rubocop 1.19.0 → 1.23.0

data/lib/rubocop/cop/bundler/insecure_protocol_source.rb

@@ -3,18 +3,21 @@
 module RuboCop
   module Cop
     module Bundler
-      # The symbol argument `:gemcutter`, `:rubygems`, and `:rubyforge`
-      # are deprecated. So please change your source to URL string that
-      # 'https://rubygems.org' if possible, or 'http://rubygems.org' if not.
+      # Passing symbol arguments to `source` (e.g. `source :rubygems`) is
+      # deprecated because they default to using HTTP requests. Instead, specify
+      # `'https://rubygems.org'` if possible, or `'http://rubygems.org'` if not.
       #
-      # This autocorrect will replace these symbols with 'https://rubygems.org'.
-      # Because it is secure, HTTPS request is strongly recommended. And in
-      # most use cases HTTPS will be fine.
+      # When autocorrecting, this cop will replace symbol arguments with
+      # `'https://rubygems.org'`.
       #
-      # However, it don't replace all `sources` of `http://` with `https://`.
-      # For example, when specifying an internal gem server using HTTP on the
-      # intranet, a use case where HTTPS cannot be specified was considered.
-      # Consider using HTTP only if you cannot use HTTPS.
+      # This cop will not replace existing sources that use `http://`. This may
+      # be necessary where HTTPS is not available. For example, where using an
+      # internal gem server via an intranet, or where HTTPS is prohibited.
+      # However, you should strongly prefer `https://` where possible, as it is
+      # more secure.
+      #
+      # If you don't allow `http://`, please set `false` to `AllowHttpProtocol`.
+      # This option is `true` by default for safe autocorrection.
       #
       # @example
       #   # bad
@@ -24,7 +27,17 @@ module RuboCop
       #
       #   # good
       #   source 'https://rubygems.org' # strongly recommended
+      #
+      # @example AllowHttpProtocol: true (default)
+      #
+      #   # good
+      #   source 'http://rubygems.org' # use only if HTTPS is unavailable
+      #
+      # @example AllowHttpProtocol: false
+      #
+      #   # bad
       #   source 'http://rubygems.org'
+      #
       class InsecureProtocolSource < Base
         include RangeHelp
         extend AutoCorrector
@@ -33,29 +46,40 @@ module RuboCop
               'are insecure. ' \
               "Please change your source to 'https://rubygems.org' " \
               "if possible, or 'http://rubygems.org' if not."
+        MSG_HTTP_PROTOCOL = 'Use `https://rubygems.org` instead of `http://rubygems.org`.'
 
         RESTRICT_ON_SEND = %i[source].freeze
 
         # @!method insecure_protocol_source?(node)
         def_node_matcher :insecure_protocol_source?, <<~PATTERN
           (send nil? :source
-            $(sym ${:gemcutter :rubygems :rubyforge}))
+            ${(sym :gemcutter) (sym :rubygems) (sym :rubyforge) (:str "http://rubygems.org")})
         PATTERN
 
         def on_send(node)
-          insecure_protocol_source?(node) do |source_node, source|
-            message = format(MSG, source: source)
-
-            add_offense(
-              source_node,
-              message: message
-            ) do |corrector|
-              corrector.replace(
-                source_node, "'https://rubygems.org'"
-              )
+          insecure_protocol_source?(node) do |source_node|
+            source = source_node.value
+            use_http_protocol = source == 'http://rubygems.org'
+
+            return if allow_http_protocol? && use_http_protocol
+
+            message = if use_http_protocol
+                        MSG_HTTP_PROTOCOL
+                      else
+                        format(MSG, source: source)
+                      end
+
+            add_offense(source_node, message: message) do |corrector|
+              corrector.replace(source_node, "'https://rubygems.org'")
             end
           end
         end
+
+        private
+
+        def allow_http_protocol?
+          cop_config.fetch('AllowHttpProtocol', true)
+        end
       end
     end
   end

data/lib/rubocop/cop/bundler/ordered_gems.rb

@@ -24,15 +24,15 @@ module RuboCop
       #   gem 'rubocop'
       #   # For tests
       #   gem 'rspec'
-      class OrderedGems < Cop # rubocop:disable InternalAffairs/InheritDeprecatedCopClass
-        include ConfigurableEnforcedStyle
+      class OrderedGems < Base
+        extend AutoCorrector
         include OrderedGemNode
 
         MSG = 'Gems should be sorted in an alphabetical order within their '\
               'section of the Gemfile. '\
               'Gem `%<previous>s` should appear before `%<current>s`.'
 
-        def investigate(processed_source)
+        def on_new_investigation
           return if processed_source.blank?
 
           gem_declarations(processed_source.ast)
@@ -44,15 +44,6 @@ module RuboCop
           end
         end
 
-        def autocorrect(node)
-          OrderedGemCorrector.correct(
-            processed_source,
-            node,
-            previous_declaration(node),
-            treat_comments_as_separators
-          )
-        end
-
         private
 
         def previous_declaration(node)

data/lib/rubocop/cop/correctors/lambda_literal_to_method_corrector.rb

@@ -87,8 +87,8 @@ module RuboCop
       end
 
       def needs_separating_space?
-        block_begin.begin_pos == arguments_end_pos &&
-          selector_end.end_pos == arguments_begin_pos ||
+        (block_begin.begin_pos == arguments_end_pos &&
+          selector_end.end_pos == arguments_begin_pos) ||
           block_begin.begin_pos == selector_end.end_pos
       end
 

data/lib/rubocop/cop/correctors/line_break_corrector.rb

@@ -28,7 +28,7 @@ module RuboCop
                               indent_steps: 1)
           corrector.insert_before(
             range,
-            "\n#{' ' * (node.loc.keyword.column + indent_steps * configured_width)}"
+            "\n#{' ' * (node.loc.keyword.column + (indent_steps * configured_width))}"
           )
         end
 

data/lib/rubocop/cop/correctors/ordered_gem_corrector.rb

@@ -4,9 +4,10 @@ module RuboCop
   module Cop
     # This auto-corrects gem dependency order
     class OrderedGemCorrector
-      extend OrderedGemNode
-
       class << self
+        include OrderedGemNode
+        include RangeHelp
+
         attr_reader :processed_source, :comments_as_separators
 
         def correct(processed_source, node,
@@ -17,24 +18,24 @@ module RuboCop
           current_range = declaration_with_comment(node)
           previous_range = declaration_with_comment(previous_declaration)
 
-          ->(corrector) do swap_range(corrector, current_range, previous_range) end
+          ->(corrector) { swap_range(corrector, current_range, previous_range) }
         end
 
         private
 
         def declaration_with_comment(node)
           buffer = processed_source.buffer
-          begin_pos = get_source_range(node, comments_as_separators).begin_pos
+          begin_pos = range_by_whole_lines(get_source_range(node, comments_as_separators)).begin_pos
           end_line = buffer.line_for_position(node.loc.expression.end_pos)
-          end_pos = buffer.line_range(end_line).end_pos
-          Parser::Source::Range.new(buffer, begin_pos, end_pos)
+          end_pos = range_by_whole_lines(buffer.line_range(end_line),
+                                         include_final_newline: true).end_pos
+
+          range_between(begin_pos, end_pos)
         end
 
         def swap_range(corrector, range1, range2)
-          src1 = range1.source
-          src2 = range2.source
-          corrector.replace(range1, src2)
-          corrector.replace(range2, src1)
+          corrector.insert_before(range2, range1.source)
+          corrector.remove(range1)
         end
       end
     end

data/lib/rubocop/cop/documentation.rb

@@ -8,7 +8,7 @@ module RuboCop
 
       # @api private
       def department_to_basename(department)
-        "cops_#{department.downcase}"
+        "cops_#{department.to_s.downcase.tr('/', '_')}"
       end
 
       # @api private

data/lib/rubocop/cop/gemspec/date_assignment.rb

@@ -21,21 +21,13 @@ module RuboCop
       #
       class DateAssignment < Base
         include RangeHelp
+        include GemspecHelp
         extend AutoCorrector
 
         MSG = 'Do not use `date =` in gemspec, it is set automatically when the gem is packaged.'
 
-        # @!method gem_specification(node)
-        def_node_matcher :gem_specification, <<~PATTERN
-          (block
-            (send
-              (const
-                (const {cbase nil?} :Gem) :Specification) :new)
-            ...)
-        PATTERN
-
         def on_block(block_node)
-          return unless gem_specification(block_node)
+          return unless gem_specification?(block_node)
 
           block_parameter = block_node.arguments.first.source
 

data/lib/rubocop/cop/gemspec/duplicated_assignment.rb

@@ -36,20 +36,11 @@ module RuboCop
       #   end
       class DuplicatedAssignment < Base
         include RangeHelp
+        include GemspecHelp
 
         MSG = '`%<assignment>s` method calls already given on line '\
               '%<line_of_first_occurrence>d of the gemspec.'
 
-        # @!method gem_specification(node)
-        def_node_search :gem_specification, <<~PATTERN
-          (block
-            (send
-              (const
-                (const {cbase nil?} :Gem) :Specification) :new)
-            (args
-              (arg $_)) ...)
-        PATTERN
-
         # @!method assignment_method_declarations(node)
         def_node_search :assignment_method_declarations, <<~PATTERN
           (send

data/lib/rubocop/cop/gemspec/ordered_dependencies.rb

@@ -50,15 +50,15 @@ module RuboCop
       #   spec.add_dependency 'rubocop'
       #   # For tests
       #   spec.add_dependency 'rspec'
-      class OrderedDependencies < Cop # rubocop:disable InternalAffairs/InheritDeprecatedCopClass
-        include ConfigurableEnforcedStyle
+      class OrderedDependencies < Base
+        extend AutoCorrector
         include OrderedGemNode
 
         MSG = 'Dependencies should be sorted in an alphabetical order within ' \
               'their section of the gemspec. '\
               'Dependency `%<previous>s` should appear before `%<current>s`.'
 
-        def investigate(processed_source)
+        def on_new_investigation
           return if processed_source.blank?
 
           dependency_declarations(processed_source.ast)
@@ -71,15 +71,6 @@ module RuboCop
           end
         end
 
-        def autocorrect(node)
-          OrderedGemCorrector.correct(
-            processed_source,
-            node,
-            previous_declaration(node),
-            treat_comments_as_separators
-          )
-        end
-
         private
 
         def previous_declaration(node)

data/lib/rubocop/cop/gemspec/require_mfa.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Gemspec
+      # Requires a gemspec to have `rubygems_mfa_required` metadata set.
+      #
+      # This setting tells RubyGems that MFA is required for accounts to
+      # be able perform any of these privileged operations:
+      #
+      # * gem push
+      # * gem yank
+      # * gem owner --add/remove
+      # * adding or removing owners using gem ownership page
+      #
+      # This helps make your gem more secure, as users can be more
+      # confident that gem updates were pushed by maintainers.
+      #
+      # @example
+      #
+      #   # bad
+      #   Gem::Specification.new do |spec|
+      #     # no `rubygems_mfa_required` metadata specified
+      #   end
+      #
+      #   # good
+      #   Gem::Specification.new do |spec|
+      #     spec.metadata = {
+      #       'rubygems_mfa_required' => 'true'
+      #     }
+      #   end
+      #
+      #   # good
+      #   Gem::Specification.new do |spec|
+      #     spec.metadata['rubygems_mfa_required'] = 'true'
+      #   end
+      #
+      #  # bad
+      #  Gem::Specification.new do |spec|
+      #    spec.metadata = {
+      #      'rubygems_mfa_required' => 'false'
+      #    }
+      #  end
+      #
+      #  # good
+      #  Gem::Specification.new do |spec|
+      #    spec.metadata = {
+      #      'rubygems_mfa_required' => 'true'
+      #    }
+      #  end
+      #
+      #  # bad
+      #  Gem::Specification.new do |spec|
+      #    spec.metadata['rubygems_mfa_required'] = 'false'
+      #  end
+      #
+      #  # good
+      #  Gem::Specification.new do |spec|
+      #    spec.metadata['rubygems_mfa_required'] = 'true'
+      #  end
+      #
+      class RequireMFA < Base
+        include GemspecHelp
+        extend AutoCorrector
+
+        MSG = "`metadata['rubygems_mfa_required']` must be set to `'true'`."
+
+        # @!method metadata(node)
+        def_node_matcher :metadata, <<~PATTERN
+          `{
+            (send _ :metadata= $_)
+            (send (send _ :metadata) :[]= (str "rubygems_mfa_required") $_)
+          }
+        PATTERN
+
+        # @!method rubygems_mfa_required(node)
+        def_node_search :rubygems_mfa_required, <<~PATTERN
+          (pair (str "rubygems_mfa_required") $_)
+        PATTERN
+
+        # @!method true_string?(node)
+        def_node_matcher :true_string?, <<~PATTERN
+          (str "true")
+        PATTERN
+
+        def on_block(node) # rubocop:disable Metrics/MethodLength
+          gem_specification(node) do |block_var|
+            metadata_value = metadata(node)
+            mfa_value = mfa_value(metadata_value)
+
+            if mfa_value
+              unless true_string?(mfa_value)
+                add_offense(mfa_value) do |corrector|
+                  change_value(corrector, mfa_value)
+                end
+              end
+            else
+              add_offense(node) do |corrector|
+                autocorrect(corrector, node, block_var, metadata_value)
+              end
+            end
+          end
+        end
+
+        private
+
+        def mfa_value(metadata_value)
+          return unless metadata_value
+          return metadata_value if metadata_value.str_type?
+
+          rubygems_mfa_required(metadata_value).first
+        end
+
+        def autocorrect(corrector, node, block_var, metadata)
+          if metadata
+            return unless metadata.hash_type?
+
+            correct_metadata(corrector, metadata)
+          else
+            correct_missing_metadata(corrector, node, block_var)
+          end
+        end
+
+        def correct_metadata(corrector, metadata)
+          if metadata.pairs.any?
+            corrector.insert_after(metadata.pairs.last, ",\n'rubygems_mfa_required' => 'true'")
+          else
+            corrector.insert_before(metadata.loc.end, "'rubygems_mfa_required' => 'true'")
+          end
+        end
+
+        def correct_missing_metadata(corrector, node, block_var)
+          corrector.insert_before(node.loc.end, <<~RUBY)
+            #{block_var}.metadata = {
+              'rubygems_mfa_required' => 'true'
+            }
+          RUBY
+        end
+
+        def change_value(corrector, value)
+          corrector.replace(value, "'true'")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/gemspec/required_ruby_version.rb

@@ -3,10 +3,11 @@
 module RuboCop
   module Cop
     module Gemspec
-      # Checks that `required_ruby_version` of gemspec is specified and
-      # equal to `TargetRubyVersion` of .rubocop.yml.
-      # Thereby, RuboCop to perform static analysis working on the version
-      # required by gemspec.
+      # Checks that `required_ruby_version` in a gemspec file is set to a valid
+      # value (non-blank) and matches `TargetRubyVersion` as set in RuboCop's
+      # configuration for the gem.
+      #
+      # This ensures that RuboCop is using the same Ruby version as the gem.
       #
       # @example
       #   # When `TargetRubyVersion` of .rubocop.yml is `2.5`.
@@ -26,6 +27,11 @@ module RuboCop
       #     spec.required_ruby_version = '>= 2.6.0'
       #   end
       #
+      #   # bad
+      #   Gem::Specification.new do |spec|
+      #     spec.required_ruby_version = ''
+      #   end
+      #
       #   # good
       #   Gem::Specification.new do |spec|
       #     spec.required_ruby_version = '>= 2.5.0'
@@ -42,22 +48,22 @@ module RuboCop
       #   end
       #
       #   # accepted but not recommended, since
-      #   # Ruby does not really follow semantic versionning
+      #   # Ruby does not really follow semantic versioning
       #   Gem::Specification.new do |spec|
       #     spec.required_ruby_version = '~> 2.5'
       #   end
       class RequiredRubyVersion < Base
         include RangeHelp
 
-        NOT_EQUAL_MSG = '`required_ruby_version` (%<required_ruby_version>s, ' \
-                        'declared in %<gemspec_filename>s) and `TargetRubyVersion` ' \
+        RESTRICT_ON_SEND = %i[required_ruby_version=].freeze
+        NOT_EQUAL_MSG = '`required_ruby_version` and `TargetRubyVersion` ' \
                         '(%<target_ruby_version>s, which may be specified in ' \
                         '.rubocop.yml) should be equal.'
         MISSING_MSG = '`required_ruby_version` should be specified.'
 
