rubocop 0.48.1 → 0.49.0

data/lib/rubocop/cop/performance/compare_with_block.rb

@@ -12,6 +12,7 @@ module RuboCop
       #   array.sort { |a, b| a.foo <=> b.foo }
       #   array.max { |a, b| a.foo <=> b.foo }
       #   array.min { |a, b| a.foo <=> b.foo }
+      #   array.sort { |a, b| a[:foo] <=> b[:foo] }
       #
       #   @good
       #   array.sort_by(&:foo)
@@ -21,37 +22,82 @@ module RuboCop
       #   end
       #   array.max_by(&:foo)
       #   array.min_by(&:foo)
+      #   array.sort_by { |a| a[:foo] }
       class CompareWithBlock < Cop
-        MSG = 'Use `%s_by(&:%s)` instead of ' \
-              '`%s { |%s, %s| %s.%s <=> %s.%s }`.'.freeze
+        MSG = 'Use `%s_by%s` instead of ' \
+              '`%s { |%s, %s| %s <=> %s }`.'.freeze
 
         def_node_matcher :compare?, <<-END
-          (block $(send _ {:sort :min :max}) (args (arg $_a) (arg $_b)) (send (send (lvar _a) $_m) :<=> (send (lvar _b) $_m)))
+          (block
+            $(send _ {:sort :min :max})
+            (args (arg $_a) (arg $_b))
+            $send)
+        END
+
+        def_node_matcher :replaceable_body?, <<-END
+          (send
+            (send (lvar %1) $_method $...)
+            :<=>
+            (send (lvar %2) _method $...))
         END
 
         def on_block(node)
-          compare?(node) do |send, var_a, var_b, method|
-            range = compare_range(send, node)
-            compare_method = send.method_name
-            add_offense(node, range,
-                        format(MSG, compare_method, method,
-                               compare_method, var_a, var_b,
-                               var_a, method, var_b, method))
+          compare?(node) do |send, var_a, var_b, body|
+            replaceable_body?(body, var_a, var_b) do |method, args_a, args_b|
+              return unless slow_compare?(method, args_a, args_b)
+              range = compare_range(send, node)
+              add_offense(node, range,
+                          message(send, method, var_a, var_b, args_a))
+            end
           end
         end
 
         def autocorrect(node)
-          send, = *node
-
           lambda do |corrector|
-            method = node.children.last.children.last.children.last
+            send, var_a, var_b, body = compare?(node)
+            method, arg, = replaceable_body?(body, var_a, var_b)
+            replacement =
+              if method == :[]
+                "#{send.method_name}_by { |a| a[#{arg.first.source}] }"
+              else
+                "#{send.method_name}_by(&:#{method})"
+              end
             corrector.replace(compare_range(send, node),
-                              "#{send.method_name}_by(&:#{method})")
+                              replacement)
           end
         end
 
         private
 
+        def slow_compare?(method, args_a, args_b)
+          return false unless args_a == args_b
+          if method == :[]
+            return false unless args_a.size == 1
+            key = args_a.first
+            return false unless %i[sym str int].include?(key.type)
+          else
+            return false unless args_a.empty?
+          end
+          true
+        end
+
+        def message(send, method, var_a, var_b, args)
+          compare_method = send.method_name
+          if method == :[]
+            key = args.first
+            instead = " { |a| a[#{key.source}] }"
+            str_a = "#{var_a}[#{key.source}]"
+            str_b = "#{var_b}[#{key.source}]"
+          else
+            instead = "(&:#{method})"
+            str_a = "#{var_a}.#{method}"
+            str_b = "#{var_b}.#{method}"
+          end
+          format(MSG, compare_method, instead,
+                 compare_method, var_a, var_b,
+                 str_a, str_b)
+        end
+
         def compare_range(send, node)
           range_between(send.loc.selector.begin_pos, node.loc.end.end_pos)
         end

