rubocop 1.20.0 → 1.22.2

data/lib/rubocop/cop/naming/constant_name.rb

@@ -54,7 +54,7 @@ module RuboCop
         private
 
         def allowed_assignment?(value)
-          value && %i[block const casgn].include?(value.type) ||
+          (value && %i[block const casgn].include?(value.type)) ||
             allowed_method_call_on_rhs?(value) ||
             class_or_struct_return_method?(value) ||
             allowed_conditional_expression_on_rhs?(value)

data/lib/rubocop/cop/naming/inclusive_language.rb

@@ -70,6 +70,8 @@ module RuboCop
         include RangeHelp
 
         EMPTY_ARRAY = [].freeze
+        MSG = "Consider replacing '%<term>s'%<suffix>s."
+        MSG_FOR_FILE_PATH = "Consider replacing '%<term>s' in file path%<suffix>s."
 
         WordLocation = Struct.new(:word, :position)
 
@@ -197,12 +199,11 @@ module RuboCop
         end
 
         def create_single_word_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
+          create_message(word, MSG_FOR_FILE_PATH)
         end
 
         def create_multiple_word_message_for_file(words)
-          quoted_words = words.map { |word| "'#{word}'" }
-          "Consider replacing problematic terms #{quoted_words.join(', ')} in file path."
+          format(MSG_FOR_FILE_PATH, term: words.join("', '"), suffix: ' with other terms')
         end
 
         def scan_for_words(input)
@@ -223,9 +224,12 @@ module RuboCop
           safe_str.gsub(@allowed_regex) { |match| '*' * match.size }
         end
 
-        def create_message(word)
+        def create_message(word, message = MSG)
           flagged_term = find_flagged_term(word)
-          "Consider replacing problematic term '#{word}'#{flagged_term['SuggestionString']}."
+          suggestions = flagged_term['SuggestionString']
+          suggestions = ' with another term' if suggestions.blank?
+
+          format(message, term: word, suffix: suggestions)
         end
 
         def find_flagged_term(word)
@@ -235,10 +239,6 @@ module RuboCop
           flagged_term
         end
 
-        def create_message_for_file(word)
-          create_message(word).sub(/\.$/, ' in file path.')
-        end
-
         def preprocess_suggestions(suggestions)
           return '' if suggestions.nil? ||
                        (suggestions.is_a?(String) && suggestions.strip.empty?) || suggestions.empty?

data/lib/rubocop/cop/naming/memoized_instance_variable_name.rb

@@ -14,6 +14,11 @@ module RuboCop
       # convention that is used to implicitly indicate that an ivar should not
       # be set or referenced outside of the memoization method.
       #
+      # @safety
+      #   This cop relies on the pattern `@instance_var ||= ...`,
+      #   but this is sometimes used for other purposes than memoization
+      #   so this cop is considered unsafe.
+      #
       # @example EnforcedStyleForLeadingUnderscores: disallowed (default)
       #   # bad
       #   # Method foo is memoized using an instance variable that is
@@ -139,10 +144,6 @@ module RuboCop
       #   define_method(:foo) do
       #     @_foo ||= calculate_expensive_thing
       #   end
-      #
-      # This cop relies on the pattern `@instance_var ||= ...`,
-      # but this is sometimes used for other purposes than memoization
-      # so this cop is considered unsafe.
       class MemoizedInstanceVariableName < Base
         include ConfigurableEnforcedStyle
 

data/lib/rubocop/cop/naming/rescued_exceptions_variable_name.rb

@@ -75,6 +75,9 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           return if preferred_name.to_sym == offending_name
 
+          # check variable shadowing for exception variable
+          return if shadowed_variable_name?(node)
+
           range = offense_range(node)
           message = message(node)
 
@@ -150,6 +153,10 @@ module RuboCop
           preferred_name = preferred_name(offending_name)
           format(MSG, preferred: preferred_name, bad: offending_name)
         end
+
+        def shadowed_variable_name?(node)
+          node.each_descendant(:lvar).any? { |n| n.children.first.to_s == preferred_name(n) }
+        end
       end
     end
   end