-        # @!method required_ruby_version(node)
-        def_node_search :required_ruby_version, <<~PATTERN
-          (send _ :required_ruby_version= $_)
+        # @!method required_ruby_version?(node)
+        def_node_search :required_ruby_version?, <<~PATTERN
+          (send _ :required_ruby_version= _)
         PATTERN
 
         # @!method defined_ruby_version(node)
@@ -66,27 +72,28 @@ module RuboCop
             (send (const (const nil? :Gem) :Requirement) :new $(str _))}
         PATTERN
 
-        # rubocop:disable Metrics/AbcSize
         def on_new_investigation
-          version_def = required_ruby_version(processed_source.ast).first
+          add_global_offense(MISSING_MSG) unless required_ruby_version?(processed_source.ast)
+        end
 
-          if version_def
-            ruby_version = extract_ruby_version(defined_ruby_version(version_def))
-            return if !ruby_version || ruby_version == target_ruby_version.to_s
+        def on_send(node)
+          version_def = node.first_argument
+          return if dynamic_version?(version_def)
 
-            add_offense(
-              version_def.loc.expression,
-              message: not_equal_message(ruby_version, target_ruby_version)
-            )
-          else
-            range = source_range(processed_source.buffer, 1, 0)
-            add_offense(range, message: MISSING_MSG)
-          end
+          ruby_version = extract_ruby_version(defined_ruby_version(version_def))
+          return if ruby_version == target_ruby_version.to_s
+
+          add_offense(version_def, message: not_equal_message(ruby_version, target_ruby_version))
         end
-        # rubocop:enable Metrics/AbcSize
 
         private
 
+        def dynamic_version?(node)
+          (node.send_type? && !node.receiver) ||
+            node.variable? ||
+            node.each_descendant(:send, *RuboCop::AST::Node::VARIABLES).any?
+        end
+
         def extract_ruby_version(required_ruby_version)
           return unless required_ruby_version
 

data/lib/rubocop/cop/gemspec/ruby_version_globals_usage.rb

@@ -26,20 +26,13 @@ module RuboCop
       #   end
       #
       class RubyVersionGlobalsUsage < Base
+        include GemspecHelp
+
         MSG = 'Do not use `RUBY_VERSION` in gemspec file.'
 
         # @!method ruby_version?(node)
         def_node_matcher :ruby_version?, '(const {cbase nil?} :RUBY_VERSION)'
 
-        # @!method gem_specification?(node)
-        def_node_search :gem_specification?, <<~PATTERN
-          (block
-            (send
-              (const
-                (const {cbase nil?} :Gem) :Specification) :new)
-            ...)
-        PATTERN
-
         def on_const(node)
           return unless gem_spec_with_ruby_version?(node)
 
@@ -49,7 +42,7 @@ module RuboCop
         private
 
         def gem_spec_with_ruby_version?(node)
-          gem_specification?(processed_source.ast) && ruby_version?(node)
+          gem_specification(processed_source.ast) && ruby_version?(node)
         end
       end
     end

data/lib/rubocop/cop/generator.rb

@@ -24,6 +24,11 @@ module RuboCop
               # `SupportedStyle` and unique configuration, there needs to be examples.
               # Examples must have valid Ruby syntax. Do not use upticks.
               #
+              # @safety
+              #   Delete this section if the cop is not unsafe (`Safe: false` or
+              #   `SafeAutoCorrect: false`), or use it to explain how the cop is
+              #   unsafe.
+              #
               # @example EnforcedStyle: bar (default)
               #   # Description of the `bar` style.
               #
@@ -106,9 +111,8 @@ module RuboCop
         '[modify] A configuration for the cop is added into ' \
         '%<configuration_file_path>s.'
 
-      def initialize(name, github_user, output: $stdout)
+      def initialize(name, output: $stdout)
         @badge = Badge.parse(name)
-        @github_user = github_user
         @output = output
         return if badge.qualified?
 
@@ -142,17 +146,19 @@ module RuboCop
 
       def todo
         <<~TODO
-          Do 3 steps:
-            1. Add an entry to the "New features" section in CHANGELOG.md,
-               e.g. "Add new `#{badge}` cop. ([@#{github_user}][])"
-            2. Modify the description of #{badge} in config/default.yml
-            3. Implement your new cop in the generated file!
+          Do 4 steps:
+            1. Modify the description of #{badge} in config/default.yml
+            2. Implement your new cop in the generated file!
+            3. Commit your new cop with a message such as
+               e.g. "Add new `#{badge}` cop"
+            4. Run `bundle exec rake changelog:new` to generate a changelog entry
+               for your new cop.
         TODO
       end
 
       private
 
-      attr_reader :badge, :github_user, :output
+      attr_reader :badge, :output
 
       def write_unless_file_exists(path, contents)
         if File.exist?(path)