data/lib/rubocop/cop/performance/double_start_end_with.rb

@@ -23,8 +23,8 @@ module RuboCop
       #   var2 = ...
       #   str.end_with?(var1, var2)
       class DoubleStartEndWith < Cop
-        MSG = 'Use `%{receiver}.%{method}(%{combined_args})` ' \
-              'instead of `%{original_code}`.'.freeze
+        MSG = 'Use `%<receiver>s.%<method>s(%<combined_args>s)` ' \
+              'instead of `%<original_code>s`.'.freeze
 
         def on_or(node)
           receiver,

data/lib/rubocop/cop/performance/redundant_merge.rb

@@ -21,6 +21,8 @@ module RuboCop
 
         def on_send(node)
           each_redundant_merge(node) do |receiver, pairs|
+            return if pairs.any?(&:kwsplat_type?)
+
             assignments = to_assignments(receiver, pairs).join('; ')
             message = format(MSG, assignments, node.source)
             add_offense(node, :expression, message)

data/lib/rubocop/cop/rails/action_filter.rb

@@ -51,9 +51,7 @@ module RuboCop
         minimum_target_rails_version 4.0
 
         def on_block(node)
-          method, _args, _body = *node
-
-          check_method_node(method)
+          check_method_node(node.send_node)
         end
 
         def on_send(node)

data/lib/rubocop/cop/rails/application_job.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop checks that jobs subclass ApplicationJob with Rails 5.0.
+      #
+      # @example
+      #
+      #  # good
+      #  class Rails5Job < ApplicationJob
+      #    ...
+      #  end
+      #
+      #  # bad
+      #  class Rails4Job < ActiveJob::Base
+      #    ...
+      #  end
+      class ApplicationJob < Cop
+        extend TargetRailsVersion
+
+        minimum_target_rails_version 5.0
+
+        MSG = 'Jobs should subclass `ApplicationJob`.'.freeze
+        SUPERCLASS = 'ApplicationJob'.freeze
+        BASE_PATTERN = '(const (const nil :ActiveJob) :Base)'.freeze
+
+        include RuboCop::Cop::EnforceSuperclass
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/application_record.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop checks that models subclass ApplicationRecord with Rails 5.0.
+      #
+      # @example
+      #
+      #  # good
+      #  class Rails5Model < ApplicationRecord
+      #    ...
+      #  end
+      #
+      #  # bad
+      #  class Rails4Model < ActiveRecord::Base
+      #    ...
+      #  end
+      class ApplicationRecord < Cop
+        extend TargetRailsVersion
+
+        minimum_target_rails_version 5.0
+
+        MSG = 'Models should subclass `ApplicationRecord`.'.freeze
+        SUPERCLASS = 'ApplicationRecord'.freeze
+        BASE_PATTERN = '(const (const nil :ActiveRecord) :Base)'.freeze
+
+        include RuboCop::Cop::EnforceSuperclass
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/blank.rb

@@ -39,7 +39,7 @@ module RuboCop
       #     end
       class Blank < Cop
         MSG_NIL_OR_EMPTY = 'Use `%s.blank?` instead of `%s`.'.freeze
-        MSG_NOT_PRESENT = 'Use `%s.blank?` instead of `%s`.'.freeze
+        MSG_NOT_PRESENT = 'Use `%s` instead of `%s`.'.freeze
         MSG_UNLESS_PRESENT = 'Use `if %s.blank?` instead of `%s`.'.freeze
 
         def_node_matcher :nil_or_empty?, <<-PATTERN
@@ -69,7 +69,9 @@ module RuboCop
           not_present?(node) do |receiver|
             add_offense(node,
                         :expression,
-                        format(MSG_NOT_PRESENT, receiver.source, node.source))
+                        format(MSG_NOT_PRESENT,
+                               replacement(receiver),
+                               node.source))
           end
         end
 
@@ -113,7 +115,7 @@ module RuboCop
               range = node.loc.expression
             end
 
