rubocop 0.46.0 → 0.47.0

data/lib/rubocop/cop/rails/safe_navigation.rb

@@ -40,15 +40,17 @@ module RuboCop
       #     foo&.bar(baz)
       #     foo&.bar { |e| e.baz }
       class SafeNavigation < Cop
+        extend TargetRubyVersion
+
         MSG = 'Use safe navigation (`&.`) instead of `%s`.'.freeze
 
         def_node_matcher :try_call, <<-PATTERN
           (send !nil ${:try :try!} $_ ...)
         PATTERN
 
-        def on_send(node)
-          return if target_ruby_version < 2.3
+        minimum_target_ruby_version 2.3
 
+        def on_send(node)
           try_call(node) do |try_method, method_to_try|
             return if try_method == :try && !cop_config['ConvertTry']
             return unless method_to_try.sym_type?

data/lib/rubocop/cop/rails/skips_model_validations.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop checks for the use of methods which skip
+      # validations which are listed in
+      # http://guides.rubyonrails.org/active_record_validations.html#skipping-validations
+      #
+      # @example
+      #   # bad
+      #   Article.first.decrement!(:view_count)
+      #   DiscussionBoard.decrement_counter(:post_count, 5)
+      #   Article.first.increment!(:view_count)
+      #   DiscussionBoard.increment_counter(:post_count, 5)
+      #   person.toggle :active
+      #   product.touch
+      #   Billing.update_all("category = 'authorized', author = 'David'")
+      #   user.update_attribute(website: 'example.com')
+      #   user.update_columns(last_request_at: Time.current)
+      #   Post.update_counters 5, comment_count: -1, action_count: 1
+      #
+      #   # good
+      #   user.update_attributes(website: 'example.com')
+      class SkipsModelValidations < Cop
+        MSG = 'Avoid using `%s` because it skips validations.'.freeze
+
+        def on_send(node)
+          _receiver, method_name = *node
+
+          return unless blacklist.include?(method_name.to_s)
+
+          add_offense(node,
+                      node.loc.selector,
+                      format(MSG, method_name))
+        end
+
+        private
+
+        def blacklist
+          cop_config['Blacklist']
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/time_zone.rb

@@ -109,7 +109,7 @@ module RuboCop
         # called is part of the time class.
         def method_from_time_class?(node)
           receiver, method_name, *_args = *node
-          if (receiver.is_a? RuboCop::Node) && !receiver.cbase_type?
+          if (receiver.is_a? RuboCop::AST::Node) && !receiver.cbase_type?
             method_from_time_class?(receiver)
           else
             TIMECLASS.include? method_name

data/lib/rubocop/cop/rails/uniq_before_pluck.rb

@@ -15,11 +15,11 @@ module RuboCop
       #   # good
       #   Model.uniq.pluck(:id)
       #
-      # This cop has two different enforcement modes. When the EnforcedMode
+      # This cop has two different enforcement modes. When the EnforcedStyle
       # is conservative (the default) then only calls to pluck on a constant
       # (i.e. a model class) before uniq are added as offenses.
       #
-      # When the EnforcedMode is aggressive then all calls to pluck before
+      # When the EnforcedStyle is aggressive then all calls to pluck before
       # uniq are added as offenses. This may lead to false positives as the cop
       # cannot distinguish between calls to pluck on an ActiveRecord::Relation
       # vs a call to pluck on an ActiveRecord::Associations::CollectionProxy.
@@ -35,6 +35,8 @@ module RuboCop
       # false positives.
       #
       class UniqBeforePluck < RuboCop::Cop::Cop
+        include ConfigurableEnforcedStyle
+
         MSG = 'Use `%s` before `pluck`.'.freeze
         NEWLINE = "\n".freeze
         PATTERN = '[!^block (send (send %s :pluck ...) ${:uniq :distinct} ...)]'
@@ -47,7 +49,7 @@ module RuboCop
                          format(PATTERN, '_')
 
         def on_send(node)
-          method = if mode == :conservative
+          method = if style == :conservative
                      conservative_node_match(node)
                    else
                      aggressive_node_match(node)
@@ -66,8 +68,8 @@ module RuboCop
 
         private
 
-        def mode
-          @mode ||= cop_config['EnforcedMode'].to_sym
+        def style_parameter_name
+          'EnforcedStyle'
         end
 
         def dot_method_with_whitespace(method, node)

data/lib/rubocop/cop/registry.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    # Error raised when an unqualified cop name is used that could
+    # refer to two or more cops under different departments
+    class AmbiguousCopName < RuboCop::Error
+      MSG = 'Ambiguous cop name `%<name>s` used in %<origin>s needs ' \
+            'department qualifier. Did you mean %<options>s?'.freeze
+
+      def initialize(name, origin, badges)
+        super(
+          format(
+            MSG,
+            name: name,
+            origin: origin,
+            options: badges.to_a.join(' or ')
+          )
+        )
+      end
+    end
+
+    # Registry that tracks all cops by their badge and department.
+    class Registry
+      def initialize(cops = [])
+        @registry    = {}
+        @departments = {}
+
+        cops.each { |cop| enlist(cop) }
+      end
+
+      def enlist(cop)
+        @registry[cop.badge] = cop
+        @departments[cop.department] ||= []
+        @departments[cop.department] << cop
+      end
+
+      # @return [Array<Symbol>] list of departments for current cops.
+      def departments
+        @departments.keys
+      end
+
+      # @return [Registry] Cops for that specific department.
+      def with_department(department)
+        with(@departments.fetch(department, []))
+      end
+
+      # @return [Registry] Cops not for a specific department.
+      def without_department(department)
+        without_department = @departments.dup
+        without_department.delete(department)
+
+        with(without_department.values.flatten)
+      end
+
+      def contains_cop_matching?(names)
+        cops.any? { |cop| cop.match?(names) }
+      end
+
+      # Convert a user provided cop name into a properly namespaced name
+      #
+      # @example gives back a correctly qualified cop name
+      #
+      #   cops = RuboCop::Cop::Cop.all
+      #   cops.qualified_cop_name('Style/IndentArray') # => 'Style/IndentArray'
+      #
+      # @example fixes incorrect namespaces
+      #
+      #   cops = RuboCop::Cop::Cop.all
+      #   cops.qualified_cop_name('Lint/IndentArray') # => 'Style/IndentArray'
+      #
+      # @example namespaces bare cop identifiers
+      #
+      #   cops = RuboCop::Cop::Cop.all
+      #   cops.qualified_cop_name('IndentArray') # => 'IndentArray'
+      #
+      # @example passes back unrecognized cop names
+      #
+      #   cops = RuboCop::Cop::Cop.all
+      #   cops.qualified_cop_name('NotACop') # => 'NotACop'
+      #
+      # @param name [String] Cop name extracted from config
+      # @param path [String] Path of file that `name` was extracted from
+      #
+      # @raise [AmbiguousCopName]
+      #   if a bare identifier with two possible namespaces is provided
+      #
+      # @note Emits a warning if the provided name has an incorrect namespace
+      #
+      # @return [String] Qualified cop name
+      def qualified_cop_name(name, path)
+        badge = Badge.parse(name)
+        return name if registered?(badge)
+
+        potential_badges = qualify_badge(badge)
+
+        case potential_badges.size
+        when 0 then name # No namespace found. Deal with it later in caller.
+        when 1 then resolve_badge(badge, potential_badges.first, path)
+        else raise AmbiguousCopName.new(badge, path, potential_badges)
+        end
+      end
+
+      def to_h
+        cops.group_by(&:cop_name)
+      end
+
+      def cops
+        @registry.values
+      end
+
+      def length
+        @registry.size
+      end
+
+      def enabled(config, only)
+        select do |cop|
+          config.cop_enabled?(cop) || only.include?(cop.cop_name)
+        end
+      end
+
+      def names
+        cops.map(&:cop_name)
+      end
+
+      def ==(other)
+        cops == other.cops
+      end
+
+      def sort!
+        @registry = Hash[@registry.sort_by { |badge, _| badge.cop_name }]
+
+        self
+      end
+
+      def select(&block)
+        cops.select(&block)
+      end
+
+      def each(&block)
+        cops.each(&block)
+      end
+
+      private
+
+      def with(cops)
+        self.class.new(cops)
+      end
+
+      def qualify_badge(badge)
+        @departments
+          .map { |department, _| badge.with_department(department) }
+          .select { |potential_badge| registered?(potential_badge) }
+      end
+
+      def resolve_badge(given_badge, real_badge, source_path)
+        unless given_badge.match?(real_badge)
+          warn "#{source_path}: #{given_badge} has the wrong namespace - " \
+               "should be #{real_badge.department}"
+        end
+
+        real_badge.to_s
+      end
+
+      def registered?(badge)
+        @registry.key?(badge)
+      end
+    end
+  end
+end

data/lib/rubocop/cop/{lint → security}/eval.rb

@@ -2,8 +2,14 @@
 
 module RuboCop
   module Cop
-    module Lint
+    module Security
       # This cop checks for the use of *Kernel#eval*.
+      #
+      # @example
+      #
+      #   # bad
+      #
+      #   eval(something)
       class Eval < Cop
         MSG = 'The use of `eval` is a serious security risk.'.freeze
 

data/lib/rubocop/cop/security/marshal_load.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of Marshal class methods which have
+      # potential security issues leading to remote code execution when
+      # loading from an untrusted source.
+      #
+      # @example
+      #   # bad
+      #   Marshal.load("{}")
+      #   Marshal.restore("{}")
+      #
+      #   # good
+      #   Marshal.dump("{}")
+      #
+      class MarshalLoad < Cop
+        MSG = 'Avoid using `Marshal.%s`.'.freeze
+
+        def_node_matcher :marshal_load, <<-END
+          (send (const nil :Marshal) ${:load :restore} ...)
+        END
+
+        def on_send(node)
+          marshal_load(node) do |method|
+            add_offense(node, :selector, format(MSG, method))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/yaml_load.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # This cop checks for the use of YAML class methods which have
+      # potential security issues leading to remote code execution when
+      # loading from an untrusted source.
+      #
+      # @example
+      #   # bad
+      #   YAML.load("--- foo")
+      #
+      #   # good
+      #   YAML.safe_load("--- foo")
+      #   YAML.dump("foo")
+      #
+      class YAMLLoad < Cop
+        MSG = 'Prefer using `YAML.safe_load` over `YAML.load`.'.freeze
+
+        def_node_matcher :yaml_load, <<-END
+          (send (const nil :YAML) :load ...)
+        END
+
+        def on_send(node)
+          yaml_load(node) do |method|
+            add_offense(node, :selector, format(MSG, method))
+          end
+        end
+
+        def autocorrect(node)
+          ->(corrector) { corrector.replace(node.loc.selector, 'safe_load') }
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/style/align_hash.rb

@@ -3,217 +3,186 @@
 module RuboCop
   module Cop
     module Style
-      # Here we check if the keys, separators, and values of a multi-line hash
-      # literal are aligned.
+      # Check that the keys, separators, and values of a multi-line hash
+      # literal are aligned according to configuration. The configuration
+      # options are:
+      #
+      #   - key (left align keys)
+      #   - separator (align hash rockets and colons, right align keys)
+      #   - table (left align keys, hash rockets, and values)
+      #
+      # The treatment of hashes passed as the last argument to a method call
+      # can also be configured. The options are:
+      #
+      #   - always_inspect
+      #   - always_ignore
+      #   - ignore_implicit (without curly braces)
+      #   - ignore_explicit (with curly braces)
+      #
+      # @example
+      #
+      #   # EnforcedHashRocketStyle: key (default)
+      #   # EnforcedColonStyle: key (default)
+      #
+      #   # good
+      #   {
+      #     foo: bar,
+      #     ba: baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #     :ba => baz
+      #   }
+      #
+      #   # bad
+      #   {
+      #     foo: bar,
+      #      ba: baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #      :ba => baz
+      #   }
+      #
+      # @example
+      #
+      #   # EnforcedHashRocketStyle: separator
+      #   # EnforcedColonStyle: separator
+      #
+      #   #good
+      #   {
+      #     foo: bar,
+      #      ba: baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #      :ba => baz
+      #   }
+      #
+      #   #bad
+      #   {
+      #     foo: bar,
+      #     ba: baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #     :ba => baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #     :ba  => baz
+      #   }
+      #
+      # @example
+      #
+      #   # EnforcedHashRocketStyle: table
+      #   # EnforcedColonStyle: table
+      #
+      #   #good
+      #   {
+      #     foo: bar,
+      #     ba:  baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #     :ba  => baz
+      #   }
+      #
+      #   #bad
+      #   {
+      #     foo: bar,
+      #     ba: baz
+      #   }
+      #   {
+      #     :foo => bar,
+      #      :ba => baz
+      #   }
       class AlignHash < Cop
-        # Handles calculation of deltas (deviations from correct alignment)
-        # when the enforced style is 'key'.
-        class KeyAlignment
-          def checkable_layout(_node)
-            true
-          end
-
-          def deltas_for_first_pair(*)
-            {} # The first pair is always considered correct.
-          end
-
-          def deltas(first_pair, current_pair)
-            if Util.begins_its_line?(current_pair.source_range)
-              { key: first_pair.loc.column - current_pair.loc.column }
-            else
-              {}
-            end
-          end
-        end
-
-        # Common functionality for the styles where not only keys, but also
-        # values are aligned.
-        class AlignmentOfValues
-          include HashNode # any_pairs_on_the_same_line?
-
-          def checkable_layout(node)
-            !any_pairs_on_the_same_line?(node) && all_have_same_separator?(node)
-          end
-
-          def deltas(first_pair, current_pair)
-            key_delta = key_delta(first_pair, current_pair)
-            current_separator = current_pair.loc.operator
-            separator_delta = separator_delta(first_pair, current_separator,
-                                              key_delta)
-            value_delta = value_delta(first_pair, current_pair) -
-                          key_delta - separator_delta
-
-            { key: key_delta, separator: separator_delta, value: value_delta }
-          end
-
-          private
-
-          def separator_delta(first_pair, current_separator, key_delta)
-            if current_separator.is?(':')
-              0 # Colon follows directly after key
-            else
-              hash_rocket_delta(first_pair, current_separator) - key_delta
-            end
-          end
-
-          def all_have_same_separator?(node)
-            first_separator = node.children.first.loc.operator.source
-            node.children.butfirst.all? do |pair|
-              pair.loc.operator.is?(first_separator)
-            end
-          end
-        end
-
-        # Handles calculation of deltas when the enforced style is 'table'.
-        class TableAlignment < AlignmentOfValues
-          # The table style is the only one where the first key-value pair can
-          # be considered to have bad alignment.
-          def deltas_for_first_pair(first_pair, node)
-            key_widths = node.children.map do |pair|
-              key, _value = *pair
-              key.source.length
-            end
-            @max_key_width = key_widths.max
-
-            separator_delta = separator_delta(first_pair,
-                                              first_pair.loc.operator, 0)
-            {
-              separator: separator_delta,
-              value:     value_delta(first_pair, first_pair) - separator_delta
-            }
-          end
-
-          private
-
-          def key_delta(first_pair, current_pair)
-            first_pair.loc.column - current_pair.loc.column
-          end
-
-          def hash_rocket_delta(first_pair, current_separator)
-            first_pair.loc.column + @max_key_width + 1 -
-              current_separator.column
-          end
-
-          def value_delta(first_pair, current_pair)
-            first_key, = *first_pair
-            _, current_value = *current_pair
-            correct_value_column = first_key.loc.column +
-                                   spaced_separator(current_pair).length +
-                                   @max_key_width
-            correct_value_column - current_value.loc.column
-          end
-
-          def spaced_separator(node)
-            node.loc.operator.is?('=>') ? ' => ' : ': '
-          end
-        end
-
-        # Handles calculation of deltas when the enforced style is 'separator'.
-        class SeparatorAlignment < AlignmentOfValues
-          def deltas_for_first_pair(*)
-            {} # The first pair is always considered correct.
-          end
-
-          private
-
-          def key_delta(first_pair, current_pair)
-            key_end_column(first_pair) - key_end_column(current_pair)
-          end
-
-          def key_end_column(pair)
-            key, _value = *pair
-            key.loc.column + key.source.length
-          end
-
-          def hash_rocket_delta(first_pair, current_separator)
-            first_pair.loc.operator.column - current_separator.column
-          end
-
-          def value_delta(first_pair, current_pair)
-            _, first_value = *first_pair
-            _, current_value = *current_pair
-            first_value.loc.column - current_value.loc.column
-          end
-        end
+        include HashAlignment
 
         MSG = 'Align the elements of a hash literal if they span more than ' \
               'one line.'.freeze
 
         def on_send(node)
-          return unless (last_child = node.children.last) &&
-                        hash?(last_child) &&
-                        ignore_last_argument_hash?(last_child)
+          return if double_splat?(node)
+
+          last_argument = node.children.last
+
+          return unless last_argument.hash_type? &&
+                        ignore_hash_argument?(last_argument)
 
-          ignore_node(last_child)
+          ignore_node(last_argument)
         end
 
         def on_hash(node)
           return if ignored_node?(node)
-          return if node.children.empty?
-          return unless node.multiline?
+          return if node.pairs.empty? || node.single_line?
 
-          @alignment_for_hash_rockets ||=
-            new_alignment('EnforcedHashRocketStyle')
-          @alignment_for_colons ||= new_alignment('EnforcedColonStyle')
-
-          unless @alignment_for_hash_rockets.checkable_layout(node) &&
-                 @alignment_for_colons.checkable_layout(node)
-            return
-          end
+          return unless alignment_for_hash_rockets.checkable_layout?(node) &&
+                        alignment_for_colons.checkable_layout?(node)
 
           check_pairs(node)
         end
 
         private
 
+        attr_accessor :column_deltas
+
+        def double_splat?(node)
+          node.children.last.is_a?(Symbol)
+        end
+
         def check_pairs(node)
-          first_pair = node.children.first
-          @column_deltas = alignment_for(first_pair)
-                           .deltas_for_first_pair(first_pair, node)
+          first_pair = node.pairs.first
+          self.column_deltas = alignment_for(first_pair)
+                               .deltas_for_first_pair(first_pair, node)
           add_offense(first_pair, :expression) unless good_alignment?
 
           node.children.each do |current|
-            @column_deltas = alignment_for(current).deltas(first_pair, current)
+            self.column_deltas = alignment_for(current)
+                                 .deltas(first_pair, current)
             add_offense(current, :expression) unless good_alignment?
           end
         end
 
-        def ignore_last_argument_hash?(node)
+        def ignore_hash_argument?(node)
           case cop_config['EnforcedLastArgumentHashStyle']
           when 'always_inspect'  then false
           when 'always_ignore'   then true
-          when 'ignore_explicit' then explicit_hash?(node)
-          when 'ignore_implicit' then !explicit_hash?(node)
+          when 'ignore_explicit' then node.braces?
+          when 'ignore_implicit' then !node.braces?
           end
         end
 
-        def hash?(node)
-          node.respond_to?(:type) && node.hash_type?
+        def alignment_for(pair)
+          if pair.hash_rocket?
+            alignment_for_hash_rockets
+          else
+            alignment_for_colons
+          end
         end
 
-        def explicit_hash?(node)
-          node.loc.begin
+        def alignment_for_hash_rockets
+          @alignment_for_hash_rockets ||=
+            new_alignment('EnforcedHashRocketStyle')
         end
 
-        def alignment_for(pair)
-          if pair.loc.operator.is?('=>')
-            @alignment_for_hash_rockets
-          else
-            @alignment_for_colons
-          end
+        def alignment_for_colons
+          @alignment_for_colons ||=
+            new_alignment('EnforcedColonStyle')
         end
 
         def autocorrect(node)
           # We can't use the instance variable inside the lambda. That would
           # just give each lambda the same reference and they would all get the
           # last value of each. A local variable fixes the problem.
-          key_delta = @column_deltas[:key] || 0
-          key, value = *node
+          key_delta = column_deltas[:key] || 0
 
-          if value.nil?
+          if !node.value
             correct_no_value(key_delta, node.source_range)
           else
-            correct_key_value(key_delta, key.source_range, value.source_range,
+            correct_key_value(key_delta, node.key.source_range,
+                              node.value.source_range,
                               node.loc.operator)
           end
         end
@@ -226,8 +195,8 @@ module RuboCop
           # We can't use the instance variable inside the lambda. That would
           # just give each lambda the same reference and they would all get the
           # last value of each. Some local variables fix the problem.
-          separator_delta = @column_deltas[:separator] || 0
-          value_delta     = @column_deltas[:value] || 0
+          separator_delta = column_deltas[:separator] || 0
+          value_delta     = column_deltas[:value] || 0
 
           key_column = key.column
           key_delta = -key_column if key_delta < -key_column
@@ -258,7 +227,7 @@ module RuboCop
         end
 
         def good_alignment?
-          @column_deltas.values.compact.all?(&:zero?)
+          column_deltas.values.all?(&:zero?)
         end
       end
     end