe8711722aa88d9a75adc25284ce437c97e565d74a0218f2b9a9e473fba2de7cf417360a059a288ff7b42a21d594de1c27f1044124d1c3d2ced0
-  data.tar.gz: 0e7efef91d82dbf624c5726713539f35dd49a760235396eebff75dca84b17e80d778ec9c81882c4a93c59b3597162c3dee57e59d0cbe492218d8eaa5d50637e3
+  metadata.gz: e6128e3f8bec055fd34b7a00054363ef8d92b112e34561cde41e955347733dc6cfd8de5fb2ad1ea07f4d6024b69305ae4d30a68feb1d062f624c18d20058137b
+  data.tar.gz: 90bd2a76c1327cc1f62e84c6b99a242f803d75ca7243d9bb338764e3c46ec955d2fd9289ae921116ff4026a0d493229d44d670bde67df1940fe1c442b01d1528

data/lib/rubocop/cop/vendor/base.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      class Base < Rubocop::Cop::Base
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/recursive_open_struct_gem.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of the recursive-open-struct gem.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
+      class RecursiveOpenStructGem < Base
+        MSG = <<~MSG.strip
+          Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
+        MSG
+
+        def on_new_investigation
+          return if processed_source.blank?
+
+          gem_declarations(processed_source.ast).each do |declaration|
+            next unless declaration.first_argument.str_content.match?('recursive-open-struct')
+
+            add_offense(declaration)
+          end
+        end
+
+        # @!method gem_declarations(node)
+        def_node_search :gem_declarations, <<~PATTERN
+          (:send nil? :gem str ...)
+        PATTERN
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/recursive_open_struct_use.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Vendor
+      # This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
+      # Wealthsimple ecosystem that is being phased out due to security issues.
+      #
+      # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
+      # for performance, version compatibility, and security issues.
+      #
+      # @safety
+      #
+      #   Note that this cop may flag false positives; for instance, the following legal
+      #   use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
+      #
+      #   ```
+      #   module MyNamespace
+      #     class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
+      #     end
+      #
+      #     def new_struct
+      #       RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
+      #     end
+      #   end
+      #   ```
+      #
+      # @example
+      #
+      #   # bad
+      #   point = RecursiveOpenStruct.new(x: 0, y: 1)
+      #
+      #   # good
+      #   Point = Struct.new(:x, :y)
+      #   point = Point.new(0, 1)
+      #
+      #   # also good
+      #   point = { x: 0, y: 1 }
+      #
+      #   # bad
+      #   test_double = RecursiveOpenStruct.new(a: 'b')
+      #
+      #   # good (assumes test using rspec-mocks)
+      #   test_double = double
+      #   allow(test_double).to receive(:a).and_return('b')
+      #
+      class RecursiveOpenStructUse < Base
+        MSG = <<~MSG.strip
+          Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
+        MSG
+
+        # @!method uses_recursive_open_struct?(node)
+        def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
+          (const {nil? (cbase)} :RecursiveOpenStruct)
+        PATTERN
+
+        def on_const(node)
+          return unless uses_recursive_open_struct?(node)
+          return if custom_class_or_module_definition?(node)
+
+          add_offense(node)
+        end
+
+        private
+
+        def custom_class_or_module_definition?(node)
+          parent = node.parent
+
+          (parent.class_type? || parent.module_type?) && node.left_siblings.empty?
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/vendor/rollbar_inside_rescue.rb

@@ -29,7 +29,7 @@ module RuboCop
       #     end
       #   end
       #
-      class RollbarInsideRescue < Cop
+      class RollbarInsideRescue < Base
         MSG = 'Only call Rollbar when handling errors inside a `rescue` block.'
 
         # @!method rollbar?(node)
@@ -48,7 +48,7 @@ module RuboCop
           return unless rollbar?(node)
           return if in_rescue_block?(node)
 
-          add_offense(node, location: node.children[0].loc.expression)
+          add_offense(node.children[0].loc.expression)
         end
 
         def in_rescue_block?(node)

data/lib/rubocop/cop/vendor/rollbar_interpolation.rb

@@ -16,7 +16,7 @@ module RuboCop
       #   # good
       #   Rollbar.error(e, "Unable to sync account", account_id: account.id)
       #
-      class RollbarInterpolation < Cop
+      class RollbarInterpolation < Base
         MSG = 'Send extra fields as hash parameter instead of interpolated message.'
 