-            corrector.replace(range, "#{variable1.source}.blank?")
+            corrector.replace(range, replacement(variable1))
           end
         end
 
@@ -126,6 +128,10 @@ module RuboCop
             node.loc.expression.begin.join(method_call.loc.expression)
           end
         end
+
+        def replacement(node)
+          node.respond_to?(:source) ? "#{node.source}.blank?" : 'blank?'
+        end
       end
     end
   end

data/lib/rubocop/cop/rails/output_safety.rb

@@ -3,38 +3,78 @@
 module RuboCop
   module Cop
     module Rails
-      # This cop checks for the use of output safety calls like html_safe and
-      # raw.
+      # This cop checks for the use of output safety calls like html_safe,
+      # raw, and safe_concat. These methods do not escape content. They
+      # simply return a SafeBuffer containing the content as is. Instead,
+      # use safe_join to join content and escape it and concat to
+      # concatenate content and escape it, ensuring its safety.
       #
       # @example
+      #   user_content = "<b>hi</b>"
+      #
       #   # bad
-      #   "<p>#{text}</p>".html_safe
+      #   "<p>#{user_content}</p>".html_safe
+      #   => ActiveSupport::SafeBuffer
+      #   "<p><b>hi</b></p>"
       #
       #   # good
-      #   content_tag(:p, text)
+      #   content_tag(:p, user_content)
+      #   => ActiveSupport::SafeBuffer
+      #   "<p>&lt;b&gt;hi&lt;/b&gt;</p>"
       #
       #   # bad
       #   out = ""
-      #   out << content_tag(:li, "one")
-      #   out << content_tag(:li, "two")
+      #   out << "<li>#{user_content}</li>"
+      #   out << "<li>#{user_content}</li>"
       #   out.html_safe
+      #   => ActiveSupport::SafeBuffer
+      #   "<li><b>hi</b></li><li><b>hi</b></li>"
       #
       #   # good
       #   out = []
-      #   out << content_tag(:li, "one")
-      #   out << content_tag(:li, "two")
+      #   out << content_tag(:li, user_content)
+      #   out << content_tag(:li, user_content)
       #   safe_join(out)
+      #   => ActiveSupport::SafeBuffer
+      #   "<li>&lt;b&gt;hi&lt;/b&gt;</li><li>&lt;b&gt;hi&lt;/b&gt;</li>"
+      #
+      #   # bad
+      #   out = "<h1>trusted content</h1>".html_safe
+      #   out.safe_concat(user_content)
+      #   => ActiveSupport::SafeBuffer
+      #   "<h1>trusted_content</h1><b>hi</b>"
+      #
+      #   # good
+      #   out = "<h1>trusted content</h1>".html_safe
+      #   out.concat(user_content)
+      #   => ActiveSupport::SafeBuffer
+      #   "<h1>trusted_content</h1>&lt;b&gt;hi&lt;/b&gt;"
+      #
+      #   # safe, though maybe not good style
+      #   out = "trusted content"
+      #   result = out.concat(user_content)
+      #   => String "trusted content<b>hi</b>"
+      #   # because when rendered in ERB the String will be escaped:
+      #   <%= result %>
+      #   => trusted content&lt;b&gt;hi&lt;/b&gt;
+      #
+      #   # bad
+      #   (user_content + " " + content_tag(:span, user_content)).html_safe
+      #   => ActiveSupport::SafeBuffer
+      #   "<b>hi</b> <span><b>hi</b></span>"
+      #
+      #   # good
+      #   safe_join([user_content, " ", content_tag(:span, user_content)])
+      #   => ActiveSupport::SafeBuffer
+      #   "&lt;b&gt;hi&lt;/b&gt; <span>&lt;b&gt;hi&lt;/b&gt;</span>"
       #
       class OutputSafety < Cop
-        MSG = 'Tagging a string as html safe may be a security risk, ' \
-              'prefer `safe_join` or other Rails tag helpers instead.'.freeze
+        MSG = 'Tagging a string as html safe may be a security risk.'.freeze
 
