rubocop 1.18.0 → 1.56.0

data/lib/rubocop/cop/registry.rb

@@ -19,6 +19,33 @@ module RuboCop
     class Registry
       include Enumerable
 
+      def self.all
+        global.without_department(:Test).cops
+      end
+
+      def self.qualified_cop_name(name, origin)
+        global.qualified_cop_name(name, origin)
+      end
+
+      # Changes momentarily the global registry
+      # Intended for testing purposes
+      def self.with_temporary_global(temp_global = global.dup)
+        previous = @global
+        @global = temp_global
+        yield
+      ensure
+        @global = previous
+      end
+
+      def self.reset!
+        @global = new
+      end
+
+      def self.qualified_cop?(name)
+        badge = Badge.parse(name)
+        global.qualify_badge(badge).first == badge
+      end
+
       attr_reader :options
 
       def initialize(cops = [], options = {})
@@ -28,6 +55,9 @@ module RuboCop
 
         @enrollment_queue = cops
         @options = options
+
+        @enabled_cache = {}.compare_by_identity
+        @disabled_cache = {}.compare_by_identity
       end
 
       def enlist(cop)
@@ -61,7 +91,7 @@ module RuboCop
 
       # @return [Boolean] Checks if given name is department
       def department?(name)
-        departments.include? name.to_sym
+        departments.include?(name.to_sym)
       end
 
       def contains_cop_matching?(names)
@@ -72,27 +102,27 @@ module RuboCop
       #
       # @example gives back a correctly qualified cop name
       #
-      #   cops = RuboCop::Cop::Cop.all
-      #   cops.
-      #     qualified_cop_name('Layout/EndOfLine') # => 'Layout/EndOfLine'
+      #   registry = RuboCop::Cop::Registry
+      #   registry.qualified_cop_name('Layout/EndOfLine', '') # => 'Layout/EndOfLine'
       #
       # @example fixes incorrect namespaces
       #
-      #   cops = RuboCop::Cop::Cop.all
-      #   cops.qualified_cop_name('Lint/EndOfLine') # => 'Layout/EndOfLine'
+      #   registry = RuboCop::Cop::Registry
+      #   registry.qualified_cop_name('Lint/EndOfLine', '') # => 'Layout/EndOfLine'
       #
       # @example namespaces bare cop identifiers
       #
-      #   cops = RuboCop::Cop::Cop.all
-      #   cops.qualified_cop_name('EndOfLine') # => 'Layout/EndOfLine'
+      #   registry = RuboCop::Cop::Registry
+      #   registry.qualified_cop_name('EndOfLine', '') # => 'Layout/EndOfLine'
       #
       # @example passes back unrecognized cop names
       #
-      #   cops = RuboCop::Cop::Cop.all
-      #   cops.qualified_cop_name('NotACop') # => 'NotACop'
+      #   registry = RuboCop::Cop::Registry
+      #   registry.qualified_cop_name('NotACop', '') # => 'NotACop'
       #
       # @param name [String] Cop name extracted from config
       # @param path [String, nil] Path of file that `name` was extracted from
+      # @param warn [Boolean] Print a warning if no department given for `name`
       #
       # @raise [AmbiguousCopName]
       #   if a bare identifier with two possible namespaces is provided
@@ -133,6 +163,13 @@ module RuboCop
           'RedundantCopDisableDirective'
       end
 
+      def qualify_badge(badge)
+        clear_enrollment_queue
+        @departments
+          .map { |department, _| badge.with_department(department) }
+          .select { |potential_badge| registered?(potential_badge) }
+      end
+
       # @return [Hash{String => Array<Class>}]
       def to_h
         clear_enrollment_queue
@@ -149,16 +186,24 @@ module RuboCop
         @registry.size
       end
 
-      def enabled(config, only = [], only_safe: false)
-        select { |cop| only.include?(cop.cop_name) || enabled?(cop, config, only_safe) }
+      def enabled(config)
+        @enabled_cache[config] ||= select { |cop| enabled?(cop, config) }
+      end
+
+      def disabled(config)
+        @disabled_cache[config] ||= reject { |cop| enabled?(cop, config) }
       end
 