         # @!method bad_method?(node)

data/lib/rubocop/cop/vendor/rollbar_log.rb

@@ -15,8 +15,9 @@ module RuboCop
       #   # good
       #   Rollbar.info('Stale message')
       #
-      class RollbarLog < Cop
+      class RollbarLog < Base
         include RangeHelp
+        extend AutoCorrector
 
         MSG = 'Use `Rollbar.%<method>s` instead of `Rollbar.log`.'
 
@@ -30,13 +31,11 @@ module RuboCop
         def on_send(node)
           return unless bad_method?(node)
 
-          add_offense(node, location: offending_range(node))
-        end
-
-        def autocorrect(node)
           range = offending_range(node)
-          replacement = "#{node.children[2].value}#{range.source.include?('(') ? '(' : ' '}"
-          lambda do |corrector|
+          method = node.children[2].value
+
+          add_offense(range, message: format(MSG, method: method)) do |corrector|
+            replacement = "#{method}#{range.source.include?('(') ? '(' : ' '}"
             corrector.replace(range, replacement)
           end
         end
@@ -49,10 +48,6 @@ module RuboCop
             node.children[3].loc.column
           )
         end
-
-        def message(node)
-          format(MSG, method: node.children[2].value)
-        end
       end
     end
   end

data/lib/rubocop/cop/vendor/rollbar_logger.rb

@@ -17,7 +17,9 @@ module RuboCop
       #   # good
       #   Rails.logger.info("Stale message")
       #
-      class RollbarLogger < Cop
+      class RollbarLogger < Base
+        extend AutoCorrector
+
         MSG = 'Use `Rails.logger` for `debug`, `info` or `warning` calls.'
 
         # @!method bad_method?(node)
@@ -28,12 +30,10 @@ module RuboCop
         def on_send(node)
           return unless bad_method?(node)
 
-          add_offense(node, location: node.children[0].loc.expression)
-        end
+          offending_node = node.children.first
 
-        def autocorrect(node)
-          lambda do |corrector|
-            corrector.replace(node.children[0].loc.expression, 'Rails.logger')
+          add_offense(offending_node) do |corrector|
+            corrector.replace(offending_node.loc.expression, 'Rails.logger')
           end
         end
       end

data/lib/rubocop/cop/vendor/rollbar_with_exception.rb

@@ -19,7 +19,7 @@ module RuboCop
       #   # good
       #   Rollbar.error(exception, "Unable to sync account")
       #
-      class RollbarWithException < Cop
+      class RollbarWithException < Base
         include RangeHelp
 
         MSG = 'Send exception as first parameter when calling `error` or `critical`.'
@@ -37,7 +37,8 @@ module RuboCop
           return unless first_param
 
           begin_pos = first_param.loc.expression.begin.begin_pos
-          add_offense(first_param, location: range_between(begin_pos, begin_pos + 1))
+
+          add_offense(range_between(begin_pos, begin_pos + 1))
         end
       end
     end

data/lib/rubocop/cop/vendor_cops.rb

@@ -3,6 +3,8 @@
 module RuboCop
 end
 
+require_relative 'vendor/recursive_open_struct_gem'
+require_relative 'vendor/recursive_open_struct_use'
 require_relative 'vendor/rollbar_inside_rescue'
 require_relative 'vendor/rollbar_interpolation'
 require_relative 'vendor/rollbar_log'

data/lib/rubocop/vendor/version.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Vendor
     module Version
-      STRING = '0.6.1'
+      STRING = '0.8.1'
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-vendor
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.8.1
 platform: ruby
 authors:
 - Danilo Cabello
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-06 00:00:00.000000000 Z
+date: 2022-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -82,6 +82,9 @@ files:
 - README.md
 - config/default.yml
 - lib/rubocop-vendor.rb
+- lib/rubocop/cop/vendor/base.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
+- lib/rubocop/cop/vendor/recursive_open_struct_use.rb
 - lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
 - lib/rubocop/cop/vendor/rollbar_interpolation.rb
 - lib/rubocop/cop/vendor/rollbar_log.rb
@@ -100,6 +103,7 @@ metadata:
   source_code_uri: https://github.com/wealthsimple/rubocop-vendor/
   documentation_uri: https://rubocop-vendor.readthedocs.io/
   bug_tracker_uri: https://github.com/wealthsimple/rubocop-vendor/issues
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths: