rubocop 1.19.1 → 1.22.1

data/lib/rubocop/cop/lint/useless_setter_call.rb

@@ -5,11 +5,14 @@ module RuboCop
     module Lint
       # This cop checks for setter call to local variable as the final
       # expression of a function definition.
-      # Its auto-correction is marked as unsafe because return value will be changed.
       #
-      # NOTE: There are edge cases in which the local variable references a
-      # value that is also accessible outside the local scope. This is not
-      # detected by the cop, and it can yield a false positive.
+      # @safety
+      #   There are edge cases in which the local variable references a
+      #   value that is also accessible outside the local scope. This is not
+      #   detected by the cop, and it can yield a false positive.
+      #
+      #   As well, auto-correction is unsafe because the method's
+      #   return value will be changed.
       #
       # @example
       #

data/lib/rubocop/cop/lint/useless_times.rb

@@ -7,8 +7,9 @@ module RuboCop
       # (when the integer <= 0) or that will only ever yield once
       # (`1.times`).
       #
-      # This cop is marked as unsafe as `times` returns its receiver, which
-      # is *usually* OK, but might change behavior.
+      # @safety
+      #   This cop is unsafe as `times` returns its receiver, which is
+      #   *usually* OK, but might change behavior.
       #
       # @example
       #   # bad
@@ -65,7 +66,7 @@ module RuboCop
         private
 
         def never_process?(count, node)
-          count < 1 || node.block_type? && node.body.nil?
+          count < 1 || (node.block_type? && node.body.nil?)
         end
 
         def remove_node(corrector, node)

data/lib/rubocop/cop/metrics/abc_size.rb

@@ -8,6 +8,12 @@ module RuboCop
       # (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
       # and https://en.wikipedia.org/wiki/ABC_Software_Metric.
       #
+      # Interpreting ABC size:
+      #
+      # * <= 17 satisfactory
+      # * 18..30 unsatisfactory
+      # * > 30 dangerous
+      #
       # You can have repeated "attributes" calls count as a single "branch".
       # For this purpose, attributes are any method with no argument; no attempt
       # is meant to distinguish actual `attr_reader` from other methods.

data/lib/rubocop/cop/metrics/perceived_complexity.rb

@@ -45,7 +45,7 @@ module RuboCop
             else
               # Otherwise, the case node gets 0.8 complexity points and each
               # when gets 0.2.
-              (0.8 + 0.2 * nb_branches).round
+              (0.8 + (0.2 * nb_branches)).round
             end
           when :if
             node.else? && !node.elsif? ? 2 : 1

data/lib/rubocop/cop/metrics/utils/abc_size_calculator.rb

@@ -46,7 +46,7 @@ module RuboCop
             visit_depth_last(@node) { |child| calculate_node(child) }
 
             [
-              Math.sqrt(@assignment**2 + @branch**2 + @condition**2).round(2),
+              Math.sqrt((@assignment**2) + (@branch**2) + (@condition**2)).round(2),
               "<#{@assignment}, #{@branch}, #{@condition}>"
             ]
           end

data/lib/rubocop/cop/metrics/utils/code_length_calculator.rb

@@ -147,7 +147,7 @@ module RuboCop
 
           # Returns true for lines that shall not be included in the count.
           def irrelevant_line?(source_line)
-            source_line.blank? || !count_comments? && comment_line?(source_line)
+            source_line.blank? || (!count_comments? && comment_line?(source_line))
           end
 
           def count_comments?