         def on_send(node)
-          ignore_node(node) if node.method?(:safe_join)
-
-          return unless !part_of_ignored_node?(node) &&
-                        (looks_like_rails_html_safe?(node) ||
-                        looks_like_rails_raw?(node))
+          return unless looks_like_rails_html_safe?(node) ||
+                        looks_like_rails_raw?(node) ||
+                        looks_like_rails_safe_concat?(node)
 
           add_offense(node, :selector)
         end
@@ -48,6 +88,10 @@ module RuboCop
         def looks_like_rails_raw?(node)
           node.command?(:raw) && node.arguments.one?
         end
+
+        def looks_like_rails_safe_concat?(node)
+          node.method?(:safe_concat) && node.arguments.one?
+        end
       end
     end
   end

data/lib/rubocop/cop/rails/present.rb

@@ -35,7 +35,7 @@ module RuboCop
       #     # good
       #     something if  foo.present?
       class Present < Cop
-        MSG_NOT_BLANK = 'Use `%s.present?` instead of `%s`.'.freeze
+        MSG_NOT_BLANK = 'Use `%s` instead of `%s`.'.freeze
         MSG_EXISTS_AND_NOT_EMPTY = 'Use `%s.present?` instead of `%s`.'.freeze
         MSG_UNLESS_BLANK = 'Use `if %s.present?` instead of `%s`.'.freeze
 
@@ -65,7 +65,9 @@ module RuboCop
           not_blank?(node) do |receiver|
             add_offense(node,
                         :expression,
-                        format(MSG_NOT_BLANK, receiver.source, node.source))
+                        format(MSG_NOT_BLANK,
+                               replacement(receiver),
+                               node.source))
           end
         end
 
@@ -118,7 +120,7 @@ module RuboCop
               range = node.loc.expression
             end
 
-            corrector.replace(range, "#{variable1.source}.present?")
+            corrector.replace(range, replacement(variable1))
           end
         end
 
@@ -131,6 +133,10 @@ module RuboCop
             node.loc.expression.begin.join(method_call.loc.expression)
           end
         end
+
+        def replacement(node)
+          node.respond_to?(:source) ? "#{node.source}.present?" : 'present?'
+        end
       end
     end
   end

data/lib/rubocop/cop/rails/relative_date_constant.rb

@@ -27,16 +27,47 @@ module RuboCop
         def on_casgn(node)
           _scope, _constant, rhs = *node
 
-          return if rhs.lambda_or_proc?
+          # rhs would be nil in a or_asgn node
+          return unless rhs
 
-          bad_node = node.descendants.find { |n| relative_date_method?(n) }
-          return unless bad_node
+          check_node(rhs)
+        end
+
+        def on_masgn(node)
+          lhs, rhs = *node
+
+          return unless rhs && rhs.array_type?
 
-          add_offense(node, :expression, format(MSG, bad_node.method_name))
+          lhs.children.zip(rhs.children).each do |(name, value)|
+            check_node(value) if name.casgn_type?
+          end
+        end
+
+        def on_or_asgn(node)
+          lhs, rhs = *node
+
+          return unless lhs.casgn_type?
+
+          check_node(rhs)
         end
 
         private
 
+        def check_node(node)
+          return unless node.irange_type? ||
+                        node.erange_type? ||
+                        node.send_type?
+
+          # for range nodes we need to check both their boundaries
+          nodes = node.send_type? ? [node] : node.children
+
+          nodes.each do |n|
+            if relative_date_method?(n)
+              add_offense(node.parent, :expression, format(MSG, n.method_name))
+            end
+          end
+        end
+
         def relative_date_method?(node)
           node.send_type? &&
             RELATIVE_DATE_METHODS.include?(node.method_name) &&

data/lib/rubocop/cop/rails/reversible_migration.rb

@@ -10,7 +10,7 @@ module RuboCop
       #   # bad
       #   def change
       #     change_table :users do |t|
-      #       t.column :name, :string
+      #       t.remove :name
       #     end
       #   end
       #
@@ -90,12 +90,49 @@ module RuboCop
       #     remove_foreign_key :accounts, :branches
       #   end
       #
+      # @example
+      #   # change_table
+      #
+      #   # bad
+      #   def change
+      #     change_table :users do |t|
+      #       t.remove :name
+      #       t.change_default :authorized, 1
+      #       t.change :price, :string
+      #     end
+      #   end
+      #
+      #   # good
+      #   def change
+      #     change_table :users do |t|
+      #       t.string :name
+      #     end
+      #   end
+      #
+      #   # good
+      #   def change
+      #     reversible do |dir|
+      #       change_table :users do |t|
+      #         dir.up do
+      #           t.change :price, :string
+      #         end
+      #
+      #         dir.down do
+      #           t.change :price, :integer
+      #         end
+      #       end
+      #     end
+      #   end
+      #
       # @see http://api.rubyonrails.org/classes/ActiveRecord/Migration/CommandRecorder.html
       class ReversibleMigration < Cop
         MSG = '%s is not reversible.'.freeze
+        IRREVERSIBLE_CHANGE_TABLE_CALLS = %i[
+          change change_default remove
+        ].freeze
 
         def_node_matcher :irreversible_schema_statement_call, <<-END
-          (send nil ${:change_table :change_table_comment :execute :remove_belongs_to} ...)
+          (send nil ${:change_table_comment :execute :remove_belongs_to} ...)
         END
 
         def_node_matcher :drop_table_call, <<-END
@@ -114,6 +151,10 @@ module RuboCop
           (send nil :remove_foreign_key _ $_)
         END
 
+        def_node_matcher :change_table_call, <<-END
+          (send nil :change_table $_ ...)
+        END
+
         def on_send(node)
           return unless within_change_method?(node)
           return if within_reversible_block?(node)
@@ -125,6 +166,13 @@ module RuboCop
           check_remove_foreign_key_node(node)
         end
 
+        def on_block(node)
+          return unless within_change_method?(node)
+          return if within_reversible_block?(node)
+
+          check_change_table_node(node.send_node, node.body)
+        end
+
         private
 
         def check_irreversible_schema_statement_node(node)
@@ -177,28 +225,44 @@ module RuboCop
           end
         end
 
-        def within_change_method?(node)
-          parent = node.parent
-          while parent
-            if parent.def_type?
-              method_name, = *parent
-              return true if method_name == :change
+        def check_change_table_node(node, block)
+          change_table_call(node) do |arg|
+            if target_rails_version < 4.0
+              add_offense(
+                node, :expression,
+                format(MSG, 'change_table')
+              )
+            elsif block.send_type?
+              check_change_table_offense(arg, block)
+            else
+              block.each_child_node do |child_node|
+                check_change_table_offense(arg, child_node)
+              end
             end
-            parent = parent.parent
           end
-          false
+        end
+
+        def check_change_table_offense(receiver, node)
+          method_name = node.method_name
+          return if receiver != node.receiver &&
+                    !IRREVERSIBLE_CHANGE_TABLE_CALLS.include?(method_name)
+          add_offense(
+            node, :expression,
+            format(MSG, "change_table(with #{method_name})")
+          )
+        end
+
+        def within_change_method?(node)
+          node.each_ancestor(:def).any? do |ancestor|
+            method_name, = *ancestor
+            method_name == :change
+          end
         end
 
         def within_reversible_block?(node)
-          parent = node.parent
-          while parent
-            if parent.block_type?
-              _, block_name = *parent.to_a.first
-              return true if block_name == :reversible
-            end
-            parent = parent.parent
+          node.each_ancestor(:block).any? do |ancestor|
+            ancestor.block_type? && ancestor.send_node.method?(:reversible)
           end
-          false
         end
 
         def all_hash_key?(args, *keys)