data/lib/rubocop/cop/security/io_methods.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Security
+      # Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`,
+      # `IO.foreach`, and `IO.readlines`.
+      #
+      # If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class,
+      # a subprocess is created in the same way as `Kernel#open`, and its output is returned.
+      # `Kernel#open` may allow unintentional command injection, which is the reason these
+      # `IO` methods are a security risk.
+      # Consider to use `File.read` to disable the behavior of subprocess invocation.
+      #
+      # @safety
+      #   This cop is unsafe because false positive will occur if the variable passed as
+      #   the first argument is a command that is not a file path.
+      #
+      # @example
+      #
+      #   # bad
+      #   IO.read(path)
+      #   IO.read('path')
+      #
+      #   # good
+      #   File.read(path)
+      #   File.read('path')
+      #   IO.read('| command') # Allow intentional command invocation.
+      #
+      class IoMethods < Base
+        extend AutoCorrector
+
+        MSG = '`File.%<method_name>s` is safer than `IO.%<method_name>s`.'
+        RESTRICT_ON_SEND = %i[read binread write binwrite foreach readlines].freeze
+
+        def on_send(node)
+          return unless (receiver = node.receiver) && receiver.source == 'IO'
+
+          argument = node.first_argument
+          return if argument.respond_to?(:value) && argument.value.strip.start_with?('|')
+
+          add_offense(node, message: format(MSG, method_name: node.method_name)) do |corrector|
+            corrector.replace(receiver, 'File')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/security/json_load.rb

@@ -6,13 +6,14 @@ module RuboCop
       # This cop checks for the use of JSON class methods which have potential
       # security issues.
       #
-      # Autocorrect is disabled by default because it's potentially dangerous.
-      # If using a stream, like `JSON.load(open('file'))`, it will need to call
-      # `#read` manually, like `JSON.parse(open('file').read)`.
-      # If reading single values (rather than proper JSON objects), like
-      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      # option, like `JSON.parse('false', quirks_mode: true)`.
-      # Other similar issues may apply.
+      # @safety
+      #   This cop's autocorrection is unsafe because it's potentially dangerous.
+      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   `#read` manually, like `JSON.parse(open('file').read)`.
+      #   If reading single values (rather than proper JSON objects), like
+      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      #   option, like `JSON.parse('false', quirks_mode: true)`.
+      #   Other similar issues may apply.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/security/open.rb

@@ -11,6 +11,10 @@ module RuboCop
       # the argument of `Kernel#open` and `URI.open`. It would be better to use
       # `File.open`, `IO.popen` or `URI.parse#open` explicitly.
       #
+      # @safety
+      #   This cop could register false positives if `open` is redefined
+      #   in a class and then used without a receiver in that class.
+      #
       # @example
       #   # bad
       #   open(something)

data/lib/rubocop/cop/security/yaml_load.rb

@@ -7,6 +7,10 @@ module RuboCop
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #
+      # @safety
+      #   The behaviour of the code might change depending on what was
+      #   in the YAML payload, since `YAML.safe_load` is more restrictive.
+      #
       # @example
       #   # bad
       #   YAML.load("--- foo")

data/lib/rubocop/cop/style/accessor_grouping.rb

@@ -59,8 +59,8 @@ module RuboCop
 
         def check(send_node)
           return if previous_line_comment?(send_node)
-          return unless grouped_style? && sibling_accessors(send_node).size > 1 ||
-                        separated_style? && send_node.arguments.size > 1
+          return unless (grouped_style? && sibling_accessors(send_node).size > 1) ||
+                        (separated_style? && send_node.arguments.size > 1)
 
           message = message(send_node)
           add_offense(send_node, message: message) do |corrector|

data/lib/rubocop/cop/style/and_or.rb

@@ -7,6 +7,11 @@ module RuboCop
       # `||` instead. It can be configured to check only in conditions or in
       # all contexts.
       #
+      # @safety
+      #   Auto-correction is unsafe because there is a different operator precedence
+      #   between logical operators (`&&` and `||`) and semantic operators (`and` and `or`),
+      #   and that might change the behaviour.
+      #
       # @example EnforcedStyle: always
       #   # bad
       #   foo.save and return

data/lib/rubocop/cop/style/arguments_forwarding.rb

@@ -30,6 +30,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       # @example AllowOnlyRestArgument: false
       #   # bad
       #   # The following code can replace the arguments with `...`,
@@ -38,6 +42,10 @@ module RuboCop
       #     bar(*args)
       #   end
       #
+      #   def foo(**kwargs)
+      #     bar(**kwargs)
+      #   end
+      #
       class ArgumentsForwarding < Base
         include RangeHelp
         extend AutoCorrector
@@ -49,12 +57,15 @@ module RuboCop
 
         # @!method use_rest_arguments?(node)
         def_node_matcher :use_rest_arguments?, <<~PATTERN
-          (args (restarg $_) $...)
+          (args ({restarg kwrestarg} $_) $...)
         PATTERN
 