data/lib/rubocop/cop/mixin/annotation_comment.rb

@@ -2,40 +2,63 @@
 
 module RuboCop
   module Cop
-    module Style
-      # Common functionality related to annotation comments.
-      module AnnotationComment
-        private
-
-        # @api public
-        def annotation?(comment)
-          _margin, first_word, colon, space, note = split_comment(comment)
-          keyword_appearance?(first_word, colon, space) &&
-            !just_first_word_of_sentence?(first_word, colon, space, note)
-        end
-
-        # @api public
-        def split_comment(comment)
-          match = comment.text.match(/^(# ?)([A-Za-z]+)(\s*:)?(\s+)?(\S+)?/)
-          return false unless match
-
-          match.captures
-        end
-
-        # @api public
-        def keyword_appearance?(first_word, colon, space)
-          first_word && keyword?(first_word.upcase) && (colon || space)
-        end
-
-        # @api private
-        def just_first_word_of_sentence?(first_word, colon, space, note)
-          first_word == first_word.capitalize && !colon && space && note
-        end
-
-        # @api public
-        def keyword?(word)
-          config.for_cop('Style/CommentAnnotation')['Keywords'].include?(word)
-        end
+    # Representation of an annotation comment in source code (eg. `# TODO: blah blah blah`).
+    class AnnotationComment
+      extend Forwardable
+
+      attr_reader :comment, :margin, :keyword, :colon, :space, :note
+
+      # @param [Parser::Source::Comment] comment
+      # @param [Array<String>] keywords
+      def initialize(comment, keywords)
+        @comment = comment
+        @keywords = keywords
+        @margin, @keyword, @colon, @space, @note = split_comment(comment)
+      end
+
+      def annotation?
+        keyword_appearance? && !just_keyword_of_sentence?
+      end
+
+      def correct?(colon:)
+        return false unless keyword && space && note
+        return false unless keyword == keyword.upcase
+
+        self.colon.nil? == !colon
+      end
+
+      # Returns the range bounds for just the annotation
+      def bounds
+        start = comment.loc.expression.begin_pos + margin.length
+        length = [keyword, colon, space].reduce(0) { |len, elem| len + elem.to_s.length }
+        [start, start + length]
+      end
+
+      private
+
+      attr_reader :keywords
+
+      def split_comment(comment)
+        # Sort keywords by reverse length so that if a keyword is in a phrase
+        # but also on its own, both will match properly.
+        keywords_regex = Regexp.new(
+          Regexp.union(keywords.sort_by { |w| -w.length }).source,
+          Regexp::IGNORECASE
+        )
+        regex = /^(# ?)(\b#{keywords_regex}\b)(\s*:)?(\s+)?(\S+)?/i
+
+        match = comment.text.match(regex)
+        return false unless match
+
+        match.captures
+      end
+
+      def keyword_appearance?
+        keyword && (colon || space)
+      end
+
+      def just_keyword_of_sentence?
+        keyword == keyword.capitalize && !colon && space && note
       end
     end
   end

data/lib/rubocop/cop/mixin/code_length.rb

@@ -43,7 +43,7 @@ module RuboCop
 
       # Returns true for lines that shall not be included in the count.
       def irrelevant_line(source_line)
-        source_line.blank? || !count_comments? && comment_line?(source_line)
+        source_line.blank? || (!count_comments? && comment_line?(source_line))
       end
 
       def build_code_length_calculator(node)

data/lib/rubocop/cop/mixin/documentation_comment.rb

@@ -5,7 +5,6 @@ module RuboCop
     # Common functionality for checking documentation.
     module DocumentationComment
       extend NodePattern::Macros
-      include Style::AnnotationComment
 
       private
 
@@ -15,7 +14,7 @@ module RuboCop
         return false unless preceding_comment?(node, preceding_lines.last)
 
         preceding_lines.any? do |comment|
-          !annotation?(comment) &&
+          !AnnotationComment.new(comment, annotation_keywords).annotation? &&
             !interpreter_directive_comment?(comment) &&
             !rubocop_directive_comment?(comment)
         end
@@ -44,6 +43,10 @@ module RuboCop
       def rubocop_directive_comment?(comment)
         !!DirectiveComment.new(comment).match_captures
       end
+
+      def annotation_keywords
+        config.for_cop('Style/CommentAnnotation')['Keywords']
+      end
     end
   end
 end

data/lib/rubocop/cop/mixin/frozen_string_literal.rb

@@ -8,7 +8,9 @@ module RuboCop
 
       FROZEN_STRING_LITERAL = '# frozen_string_literal:'
       FROZEN_STRING_LITERAL_ENABLED = '# frozen_string_literal: true'
-      FROZEN_STRING_LITERAL_TYPES = %i[str dstr].freeze
+      FROZEN_STRING_LITERAL_TYPES_RUBY27 = %i[str dstr].freeze
+
+      private_constant :FROZEN_STRING_LITERAL_TYPES_RUBY27
 
       def frozen_string_literal_comment_exists?
         leading_comment_lines.any? { |line| MagicComment.parse(line).valid_literal_value? }
@@ -16,6 +18,26 @@ module RuboCop
 
       private
 
+      def frozen_string_literal?(node)
+        frozen_string = if target_ruby_version >= 3.0
+                          uninterpolated_string?(node) || frozen_heredoc?(node)
+                        else
+                          FROZEN_STRING_LITERAL_TYPES_RUBY27.include?(node.type)
+                        end
+
+        frozen_string && frozen_string_literals_enabled?
+      end
+
+      def uninterpolated_string?(node)
+        node.str_type? || (node.dstr_type? && node.each_descendant(:begin).none?)
+      end
+
+      def frozen_heredoc?(node)
+        return false unless node.dstr_type? && node.heredoc?
+
+        node.children.all?(&:str_type?)
+      end
+
       def frozen_string_literals_enabled?
         ruby_version = processed_source.ruby_version
         return false unless ruby_version

data/lib/rubocop/cop/mixin/heredoc.rb

@@ -21,9 +21,7 @@ module RuboCop
       private
 
       def indent_level(str)
-        indentations = str.lines
-                          .map { |line| line[/^\s*/] }
-                          .reject { |line| line.end_with?("\n") }
+        indentations = str.lines.map { |line| line[/^\s*/] }.reject { |line| line.end_with?("\n") }
         indentations.empty? ? 0 : indentations.min_by(&:size).size
       end
 

data/lib/rubocop/cop/mixin/multiline_expression_indentation.rb

@@ -134,7 +134,7 @@ module RuboCop
 
           next if a.setter_method?
           next unless kind == :with_or_without_parentheses ||
-                      kind == :with_parentheses && parentheses?(a)
+                      (kind == :with_parentheses && parentheses?(a))
 
           a.arguments.any? { |arg| within_node?(node, arg) }
         end
@@ -156,7 +156,7 @@ module RuboCop
 
       def disqualified_rhs?(candidate, ancestor)
         UNALIGNED_RHS_TYPES.include?(ancestor.type) ||
-          ancestor.block_type? && part_of_block_body?(candidate, ancestor)
+          (ancestor.block_type? && part_of_block_body?(candidate, ancestor))
       end
 
       def valid_rhs?(candidate, ancestor)

data/lib/rubocop/cop/mixin/ordered_gem_node.rb

@@ -35,7 +35,15 @@ module RuboCop
           previous: gem_name(current),
           current: gem_name(previous)
         )
-        add_offense(current, message: message)
+
+        add_offense(current, message: message) do |corrector|
+          OrderedGemCorrector.correct(
+            processed_source,
+            current,
+            previous_declaration(current),
+            treat_comments_as_separators
+          ).call(corrector)
+        end
       end
 
       def gem_name(declaration_node)

data/lib/rubocop/cop/mixin/percent_array.rb

@@ -36,7 +36,12 @@ module RuboCop
       def check_percent_array(node)
         array_style_detected(:percent, node.values.size)
 
-        return unless style == :brackets || invalid_percent_array_contents?(node)
+        brackets_required = invalid_percent_array_contents?(node)
+        return unless style == :brackets || brackets_required
+
+        # If in percent style but brackets are required due to
+        # string content, the file should be excluded in auto-gen-config
+        no_acceptable_style! if brackets_required
 
         bracketed_array = build_bracketed_array(node)
         message = format(self.class::ARRAY_MSG, prefer: bracketed_array)

data/lib/rubocop/cop/mixin/preceding_following_alignment.rb

@@ -93,7 +93,15 @@ module RuboCop
       end
 
       def aligned_assignment?(range, line)
-        range.source[-1] == '=' && line[range.last_column - 1] == '='
+        (range.source[-1] == '=' && line[range.last_column - 1] == '=') ||
+          aligned_with_append_operator?(range, line)
+      end
+
+      def aligned_with_append_operator?(range, line)
+        last_column = range.last_column
+
+        (range.source == '<<' && line[last_column - 1] == '=') ||
+          (range.source[-1] == '=' && line[(last_column - 2)..(last_column - 1)] == '<<')
       end
 
       def aligned_identical?(range, line)

data/lib/rubocop/cop/mixin/string_literals_help.rb

@@ -13,7 +13,11 @@ module RuboCop
         if style == :single_quotes
           !double_quotes_required?(src)
         else
-          !/" | \\[^'\\] | \#[@{$]/x.match?(src)
+          # The string needs single quotes if:
+          # 1. It contains a double quote
+          # 2. It contains text that would become an escape sequence with double quotes
+          # 3. It contains text that would become an interpolation with double quotes
+          !/" | (?<!\\)\\[abcefMnrtuUx0-7] | \#[@{$]/x.match?(src)
         end
       end
     end

data/lib/rubocop/cop/naming/ascii_identifiers.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-# rubocop:disable Style/AsciiComments
-
 module RuboCop
   module Cop
     module Naming
@@ -90,4 +88,3 @@ module RuboCop
     end
   end
 end
-# rubocop:enable Style/AsciiComments

data/lib/rubocop/cop/naming/block_parameter_name.rb

@@ -24,7 +24,7 @@ module RuboCop
       #   # With `AllowNamesEndingInNumbers` set to false
       #   foo { |num1, num2| num1 * num2 }
       #
-      #   # With `MinParamNameLength` set to number greater than 1
+      #   # With `MinNameLength` set to number greater than 1
       #   baz { |a, b, c| do_stuff(a, b, c) }
       #
       #   # good

data/lib/rubocop/cop/naming/constant_name.rb

@@ -54,7 +54,7 @@ module RuboCop
         private
 
         def allowed_assignment?(value)
-          value && %i[block const casgn].include?(value.type) ||
+          (value && %i[block const casgn].include?(value.type)) ||
             allowed_method_call_on_rhs?(value) ||
             class_or_struct_return_method?(value) ||
             allowed_conditional_expression_on_rhs?(value)

data/lib/rubocop/cop/naming/inclusive_language.rb

@@ -70,6 +70,8 @@ module RuboCop
         include RangeHelp
 
         EMPTY_ARRAY = [].freeze
+        MSG = "Consider replacing '%<term>s'%<suffix>s."
+        MSG_FOR_FILE_PATH = "Consider replacing '%<term>s' in file path%<suffix>s."
 
         WordLocation = Struct.new(:word, :position)
 
@@ -197,12 +199,11 @@ module RuboCop
         end
 
         def create_single_word_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
+          create_message(word, MSG_FOR_FILE_PATH)
         end
 
         def create_multiple_word_message_for_file(words)
-          quoted_words = words.map { |word| "'#{word}'" }
-          "Consider replacing problematic terms #{quoted_words.join(', ')} in file path."
+          format(MSG_FOR_FILE_PATH, term: words.join("', '"), suffix: ' with other terms')
         end
 
         def scan_for_words(input)
@@ -223,9 +224,12 @@ module RuboCop
           safe_str.gsub(@allowed_regex) { |match| '*' * match.size }
         end
 
-        def create_message(word)
+        def create_message(word, message = MSG)
           flagged_term = find_flagged_term(word)
-          "Consider replacing problematic term '#{word}'#{flagged_term['SuggestionString']}."
+          suggestions = flagged_term['SuggestionString']
+          suggestions = ' with another term' if suggestions.blank?
+
+          format(message, term: word, suffix: suggestions)
         end
 
         def find_flagged_term(word)
@@ -235,10 +239,6 @@ module RuboCop
           flagged_term
         end
 
-        def create_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
-        end
-
         def preprocess_suggestions(suggestions)
           return '' if suggestions.nil? ||
                        (suggestions.is_a?(String) && suggestions.strip.empty?) || suggestions.empty?

data/lib/rubocop/cop/naming/memoized_instance_variable_name.rb

@@ -14,6 +14,11 @@ module RuboCop
       # convention that is used to implicitly indicate that an ivar should not
       # be set or referenced outside of the memoization method.
       #
+      # @safety
+      #   This cop relies on the pattern `@instance_var ||= ...`,
+      #   but this is sometimes used for other purposes than memoization
+      #   so this cop is considered unsafe.
+      #
       # @example EnforcedStyleForLeadingUnderscores: disallowed (default)
       #   # bad
       #   # Method foo is memoized using an instance variable that is
@@ -139,10 +144,6 @@ module RuboCop
       #   define_method(:foo) do
       #     @_foo ||= calculate_expensive_thing
       #   end
-      #
-      # This cop relies on the pattern `@instance_var ||= ...`,
-      # but this is sometimes used for other purposes than memoization
-      # so this cop is considered unsafe.
       class MemoizedInstanceVariableName < Base
         include ConfigurableEnforcedStyle
 

data/lib/rubocop/cop/naming/rescued_exceptions_variable_name.rb

@@ -75,6 +75,9 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           return if preferred_name.to_sym == offending_name
 
+          # check variable shadowing for exception variable
+          return if shadowed_variable_name?(node)
+
           range = offense_range(node)
           message = message(node)
 
@@ -150,6 +153,10 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           format(MSG, preferred: preferred_name, bad: offending_name)
         end
+
+        def shadowed_variable_name?(node)
+          node.each_descendant(:lvar).any? { |n| n.children.first.to_s == preferred_name(n) }
+        end
       end
     end
   end

