rubocop 1.18.1 → 1.22.3

data/lib/rubocop/cop/mixin/preceding_following_alignment.rb

@@ -93,7 +93,15 @@ module RuboCop
       end
 
       def aligned_assignment?(range, line)
-        range.source[-1] == '=' && line[range.last_column - 1] == '='
+        (range.source[-1] == '=' && line[range.last_column - 1] == '=') ||
+          aligned_with_append_operator?(range, line)
+      end
+
+      def aligned_with_append_operator?(range, line)
+        last_column = range.last_column
+
+        (range.source == '<<' && line[last_column - 1] == '=') ||
+          (range.source[-1] == '=' && line[(last_column - 2)..(last_column - 1)] == '<<')
       end
 
       def aligned_identical?(range, line)

data/lib/rubocop/cop/mixin/require_library.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    # Ensure a require statement is present for a standard library determined
+    # by variable library_name
+    module RequireLibrary
+      extend NodePattern::Macros
+
+      def ensure_required(corrector, node, library_name)
+        node = node.parent while node.parent&.parent?
+
+        if node.parent&.begin_type?
+          return if @required_libs.include?(library_name)
+
+          remove_subsequent_requires(corrector, node, library_name)
+        end
+
+        RequireLibraryCorrector.correct(corrector, node, library_name)
+      end
+
+      def remove_subsequent_requires(corrector, node, library_name)
+        node.right_siblings.each do |sibling|
+          next unless require_library_name?(sibling, library_name)
+
+          range = range_by_whole_lines(sibling.source_range, include_final_newline: true)
+          corrector.remove(range)
+        end
+      end
+
+      def on_send(node)
+        return if node.parent&.parent?
+
+        name = require_any_library?(node)
+        return if name.nil?
+
+        @required_libs.add(name)
+      end
+
+      private
+
+      def on_new_investigation
+        # Holds the required files at top-level
+        @required_libs = Set.new
+        super
+      end
+
+      # @!method require_any_library?(node)
+      def_node_matcher :require_any_library?, <<~PATTERN
+        (send {(const {nil? cbase} :Kernel) nil?} :require (str $_))
+      PATTERN
+
+      # @!method require_library_name?(node, library_name)
+      def_node_matcher :require_library_name?, <<~PATTERN
+        (send {(const {nil? cbase} :Kernel) nil?} :require (str %1))
+      PATTERN
+    end
+  end
+end

data/lib/rubocop/cop/mixin/space_after_punctuation.rb

@@ -28,7 +28,7 @@ module RuboCop
       end
 
       def space_missing?(token1, token2)
-        token1.line == token2.line && token2.column == token1.column + offset
+        same_line?(token1, token2) && token2.column == token1.column + offset
       end
 
       def space_required_before?(token)

data/lib/rubocop/cop/mixin/space_before_punctuation.rb

@@ -10,7 +10,7 @@ module RuboCop
       MSG = 'Space found before %<token>s.'
 
       def on_new_investigation
-        each_missing_space(processed_source.tokens) do |token, pos_before|
+        each_missing_space(processed_source.sorted_tokens) do |token, pos_before|
           add_offense(pos_before, message: format(MSG, token: kind(token))) do |corrector|
             PunctuationCorrector.remove_space(corrector, pos_before)
           end
@@ -32,7 +32,7 @@ module RuboCop
       end
 
       def space_missing?(token1, token2)
-        token1.line == token2.line && token2.begin_pos > token1.end_pos
+        same_line?(token1, token2) && token2.begin_pos > token1.end_pos
       end
 
       def space_required_after?(token)

data/lib/rubocop/cop/mixin/statement_modifier.rb

@@ -54,7 +54,7 @@ module RuboCop
       end
 
       def first_line_comment(node)
-        comment = processed_source.find_comment { |c| c.loc.line == node.loc.line }
+        comment = processed_source.find_comment { |c| same_line?(c, node) }
         return unless comment
 
         comment_source = comment.loc.expression.source

data/lib/rubocop/cop/mixin/string_literals_help.rb

@@ -13,7 +13,11 @@ module RuboCop
         if style == :single_quotes
           !double_quotes_required?(src)
         else
-          !/" | \\[^'\\] | \#[@{$]/x.match?(src)
+          # The string needs single quotes if:
+          # 1. It contains a double quote
+          # 2. It contains text that would become an escape sequence with double quotes
+          # 3. It contains text that would become an interpolation with double quotes
+          !/" | (?<!\\)\\[aAbcdefkMnprsStuUxzZ0-7] | \#[@{$]/x.match?(src)
         end
       end
     end

data/lib/rubocop/cop/mixin/trailing_body.rb

@@ -10,7 +10,7 @@ module RuboCop
       end
 
       def body_on_first_line?(node, body)
-        node.source_range.first_line == body.source_range.first_line
+        same_line?(node, body)
       end
 
       def first_part_of(body)

data/lib/rubocop/cop/naming/ascii_identifiers.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-# rubocop:disable Style/AsciiComments
-
 module RuboCop
   module Cop
     module Naming
@@ -90,4 +88,3 @@ module RuboCop
     end
   end
 end
-# rubocop:enable Style/AsciiComments

data/lib/rubocop/cop/naming/block_parameter_name.rb

@@ -24,7 +24,7 @@ module RuboCop
       #   # With `AllowNamesEndingInNumbers` set to false
       #   foo { |num1, num2| num1 * num2 }
       #
-      #   # With `MinParamNameLength` set to number greater than 1
+      #   # With `MinNameLength` set to number greater than 1
       #   baz { |a, b, c| do_stuff(a, b, c) }
       #
       #   # good

data/lib/rubocop/cop/naming/constant_name.rb

@@ -54,7 +54,7 @@ module RuboCop
         private
 
         def allowed_assignment?(value)
-          value && %i[block const casgn].include?(value.type) ||
+          (value && %i[block const casgn].include?(value.type)) ||
             allowed_method_call_on_rhs?(value) ||
             class_or_struct_return_method?(value) ||
             allowed_conditional_expression_on_rhs?(value)

data/lib/rubocop/cop/naming/inclusive_language.rb

@@ -19,6 +19,8 @@ module RuboCop
       # Regex can be specified to identify offenses. Suggestions for replacing a flagged term can
       # be configured and will be displayed as part of the offense message.
       # An AllowedRegex can be specified for a flagged term to exempt allowed uses of the term.
+      # `WholeWord: true` can be set on a flagged term to indicate the cop should only match when
+      # a term matches the whole word (partial matches will not be offenses).
       #
       # @example FlaggedTerms: { whitelist: { Suggestions: ['allowlist'] } }
       #   # Suggest replacing identifier whitelist with allowlist
@@ -56,10 +58,20 @@ module RuboCop
       #   # good
       #   # They had a master's degree
       #
+      # @example FlaggedTerms: { slave: { WholeWord: true } }
+      #   # Specify that only terms that are full matches will be flagged.
+      #
+      #   # bad
+      #   Slave
+      #
+      #   # good (won't be flagged despite containing `slave`)
+      #   TeslaVehicle
       class InclusiveLanguage < Base
         include RangeHelp
 
         EMPTY_ARRAY = [].freeze
+        MSG = "Consider replacing '%<term>s'%<suffix>s."
+        MSG_FOR_FILE_PATH = "Consider replacing '%<term>s' in file path%<suffix>s."
 
         WordLocation = Struct.new(:word, :position)
 
@@ -123,7 +135,7 @@ module RuboCop
             next if term_definition.nil?
 
             allowed_strings.concat(process_allowed_regex(term_definition['AllowedRegex']))
-            regex_string = ensure_regex_string(term_definition['Regex'] || term)
+            regex_string = ensure_regex_string(extract_regexp(term, term_definition))
             flagged_term_strings << regex_string
 
             add_to_flagged_term_hash(regex_string, term, term_definition)
@@ -132,6 +144,13 @@ module RuboCop
           set_regexes(flagged_term_strings, allowed_strings)
         end
 
+        def extract_regexp(term, term_definition)
+          return term_definition['Regex'] if term_definition['Regex']
+          return /(?:\b|(?<=[\W_]))#{term}(?:\b|(?=[\W_]))/ if term_definition['WholeWord']
+
+          term
+        end
+
         def add_to_flagged_term_hash(regex_string, term, term_definition)
           @flagged_term_hash[Regexp.new(regex_string, Regexp::IGNORECASE)] =
             term_definition.merge('Term' => term,
@@ -180,12 +199,11 @@ module RuboCop
         end
 
         def create_single_word_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
+          create_message(word, MSG_FOR_FILE_PATH)
         end
 
         def create_multiple_word_message_for_file(words)
-          quoted_words = words.map { |word| "'#{word}'" }
-          "Consider replacing problematic terms #{quoted_words.join(', ')} in file path."
+          format(MSG_FOR_FILE_PATH, term: words.join("', '"), suffix: ' with other terms')
         end
 
         def scan_for_words(input)
@@ -206,9 +224,12 @@ module RuboCop
           safe_str.gsub(@allowed_regex) { |match| '*' * match.size }
         end
 
-        def create_message(word)
+        def create_message(word, message = MSG)
           flagged_term = find_flagged_term(word)
-          "Consider replacing problematic term '#{word}'#{flagged_term['SuggestionString']}."
+          suggestions = flagged_term['SuggestionString']
+          suggestions = ' with another term' if suggestions.blank?
+
+          format(message, term: word, suffix: suggestions)
         end
 
         def find_flagged_term(word)
@@ -218,10 +239,6 @@ module RuboCop
           flagged_term
         end
 
-        def create_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
-        end
-
         def preprocess_suggestions(suggestions)
           return '' if suggestions.nil? ||
                        (suggestions.is_a?(String) && suggestions.strip.empty?) || suggestions.empty?

data/lib/rubocop/cop/naming/memoized_instance_variable_name.rb

@@ -14,6 +14,11 @@ module RuboCop
       # convention that is used to implicitly indicate that an ivar should not
       # be set or referenced outside of the memoization method.
       #
+      # @safety
+      #   This cop relies on the pattern `@instance_var ||= ...`,
+      #   but this is sometimes used for other purposes than memoization
+      #   so this cop is considered unsafe.
+      #
       # @example EnforcedStyleForLeadingUnderscores: disallowed (default)
       #   # bad
       #   # Method foo is memoized using an instance variable that is
@@ -139,10 +144,6 @@ module RuboCop
       #   define_method(:foo) do
       #     @_foo ||= calculate_expensive_thing
       #   end
-      #
-      # This cop relies on the pattern `@instance_var ||= ...`,
-      # but this is sometimes used for other purposes than memoization
-      # so this cop is considered unsafe.
       class MemoizedInstanceVariableName < Base
         include ConfigurableEnforcedStyle
 

data/lib/rubocop/cop/naming/rescued_exceptions_variable_name.rb

@@ -75,6 +75,9 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           return if preferred_name.to_sym == offending_name
 
+          # check variable shadowing for exception variable
+          return if shadowed_variable_name?(node)
+
           range = offense_range(node)
           message = message(node)
 
@@ -150,6 +153,10 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           format(MSG, preferred: preferred_name, bad: offending_name)
         end
+
+        def shadowed_variable_name?(node)
+          node.each_descendant(:lvar).any? { |n| n.children.first.to_s == preferred_name(n) }
+        end
       end
     end
   end

data/lib/rubocop/cop/security/io_methods.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`,
+      # `IO.foreach`, and `IO.readlines`.
+      #
+      # If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class,
+      # a subprocess is created in the same way as `Kernel#open`, and its output is returned.
+      # `Kernel#open` may allow unintentional command injection, which is the reason these
+      # `IO` methods are a security risk.
+      # Consider to use `File.read` to disable the behavior of subprocess invocation.
+      #
+      # @safety
+      #   This cop is unsafe because false positive will occur if the variable passed as
+      #   the first argument is a command that is not a file path.
+      #
+      # @example
+      #
+      #   # bad
+      #   IO.read(path)
+      #   IO.read('path')
+      #
+      #   # good
+      #   File.read(path)
+      #   File.read('path')
+      #   IO.read('| command') # Allow intentional command invocation.
+      #
+      class IoMethods < Base
+        extend AutoCorrector
+
+        MSG = '`File.%<method_name>s` is safer than `IO.%<method_name>s`.'
+        RESTRICT_ON_SEND = %i[read binread write binwrite foreach readlines].freeze
+
+        def on_send(node)
+          return unless (receiver = node.receiver) && receiver.source == 'IO'
+
+          argument = node.first_argument
+          return if argument.respond_to?(:value) && argument.value.strip.start_with?('|')
+
+          add_offense(node, message: format(MSG, method_name: node.method_name)) do |corrector|
+            corrector.replace(receiver, 'File')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/json_load.rb

@@ -6,13 +6,14 @@ module RuboCop
       # This cop checks for the use of JSON class methods which have potential
       # security issues.
       #
-      # Autocorrect is disabled by default because it's potentially dangerous.
-      # If using a stream, like `JSON.load(open('file'))`, it will need to call
-      # `#read` manually, like `JSON.parse(open('file').read)`.
-      # If reading single values (rather than proper JSON objects), like
-      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      # option, like `JSON.parse('false', quirks_mode: true)`.
-      # Other similar issues may apply.
+      # @safety
+      #   This cop's autocorrection is unsafe because it's potentially dangerous.
+      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   `#read` manually, like `JSON.parse(open('file').read)`.
+      #   If reading single values (rather than proper JSON objects), like
+      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      #   option, like `JSON.parse('false', quirks_mode: true)`.
+      #   Other similar issues may apply.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/security/open.rb

@@ -11,6 +11,10 @@ module RuboCop
       # the argument of `Kernel#open` and `URI.open`. It would be better to use
       # `File.open`, `IO.popen` or `URI.parse#open` explicitly.
       #
+      # @safety
+      #   This cop could register false positives if `open` is redefined
+      #   in a class and then used without a receiver in that class.
+      #
       # @example
       #   # bad
       #   open(something)

data/lib/rubocop/cop/security/yaml_load.rb

@@ -7,6 +7,10 @@ module RuboCop
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #
+      # @safety
+      #   The behaviour of the code might change depending on what was
+      #   in the YAML payload, since `YAML.safe_load` is more restrictive.
+      #
       # @example
       #   # bad
       #   YAML.load("--- foo")

data/lib/rubocop/cop/style/accessor_grouping.rb

@@ -59,8 +59,8 @@ module RuboCop
 
         def check(send_node)
           return if previous_line_comment?(send_node)
-          return unless grouped_style? && sibling_accessors(send_node).size > 1 ||
-                        separated_style? && send_node.arguments.size > 1
+          return unless (grouped_style? && sibling_accessors(send_node).size > 1) ||
+                        (separated_style? && send_node.arguments.size > 1)
 
           message = message(send_node)
           add_offense(send_node, message: message) do |corrector|

data/lib/rubocop/cop/style/and_or.rb

@@ -7,6 +7,11 @@ module RuboCop
       # `||` instead. It can be configured to check only in conditions or in
       # all contexts.
       #
+      # @safety
+      #   Auto-correction is unsafe because there is a different operator precedence
+      #   between logical operators (`&&` and `||`) and semantic operators (`and` and `or`),
+      #   and that might change the behaviour.
+      #
       # @example EnforcedStyle: always
       #   # bad
       #   foo.save and return

data/lib/rubocop/cop/style/arguments_forwarding.rb

@@ -30,6 +30,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       # @example AllowOnlyRestArgument: false
       #   # bad
       #   # The following code can replace the arguments with `...`,
@@ -38,6 +42,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       class ArgumentsForwarding < Base
         include RangeHelp
         extend AutoCorrector
@@ -49,12 +57,15 @@ module RuboCop
 
         # @!method use_rest_arguments?(node)
         def_node_matcher :use_rest_arguments?, <<~PATTERN
-          (args (restarg $_) $...)
+          (args ({restarg kwrestarg} $_) $...)
         PATTERN
 
         # @!method only_rest_arguments?(node, name)
         def_node_matcher :only_rest_arguments?, <<~PATTERN
-          (send _ _ (splat (lvar %1)))
+          {
+            (send _ _ (splat (lvar %1)))
+            (send _ _ (hash (kwsplat (lvar %1))))
+          }
         PATTERN
 
         # @!method forwarding_method_arguments?(node, rest_name, block_name, kwargs_name)

data/lib/rubocop/cop/style/array_coercion.rb

@@ -5,9 +5,27 @@ module RuboCop
     module Style
       # This cop enforces the use of `Array()` instead of explicit `Array` check or `[*var]`.
       #
-      # This cop is disabled by default because false positive will occur if
-      # the argument of `Array()` is not an array (e.g. Hash, Set),
-      # an array will be returned as an incompatibility result.
+      # The cop is disabled by default due to safety concerns.
+      #
+      # @safety
+      #   This cop is unsafe because a false positive may occur if
+      #   the argument of `Array()` is (or could be) nil or depending
+      #   on how the argument is handled by `Array()` (which can be
+      #   different than just wrapping the argument in an array).
+      #
+      #   For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   [nil]             #=> [nil]
+      #   Array(nil)        #=> []
+      #
+      #   [{a: 'b'}]        #= [{a: 'b'}]
+      #   Array({a: 'b'})   #=> [[:a, 'b']]
+      #
+      #   [Time.now]        #=> [#<Time ...>]
+      #   Array(Time.now)   #=> [14, 16, 14, 16, 9, 2021, 4, 259, true, "EDT"]
+      #   ----
       #
       # @example
       #   # bad

data/lib/rubocop/cop/style/ascii_comments.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-# rubocop:disable Style/AsciiComments
-
 module RuboCop
   module Cop
     module Style
@@ -57,4 +55,3 @@ module RuboCop
     end
   end
 end
-# rubocop:enable Style/AsciiComments

data/lib/rubocop/cop/style/block_delimiters.rb

@@ -1,11 +1,17 @@
 # frozen_string_literal: true
 
+# rubocop:disable Metrics/ClassLength
 module RuboCop
   module Cop
     module Style
       # Check for uses of braces or do/end around single line or
       # multi-line blocks.
       #
+      # Methods that can be either procedural or functional and cannot be
+      # categorised from their usage alone is ignored.
+      # `lambda`, `proc`, and `it` are their defaults.
+      # Additional methods can be added to the `IgnoredMethods`.
+      #
       # @example EnforcedStyle: line_count_based (default)
       #   # bad - single line block
       #   items.each do |item| item / 5 end
@@ -132,9 +138,21 @@ module RuboCop
       #     puts foo
       #   end
       #
+      # @example IgnoredMethods: ['lambda', 'proc', 'it' ] (default)
+      #
+      #   # good
+      #   foo = lambda do |x|
+      #     puts "Hello, #{x}"
+      #   end
+      #
+      #   foo = lambda do |x|
+      #     x * 100
+      #   end
+      #
       class BlockDelimiters < Base
         include ConfigurableEnforcedStyle
         include IgnoredMethods
+        include RangeHelp
         extend AutoCorrector
 
         ALWAYS_BRACES_MESSAGE = 'Prefer `{...}` over `do...end` for blocks.'
@@ -174,7 +192,7 @@ module RuboCop
           if node.braces?
             replace_braces_with_do_end(corrector, node.loc)
           else
-            replace_do_end_with_braces(corrector, node.loc)
+            replace_do_end_with_braces(corrector, node)
           end
         end
 
@@ -231,10 +249,16 @@ module RuboCop
           corrector.insert_before(e, ' ') unless whitespace_before?(e)
           corrector.insert_after(b, ' ') unless whitespace_after?(b)
           corrector.replace(b, 'do')
+
+          if (comment = processed_source.comment_at_line(e.line))
+            move_comment_before_block(corrector, comment, loc.node, e)
+          end
+
           corrector.replace(e, 'end')
         end
 
-        def replace_do_end_with_braces(corrector, loc)
+        def replace_do_end_with_braces(corrector, node)
+          loc = node.loc
           b = loc.begin
           e = loc.end
 
@@ -242,6 +266,8 @@ module RuboCop
 
           corrector.replace(b, '{')
           corrector.replace(e, '}')
+
+          corrector.wrap(node.body, "begin\n", "\nend") if begin_required?(node)
         end
 
         def whitespace_before?(range)
@@ -252,6 +278,21 @@ module RuboCop
           /\s/.match?(range.source_buffer.source[range.begin_pos + length, 1])
         end
 
+        def move_comment_before_block(corrector, comment, block_node, closing_brace)
+          range = block_node.chained? ? end_of_chain(block_node.parent).source_range : closing_brace
+          comment_range = range_between(range.end_pos, comment.loc.expression.end_pos)
+          corrector.remove(range_with_surrounding_space(range: comment_range, side: :right))
+          corrector.insert_after(range, "\n")
+
+          corrector.insert_before(block_node, "#{comment.text}\n")
+        end
+
+        def end_of_chain(node)
+          return node unless node.chained?
+
+          end_of_chain(node.parent)
+        end
+
         def get_blocks(node, &block)
           case node.type
           when :block
@@ -376,7 +417,14 @@ module RuboCop
         def array_or_range?(node)
           node.array_type? || node.range_type?
         end
+
+        def begin_required?(block_node)
+          # If the block contains `rescue` or `ensure`, it needs to be wrapped in
+          # `begin`...`end` when changing `do-end` to `{}`.
+          block_node.each_child_node(:rescue, :ensure).any? && !block_node.single_line?
+        end
       end
     end
   end
 end
+# rubocop:enable Metrics/ClassLength

data/lib/rubocop/cop/style/case_equality.rb

@@ -5,9 +5,11 @@ module RuboCop
     module Style
       # This cop checks for uses of the case equality operator(===).
       #
+      # If `AllowOnConstant` option is enabled, the cop will ignore violations when the receiver of
+      # the case equality operator is a constant.
+      #
       # @example
       #   # bad
-      #   Array === something
       #   (1..100) === 7
       #   /something/ === some_string
       #
@@ -16,18 +18,13 @@ module RuboCop
       #   (1..100).include?(7)
       #   /something/.match?(some_string)
       #
-      # @example AllowOnConstant
-      #   # Style/CaseEquality:
-      #   #   AllowOnConstant: true
-      #
+      # @example AllowOnConstant: false (default)
       #   # bad
-      #   (1..100) === 7
-      #   /something/ === some_string
+      #   Array === something
       #
+      # @example AllowOnConstant: true
       #   # good
       #   Array === something
-      #   (1..100).include?(7)
-      #   /something/.match?(some_string)
       #
       class CaseEquality < Base
         extend AutoCorrector