-      def enabled?(cop, config, only_safe)
-        cfg = config.for_cop(cop)
+      def enabled?(cop, config)
+        return true if options[:only]&.include?(cop.cop_name)
+
+        # We need to use `cop_name` in this case, because `for_cop` uses caching
+        # which expects cop names or cop classes as keys.
+        cfg = config.for_cop(cop.cop_name)
 
         cop_enabled = cfg.fetch('Enabled') == true || enabled_pending_cop?(cfg, config)
 
-        if only_safe
+        if options.fetch(:safe, false)
           cop_enabled && cfg.fetch('Safe', true)
         else
           cop_enabled
@@ -176,8 +221,12 @@ module RuboCop
         cops.map(&:cop_name)
       end
 
+      def cops_for_department(department)
+        cops.select { |cop| cop.department == department.to_sym }
+      end
+
       def names_for_department(department)
-        cops.select { |cop| cop.department == department.to_sym }.map(&:cop_name)
+        cops_for_department(department).map(&:cop_name)
       end
 
       def ==(other)
@@ -205,6 +254,14 @@ module RuboCop
         to_h[cop_name].first
       end
 
+      # When a cop name is given returns a single-element array with the cop class.
+      # When a department name is given returns an array with all the cop classes
+      # for that department.
+      def find_cops_by_directive(directive)
+        cop = find_by_cop_name(directive)
+        cop ? [cop] : cops_for_department(directive)
+      end
+
       def freeze
         clear_enrollment_queue
         unqualified_cop_names # build cache
@@ -217,28 +274,6 @@ module RuboCop
         attr_reader :global
       end
 
-      def self.all
-        global.without_department(:Test).cops
-      end
-
-      def self.qualified_cop_name(name, origin)
-        global.qualified_cop_name(name, origin)
-      end
-
-      # Changes momentarily the global registry
-      # Intended for testing purposes
-      def self.with_temporary_global(temp_global = global.dup)
-        previous = @global
-        @global = temp_global
-        yield
-      ensure
-        @global = previous
-      end
-
-      def self.reset!
-        @global = new
-      end
-
       private
 
       def initialize_copy(reg)
@@ -261,13 +296,6 @@ module RuboCop
         self.class.new(cops)
       end
 
-      def qualify_badge(badge)
-        clear_enrollment_queue
-        @departments
-          .map { |department, _| badge.with_department(department) }
-          .select { |potential_badge| registered?(potential_badge) }
-      end
-
       def resolve_badge(given_badge, real_badge, source_path)
         unless given_badge.match?(real_badge)
           path = PathUtil.smart_path(source_path)

data/lib/rubocop/cop/security/compound_hash.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # Checks for implementations of the `hash` method which combine
+      # values using custom logic instead of delegating to `Array#hash`.
+      #
+      # Manually combining hashes is error prone and hard to follow, especially
+      # when there are many values. Poor implementations may also introduce
+      # performance or security concerns if they are prone to collisions.
+      # Delegating to `Array#hash` is clearer and safer, although it might be slower
+      # depending on the use case.
+      #
+      # @safety
+      #   This cop may be unsafe if the application logic depends on the hash
+      #   value, however this is inadvisable anyway.
+      #
+      # @example
+      #
+      #   # bad
+      #   def hash
+      #     @foo ^ @bar
+      #   end
+      #
+      #   # good
+      #   def hash
+      #     [@foo, @bar].hash
+      #   end
+      class CompoundHash < Base
+        COMBINATOR_IN_HASH_MSG = 'Use `[...].hash` instead of combining hash values manually.'
+        MONUPLE_HASH_MSG =
+          'Delegate hash directly without wrapping in an array when only using a single value'
+        REDUNDANT_HASH_MSG = 'Calling .hash on elements of a hashed array is redundant'
+
+        # @!method hash_method_definition?(node)
+        def_node_matcher :hash_method_definition?, <<~PATTERN
+          {#static_hash_method_definition? | #dynamic_hash_method_definition?}
+        PATTERN
+
+        # @!method dynamic_hash_method_definition?(node)
+        def_node_matcher :dynamic_hash_method_definition?, <<~PATTERN
+          (block
+            (send _ {:define_method | :define_singleton_method}
+              (sym :hash))
+            (args)
+            _)
+        PATTERN
+
+        # @!method static_hash_method_definition?(node)
+        def_node_matcher :static_hash_method_definition?, <<~PATTERN
+          ({def | defs _} :hash
+            (args)
+            _)
+        PATTERN
+
+        # @!method bad_hash_combinator?(node)
+        def_node_matcher :bad_hash_combinator?, <<~PATTERN
+          ({send | op-asgn} _ {:^ | :+ | :* | :|} _)
+        PATTERN
+
+        # @!method monuple_hash?(node)
+        def_node_matcher :monuple_hash?, <<~PATTERN
+          (send (array _) :hash)
+        PATTERN
+
+        # @!method redundant_hash?(node)
+        def_node_matcher :redundant_hash?, <<~PATTERN
+          (
+            ^^(send array ... :hash)
+            _ :hash
+          )
+        PATTERN
+
+        def contained_in_hash_method?(node, &block)
+          node.each_ancestor.any? do |ancestor|
+            hash_method_definition?(ancestor, &block)
+          end
+        end
+
+        def outer_bad_hash_combinator?(node)
+          bad_hash_combinator?(node) do
+            yield true if node.each_ancestor.none? { |ancestor| bad_hash_combinator?(ancestor) }
+          end
+        end
+
+        def on_send(node)
+          outer_bad_hash_combinator?(node) do
+            contained_in_hash_method?(node) do
+              add_offense(node, message: COMBINATOR_IN_HASH_MSG)
+            end
+          end
+
+          monuple_hash?(node) do
+            add_offense(node, message: MONUPLE_HASH_MSG)
+          end
+
+          redundant_hash?(node) do
+            add_offense(node, message: REDUNDANT_HASH_MSG)
+          end
+        end
+        alias on_op_asgn on_send
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/eval.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Cop
     module Security
-      # This cop checks for the use of `Kernel#eval` and `Binding#eval`.
+      # Checks for the use of `Kernel#eval` and `Binding#eval`.
       #
       # @example
       #

data/lib/rubocop/cop/security/io_methods.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`,
+      # `IO.foreach`, and `IO.readlines`.
+      #
+      # If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class,
+      # a subprocess is created in the same way as `Kernel#open`, and its output is returned.
+      # `Kernel#open` may allow unintentional command injection, which is the reason these
+      # `IO` methods are a security risk.
+      # Consider to use `File.read` to disable the behavior of subprocess invocation.
+      #
+      # @safety
+      #   This cop is unsafe because false positive will occur if the variable passed as
+      #   the first argument is a command that is not a file path.
+      #
+      # @example
+      #
+      #   # bad
+      #   IO.read(path)
+      #   IO.read('path')
+      #
+      #   # good
+      #   File.read(path)
+      #   File.read('path')
+      #   IO.read('| command') # Allow intentional command invocation.
+      #
+      class IoMethods < Base
+        extend AutoCorrector
+
+        MSG = '`File.%<method_name>s` is safer than `IO.%<method_name>s`.'
+        RESTRICT_ON_SEND = %i[read binread write binwrite foreach readlines].freeze
+
+        def on_send(node)
+          return unless (receiver = node.receiver) && receiver.source == 'IO'
+
+          argument = node.first_argument
+          return if argument.respond_to?(:value) && argument.value.strip.start_with?('|')
+
+          add_offense(node, message: format(MSG, method_name: node.method_name)) do |corrector|
+            corrector.replace(receiver, 'File')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/json_load.rb

@@ -3,16 +3,17 @@
 module RuboCop
   module Cop
     module Security
-      # This cop checks for the use of JSON class methods which have potential
+      # Checks for the use of JSON class methods which have potential
       # security issues.
       #
-      # Autocorrect is disabled by default because it's potentially dangerous.
-      # If using a stream, like `JSON.load(open('file'))`, it will need to call
-      # `#read` manually, like `JSON.parse(open('file').read)`.
-      # If reading single values (rather than proper JSON objects), like
-      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      # option, like `JSON.parse('false', quirks_mode: true)`.
-      # Other similar issues may apply.
+      # @safety
+      #   This cop's autocorrection is unsafe because it's potentially dangerous.
+      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   `#read` manually, like `JSON.parse(open('file').read)`.
+      #   If reading single values (rather than proper JSON objects), like
+      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      #   option, like `JSON.parse('false', quirks_mode: true)`.
+      #   Other similar issues may apply.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/security/marshal_load.rb

@@ -3,7 +3,7 @@
 module RuboCop
   module Cop
     module Security
-      # This cop checks for the use of Marshal class methods which have
+      # Checks for the use of Marshal class methods which have
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #

data/lib/rubocop/cop/security/open.rb

@@ -3,7 +3,8 @@
 module RuboCop
   module Cop
     module Security
-      # This cop checks for the use of `Kernel#open` and `URI.open`.
+      # Checks for the use of `Kernel#open` and `URI.open` with dynamic
+      # data.
       #
       # `Kernel#open` and `URI.open` enable not only file access but also process
       # invocation by prefixing a pipe symbol (e.g., `open("| ls")`).
@@ -11,15 +12,28 @@ module RuboCop
       # the argument of `Kernel#open` and `URI.open`. It would be better to use
       # `File.open`, `IO.popen` or `URI.parse#open` explicitly.
       #
+      # NOTE: `open` and `URI.open` with literal strings are not flagged by this
+      # cop.
+      #
+      # @safety
+      #   This cop could register false positives if `open` is redefined
+      #   in a class and then used without a receiver in that class.
+      #
       # @example
       #   # bad
       #   open(something)
+      #   open("| #{something}")
       #   URI.open(something)
       #
       #   # good
       #   File.open(something)
       #   IO.popen(something)
       #   URI.parse(something).open
+      #
+      #   # good (literal strings)
+      #   open("foo.text")
+      #   open("| foo")
+      #   URI.open("http://example.com")
       class Open < Base
         MSG = 'The use of `%<receiver>sopen` is a serious security risk.'
         RESTRICT_ON_SEND = %i[open].freeze

data/lib/rubocop/cop/security/yaml_load.rb

@@ -3,17 +3,25 @@
 module RuboCop
   module Cop
     module Security
-      # This cop checks for the use of YAML class methods which have
+      # Checks for the use of YAML class methods which have
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #
+      # NOTE: Ruby 3.1+ (Psych 4) uses `Psych.load` as `Psych.safe_load` by default.
+      #
+      # @safety
+      #   The behavior of the code might change depending on what was
+      #   in the YAML payload, since `YAML.safe_load` is more restrictive.
+      #
       # @example
       #   # bad
-      #   YAML.load("--- foo")
+      #   YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
       #
       #   # good
-      #   YAML.safe_load("--- foo")
-      #   YAML.dump("foo")
+      #   YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
+      #   YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
+      #   YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
+      #   YAML.dump(foo)
       #
       class YAMLLoad < Base
         extend AutoCorrector
@@ -27,6 +35,8 @@ module RuboCop
         PATTERN
 
         def on_send(node)
+          return if target_ruby_version >= 3.1
+
           yaml_load(node) do
             add_offense(node.loc.selector) do |corrector|
               corrector.replace(node.loc.selector, 'safe_load')

data/lib/rubocop/cop/style/access_modifier_declarations.rb

@@ -9,6 +9,11 @@ module RuboCop
       # Applications of visibility methods to symbols can be controlled
       # using AllowModifiersOnSymbols config.
       #
+      # @safety
+      #   Autocorrection is not safe, because the visibility of dynamically
+      #   defined methods can vary depending on the state determined by
+      #   the group access modifier.
+      #
       # @example EnforcedStyle: group (default)
       #   # bad
       #   class Foo
@@ -63,7 +68,10 @@ module RuboCop
       #
       #   end
       class AccessModifierDeclarations < Base
+        extend AutoCorrector
+
         include ConfigurableEnforcedStyle
+        include RangeHelp
 
         GROUP_STYLE_MESSAGE = [
           '`%<access_modifier>s` should not be',
@@ -77,6 +85,8 @@ module RuboCop
 
         RESTRICT_ON_SEND = %i[private protected public module_function].freeze
 
+        ALLOWED_NODE_TYPES = %i[pair block].freeze
+
         # @!method access_modifier_with_symbol?(node)
         def_node_matcher :access_modifier_with_symbol?, <<~PATTERN
           (send nil? {:private :protected :public :module_function} (sym _))
@@ -84,11 +94,14 @@ module RuboCop
 
         def on_send(node)
           return unless node.access_modifier?
-          return if node.parent&.pair_type?
+          return if ALLOWED_NODE_TYPES.include?(node.parent&.type)
           return if allow_modifiers_on_symbols?(node)
 
           if offense?(node)
-            add_offense(node.loc.selector) { opposite_style_detected }
+            add_offense(node.loc.selector) do |corrector|
+              autocorrect(corrector, node)
+            end
+            opposite_style_detected
           else
             correct_style_detected
           end
@@ -96,12 +109,28 @@ module RuboCop
 
         private
 
+        def autocorrect(corrector, node)
+          case style
+          when :group
+            def_node = find_corresponding_def_node(node)
+            return unless def_node
+
+            replace_def(corrector, node, def_node)
+          when :inline
+            remove_node(corrector, node)
+            select_grouped_def_nodes(node).each do |grouped_def_node|
+              insert_inline_modifier(corrector, grouped_def_node, node.method_name)
+            end
+          end
+        end
+
         def allow_modifiers_on_symbols?(node)
           cop_config['AllowModifiersOnSymbols'] && access_modifier_with_symbol?(node)
         end
 
         def offense?(node)
-          (group_style? && access_modifier_is_inlined?(node)) ||
+          (group_style? && access_modifier_is_inlined?(node) &&
+            !right_siblings_same_inline_method?(node)) ||
             (inline_style? && access_modifier_is_not_inlined?(node))
         end
 
@@ -121,6 +150,12 @@ module RuboCop
           !access_modifier_is_inlined?(node)
         end
 
+        def right_siblings_same_inline_method?(node)
+          node.right_siblings.any? do |sibling|
+            sibling.send_type? && sibling.method?(node.method_name) && !sibling.arguments.empty?
+          end
+        end
+
         def message(range)
           access_modifier = range.source
 
@@ -130,6 +165,60 @@ module RuboCop
             format(INLINE_STYLE_MESSAGE, access_modifier: access_modifier)
           end
         end
+
+        def find_corresponding_def_node(node)
+          if access_modifier_with_symbol?(node)
+            method_name = node.arguments.first.value
+            node.parent.each_child_node(:def).find do |child|
+              child.method?(method_name)
+            end
+          else
+            node.arguments.first
+          end
+        end
+
+        def find_argument_less_modifier_node(node)
+          return unless (parent = node.parent)
+
+          parent.each_child_node(:send).find do |child|
+            child.method?(node.method_name) && child.arguments.empty?
+          end
+        end
+
+        def select_grouped_def_nodes(node)
+          node.right_siblings.take_while do |sibling|
+            !(sibling.send_type? && sibling.bare_access_modifier_declaration?)
+          end.select(&:def_type?)
+        end
+
+        def replace_def(corrector, node, def_node)
+          source = def_source(node, def_node)
+          argument_less_modifier_node = find_argument_less_modifier_node(node)
+          if argument_less_modifier_node
+            corrector.insert_after(argument_less_modifier_node, "\n\n#{source}")
+          elsif (ancestor = node.each_ancestor(:block, :class, :module).first)
+
+            corrector.insert_before(ancestor.loc.end, "#{node.method_name}\n\n#{source}\n")
+          else
+            corrector.replace(node, "#{node.method_name}\n\n#{source}")
+            return
+          end
+
+          remove_node(corrector, def_node)
+          remove_node(corrector, node)
+        end
+
+        def insert_inline_modifier(corrector, node, modifier_name)
+          corrector.insert_before(node, "#{modifier_name} ")
+        end
+
+        def remove_node(corrector, node)
+          corrector.remove(range_with_comments_and_lines(node))
+        end
+
+        def def_source(node, def_node)
+          [*processed_source.ast_with_comments[node].map(&:text), def_node.source].join("\n")
+        end
       end
     end
   end