         # @!method only_rest_arguments?(node, name)
         def_node_matcher :only_rest_arguments?, <<~PATTERN
-          (send _ _ (splat (lvar %1)))
+          {
+            (send _ _ (splat (lvar %1)))
+            (send _ _ (hash (kwsplat (lvar %1))))
+          }
         PATTERN
 
         # @!method forwarding_method_arguments?(node, rest_name, block_name, kwargs_name)

data/lib/rubocop/cop/style/array_coercion.rb

@@ -5,9 +5,27 @@ module RuboCop
     module Style
       # This cop enforces the use of `Array()` instead of explicit `Array` check or `[*var]`.
       #
-      # This cop is disabled by default because false positive will occur if
-      # the argument of `Array()` is not an array (e.g. Hash, Set),
-      # an array will be returned as an incompatibility result.
+      # The cop is disabled by default due to safety concerns.
+      #
+      # @safety
+      #   This cop is unsafe because a false positive may occur if
+      #   the argument of `Array()` is (or could be) nil or depending
+      #   on how the argument is handled by `Array()` (which can be
+      #   different than just wrapping the argument in an array).
+      #
+      #   For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   [nil]             #=> [nil]
+      #   Array(nil)        #=> []
+      #
+      #   [{a: 'b'}]        #= [{a: 'b'}]
+      #   Array({a: 'b'})   #=> [[:a, 'b']]
+      #
+      #   [Time.now]        #=> [#<Time ...>]
+      #   Array(Time.now)   #=> [14, 16, 14, 16, 9, 2021, 4, 259, true, "EDT"]
+      #   ----
       #
       # @example
       #   # bad

data/lib/rubocop/cop/style/ascii_comments.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-# rubocop:disable Style/AsciiComments
-
 module RuboCop
   module Cop
     module Style
@@ -57,4 +55,3 @@ module RuboCop
     end
   end
 end
-# rubocop:enable Style/AsciiComments

data/lib/rubocop/cop/style/case_equality.rb

@@ -5,9 +5,11 @@ module RuboCop
     module Style
       # This cop checks for uses of the case equality operator(===).
       #
+      # If `AllowOnConstant` option is enabled, the cop will ignore violations when the receiver of
+      # the case equality operator is a constant.
+      #
       # @example
       #   # bad
-      #   Array === something
       #   (1..100) === 7
       #   /something/ === some_string
       #
@@ -16,18 +18,13 @@ module RuboCop
       #   (1..100).include?(7)
       #   /something/.match?(some_string)
       #
-      # @example AllowOnConstant
-      #   # Style/CaseEquality:
-      #   #   AllowOnConstant: true
-      #
+      # @example AllowOnConstant: false (default)
       #   # bad
-      #   (1..100) === 7
-      #   /something/ === some_string
+      #   Array === something
       #
+      # @example AllowOnConstant: true
       #   # good
       #   Array === something
-      #   (1..100).include?(7)
-      #   /something/.match?(some_string)
       #
       class CaseEquality < Base
         extend AutoCorrector

data/lib/rubocop/cop/style/case_like_if.rb

@@ -6,6 +6,11 @@ module RuboCop
       # This cop identifies places where `if-elsif` constructions
       # can be replaced with `case-when`.
       #
+      # @safety
+      #   This cop is unsafe. `case` statements use `===` for equality,
+      #   so if the original conditional used a different equality operator, the
+      #   behaviour may be different.
+      #
       # @example
       #   # bad
       #   if status == :active

data/lib/rubocop/cop/style/class_and_module_children.rb

@@ -6,6 +6,15 @@ module RuboCop
       # This cop checks the style of children definitions at classes and
       # modules. Basically there are two different styles:
       #
+      # @safety
+      #   Autocorrection is unsafe.
+      #
+      #   Moving from compact to nested children requires knowledge of whether the
+      #   outer parent is a module or a class. Moving from nested to compact requires
+      #   verification that the outer parent is defined elsewhere. Rubocop does not
+      #   have the knowledge to perform either operation safely and thus requires
+      #   manual oversight.
+      #
       # @example EnforcedStyle: nested (default)
       #   # good
       #   # have each child on its own line

data/lib/rubocop/cop/style/collection_compact.rb

@@ -6,11 +6,13 @@ module RuboCop
       # This cop checks for places where custom logic on rejection nils from arrays
       # and hashes can be replaced with `{Array,Hash}#{compact,compact!}`.
       #
-      # It is marked as unsafe by default because false positives may occur in the
-      # nil check of block arguments to the receiver object.
-      # For example, `[[1, 2], [3, nil]].reject { |first, second| second.nil? }`
-      # and `[[1, 2], [3, nil]].compact` are not compatible. This will work fine
-      # when the receiver is a hash object.
+      # @safety
+      #   It is unsafe by default because false positives may occur in the
+      #   `nil` check of block arguments to the receiver object.
+      #
+      #   For example, `[[1, 2], [3, nil]].reject { |first, second| second.nil? }`
+      #   and `[[1, 2], [3, nil]].compact` are not compatible. This will work fine
+      #   when the receiver is a hash object.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/style/collection_methods.rb