data/lib/rubocop/cop/security/io_methods.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`,
+      # `IO.foreach`, and `IO.readlines`.
+      #
+      # If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class,
+      # a subprocess is created in the same way as `Kernel#open`, and its output is returned.
+      # `Kernel#open` may allow unintentional command injection, which is the reason these
+      # `IO` methods are a security risk.
+      # Consider to use `File.read` to disable the behavior of subprocess invocation.
+      #
+      # @safety
+      #   This cop is unsafe because false positive will occur if the variable passed as
+      #   the first argument is a command that is not a file path.
+      #
+      # @example
+      #
+      #   # bad
+      #   IO.read(path)
+      #   IO.read('path')
+      #
+      #   # good
+      #   File.read(path)
+      #   File.read('path')
+      #   IO.read('| command') # Allow intentional command invocation.
+      #
+      class IoMethods < Base
+        extend AutoCorrector
+
+        MSG = '`File.%<method_name>s` is safer than `IO.%<method_name>s`.'
+        RESTRICT_ON_SEND = %i[read binread write binwrite foreach readlines].freeze
+
+        def on_send(node)
+          return unless (receiver = node.receiver) && receiver.source == 'IO'
+
+          argument = node.first_argument
+          return if argument.respond_to?(:value) && argument.value.strip.start_with?('|')
+
+          add_offense(node, message: format(MSG, method_name: node.method_name)) do |corrector|
+            corrector.replace(receiver, 'File')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/json_load.rb

@@ -6,13 +6,14 @@ module RuboCop
       # This cop checks for the use of JSON class methods which have potential
       # security issues.
       #
-      # Autocorrect is disabled by default because it's potentially dangerous.
-      # If using a stream, like `JSON.load(open('file'))`, it will need to call
-      # `#read` manually, like `JSON.parse(open('file').read)`.
-      # If reading single values (rather than proper JSON objects), like
-      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      # option, like `JSON.parse('false', quirks_mode: true)`.
-      # Other similar issues may apply.
+      # @safety
+      #   Autocorrect is disabled by default because it's potentially dangerous.
+      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   `#read` manually, like `JSON.parse(open('file').read)`.
+      #   If reading single values (rather than proper JSON objects), like
+      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      #   option, like `JSON.parse('false', quirks_mode: true)`.
+      #   Other similar issues may apply.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/security/open.rb

@@ -11,6 +11,10 @@ module RuboCop
       # the argument of `Kernel#open` and `URI.open`. It would be better to use
       # `File.open`, `IO.popen` or `URI.parse#open` explicitly.
       #
+      # @safety
+      #   This cop could register false positives if `open` is redefined
+      #   in a class and then used without a receiver in that class.
+      #
       # @example
       #   # bad
       #   open(something)

data/lib/rubocop/cop/security/yaml_load.rb

@@ -7,6 +7,10 @@ module RuboCop
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #
+      # @safety
+      #   The behaviour of the code might change depending on what was
+      #   in the YAML payload, since `YAML.safe_load` is more restrictive.
+      #
       # @example
       #   # bad
       #   YAML.load("--- foo")

data/lib/rubocop/cop/style/accessor_grouping.rb

@@ -59,8 +59,8 @@ module RuboCop
 
         def check(send_node)
           return if previous_line_comment?(send_node)
-          return unless grouped_style? && sibling_accessors(send_node).size > 1 ||
-                        separated_style? && send_node.arguments.size > 1
+          return unless (grouped_style? && sibling_accessors(send_node).size > 1) ||
+                        (separated_style? && send_node.arguments.size > 1)
 
           message = message(send_node)
           add_offense(send_node, message: message) do |corrector|

data/lib/rubocop/cop/style/and_or.rb

@@ -7,6 +7,11 @@ module RuboCop
       # `||` instead. It can be configured to check only in conditions or in
       # all contexts.
       #
+      # @safety
+      #   Auto-correction is unsafe because there is a different operator precedence
+      #   between logical operators (`&&` and `||`) and semantic operators (`and` and `or`),
+      #   and that might change the behaviour.
+      #
       # @example EnforcedStyle: always
       #   # bad
       #   foo.save and return

data/lib/rubocop/cop/style/arguments_forwarding.rb

@@ -30,6 +30,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       # @example AllowOnlyRestArgument: false
       #   # bad
       #   # The following code can replace the arguments with `...`,
@@ -38,6 +42,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       class ArgumentsForwarding < Base
         include RangeHelp
         extend AutoCorrector
@@ -49,12 +57,15 @@ module RuboCop
 
         # @!method use_rest_arguments?(node)
         def_node_matcher :use_rest_arguments?, <<~PATTERN
-          (args (restarg $_) $...)
+          (args ({restarg kwrestarg} $_) $...)
         PATTERN
 
         # @!method only_rest_arguments?(node, name)
         def_node_matcher :only_rest_arguments?, <<~PATTERN
-          (send _ _ (splat (lvar %1)))
+          {
+            (send _ _ (splat (lvar %1)))
+            (send _ _ (hash (kwsplat (lvar %1))))
+          }
         PATTERN
 
         # @!method forwarding_method_arguments?(node, rest_name, block_name, kwargs_name)