rubocop-vendor 0.6.1 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 14c18d2f337b52f8134c40f8e43c92e68a2124fe963c28f51538305f10c256d0
4
- data.tar.gz: ee0e68653af5d24dd75d29a894c8da2725030c92714e75924603db2c984e3430
3
+ metadata.gz: 5c7f95e01811c3177f6f45897a3637053eb5b511e374551b97d1130e4032ad6d
4
+ data.tar.gz: eba723e710aee712fe9fb0772b723f816868e949ad011d42285e7c0229250731
5
5
  SHA512:
6
- metadata.gz: 96d0eb7c18afbe8711722aa88d9a75adc25284ce437c97e565d74a0218f2b9a9e473fba2de7cf417360a059a288ff7b42a21d594de1c27f1044124d1c3d2ced0
7
- data.tar.gz: 0e7efef91d82dbf624c5726713539f35dd49a760235396eebff75dca84b17e80d778ec9c81882c4a93c59b3597162c3dee57e59d0cbe492218d8eaa5d50637e3
6
+ metadata.gz: b669cc4e4852b7c56a3206ac1c90557c56ea43f7c717ff01a7445af3e305e5a4f3c55349381d2ac3840e5a05955fa2364b7bef10c446659ecc73b72e04751f52
7
+ data.tar.gz: f3c87ffe11f4e0e496ab9975e015c0ec1ed780c600712834403896e871826e5ede0e5798c3f39e16cf543d2c2eacff64e124c1660f35fdfbbfc608da2db104d7
@@ -0,0 +1,34 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RuboCop
4
+ module Cop
5
+ module Vendor
6
+ # This cop flags uses of the recursive-open-struct gem.
7
+ #
8
+ # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
9
+ # for performance, version compatibility, and security issues.
10
+ #
11
+ # https://ruby-doc.org/stdlib-3.0.1/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats
12
+ class RecursiveOpenStructGem < Base
13
+ MSG = <<~MSG.strip
14
+ Do not use the recursive-open-struct gem. RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged from usage due to performance, version compatibility, and security issues.
15
+ MSG
16
+
17
+ def on_new_investigation
18
+ return if processed_source.blank?
19
+
20
+ gem_declarations(processed_source.ast).each do |declaration|
21
+ next unless declaration.first_argument.str_content.match?('recursive-open-struct')
22
+
23
+ add_offense(declaration)
24
+ end
25
+ end
26
+
27
+ # @!method gem_declarations(node)
28
+ def_node_search :gem_declarations, <<~PATTERN
29
+ (:send nil? :gem str ...)
30
+ PATTERN
31
+ end
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,74 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RuboCop
4
+ module Cop
5
+ module Vendor
6
+ # This cop flags uses of RecursiveOpenStruct. RecursiveOpenStruct is a library used in the
7
+ # Wealthsimple ecosystem that is being phased out due to security issues.
8
+ #
9
+ # RecursiveOpenStruct inherits from OpenStruct, which is now officially discouraged to be used
10
+ # for performance, version compatibility, and security issues.
11
+ #
12
+ # @safety
13
+ #
14
+ # Note that this cop may flag false positives; for instance, the following legal
15
+ # use of a hand-rolled `RecursiveOpenStruct` type would be considered an offense:
16
+ #
17
+ # ```
18
+ # module MyNamespace
19
+ # class RecursiveOpenStruct # not the RecursiveOpenStruct we're looking for
20
+ # end
21
+ #
22
+ # def new_struct
23
+ # RecursiveOpenStruct.new # resolves to MyNamespace::RecursiveOpenStruct
24
+ # end
25
+ # end
26
+ # ```
27
+ #
28
+ # @example
29
+ #
30
+ # # bad
31
+ # point = RecursiveOpenStruct.new(x: 0, y: 1)
32
+ #
33
+ # # good
34
+ # Point = Struct.new(:x, :y)
35
+ # point = Point.new(0, 1)
36
+ #
37
+ # # also good
38
+ # point = { x: 0, y: 1 }
39
+ #
40
+ # # bad
41
+ # test_double = RecursiveOpenStruct.new(a: 'b')
42
+ #
43
+ # # good (assumes test using rspec-mocks)
44
+ # test_double = double
45
+ # allow(test_double).to receive(:a).and_return('b')
46
+ #
47
+ class RecursiveOpenStructUse < Cop
48
+ MSG = <<~MSG.strip
49
+ Avoid using `RecursiveOpenStruct`; use `Struct`, `Hash`, a class or test doubles instead.
50
+ MSG
51
+
52
+ # @!method uses_recursive_open_struct?(node)
53
+ def_node_matcher :uses_recursive_open_struct?, <<-PATTERN
54
+ (const {nil? (cbase)} :RecursiveOpenStruct)
55
+ PATTERN
56
+
57
+ def on_const(node)
58
+ return unless uses_recursive_open_struct?(node)
59
+ return if custom_class_or_module_definition?(node)
60
+
61
+ add_offense(node)
62
+ end
63
+
64
+ private
65
+
66
+ def custom_class_or_module_definition?(node)
67
+ parent = node.parent
68
+
69
+ (parent.class_type? || parent.module_type?) && node.left_siblings.empty?
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
@@ -3,6 +3,8 @@
3
3
  module RuboCop
4
4
  end
5
5
 
6
+ require_relative 'vendor/recursive_open_struct_gem'
7
+ require_relative 'vendor/recursive_open_struct_use'
6
8
  require_relative 'vendor/rollbar_inside_rescue'
7
9
  require_relative 'vendor/rollbar_interpolation'
8
10
  require_relative 'vendor/rollbar_log'
@@ -3,7 +3,7 @@
3
3
  module RuboCop
4
4
  module Vendor
5
5
  module Version
6
- STRING = '0.6.1'
6
+ STRING = '0.7.0'
7
7
  end
8
8
  end
9
9
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubocop-vendor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Danilo Cabello
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2021-05-06 00:00:00.000000000 Z
13
+ date: 2021-12-06 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rubocop
@@ -82,6 +82,8 @@ files:
82
82
  - README.md
83
83
  - config/default.yml
84
84
  - lib/rubocop-vendor.rb
85
+ - lib/rubocop/cop/vendor/recursive_open_struct_gem.rb
86
+ - lib/rubocop/cop/vendor/recursive_open_struct_use.rb
85
87
  - lib/rubocop/cop/vendor/rollbar_inside_rescue.rb
86
88
  - lib/rubocop/cop/vendor/rollbar_interpolation.rb
87
89
  - lib/rubocop/cop/vendor/rollbar_log.rb