@@ -6,10 +6,6 @@ module RuboCop
       # This cop enforces the use of consistent method names
       # from the Enumerable module.
       #
-      # Unfortunately we cannot actually know if a method is from
-      # Enumerable or not (static analysis limitation), so this cop
-      # can yield some false positives.
-      #
       # You can customize the mapping from undesired method to desired method.
       #
       # e.g. to use `detect` over `find`:
@@ -18,9 +14,14 @@ module RuboCop
       #     PreferredMethods:
       #       find: detect
       #
-      # The default mapping for `PreferredMethods` behaves as follows.
+      # @safety
+      #   This cop is unsafe because it finds methods by name, without actually
+      #   being able to determine if the receiver is an Enumerable or not, so
+      #   this cop may register false positives.
       #
       # @example
+      #   # These examples are based on the default mapping for `PreferredMethods`.
+      #
       #   # bad
       #   items.collect
       #   items.collect!
@@ -68,7 +69,8 @@ module RuboCop
           return false unless node.arguments.any?
 
           node.last_argument.block_pass_type? ||
-            node.last_argument.sym_type? && methods_accepting_symbol.include?(node.method_name.to_s)
+            (node.last_argument.sym_type? &&
+            methods_accepting_symbol.include?(node.method_name.to_s))
         end
 
         def message(node)

data/lib/rubocop/cop/style/combinable_loops.rb

@@ -7,8 +7,9 @@ module RuboCop
       # can be combined into a single loop. It is very likely that combining them
       # will make the code more efficient and more concise.
       #
-      # It is marked as unsafe, because the first loop might modify
-      # a state that the second loop depends on; these two aren't combinable.
+      # @safety
+      #   The cop is unsafe, because the first loop might modify state that the
+      #   second loop depends on; these two aren't combinable.
       #
       # @example
       #   # bad

data/lib/rubocop/cop/style/commented_keyword.rb

@@ -12,7 +12,10 @@ module RuboCop
       #
       # Auto-correction removes comments from `end` keyword and keeps comments
       # for `class`, `module`, `def` and `begin` above the keyword.
-      # It is marked as unsafe auto-correction as it may remove meaningful comments.
+      #
+      # @safety
+      #   Auto-correction is unsafe because it may remove a comment that is
+      #   meaningful.
       #
       # @example
       #   # bad
@@ -49,9 +52,11 @@ module RuboCop
         ALLOWED_COMMENTS = %w[:nodoc: :yields: rubocop:disable rubocop:todo].freeze
         ALLOWED_COMMENT_REGEXES = ALLOWED_COMMENTS.map { |c| /#\s*#{c}/ }.freeze
 
+        REGEXP = /(?<keyword>\S+).*#/.freeze
+
         def on_new_investigation
           processed_source.comments.each do |comment|
-            next unless offensive?(comment) && (match = line(comment).match(/(?<keyword>\S+).*#/))
+            next unless offensive?(comment) && (match = source_line(comment).match(REGEXP))
 
             register_offense(comment, match[:keyword])
           end
@@ -73,12 +78,12 @@ module RuboCop
         end
 
         def offensive?(comment)
-          line = line(comment)
+          line = source_line(comment)
           KEYWORD_REGEXES.any? { |r| r.match?(line) } &&
             ALLOWED_COMMENT_REGEXES.none? { |r| r.match?(line) }
         end
 
-        def line(comment)
+        def source_line(comment)
           comment.location.expression.source_line
         end
       end

data/lib/rubocop/cop/style/date_time.rb

@@ -9,6 +9,11 @@ module RuboCop
       # replaceable in certain situations when dealing with multiple timezones
       # and/or DST.
       #
+      # @safety
+      #   Autocorrection is not safe, because `DateTime` and `Time` do not have
+      #   exactly the same behaviour, although in most cases the autocorrection
+      #   will be fine.
+      #
       # @example
       #
       #   # bad - uses `DateTime` for current time

data/lib/rubocop/cop/style/document_dynamic_eval_definition.rb

@@ -86,7 +86,7 @@ module RuboCop
 
           return unless arg_node&.dstr_type? && interpolated?(arg_node)
           return if inline_comment_docs?(arg_node) ||
-                    arg_node.heredoc? && comment_block_docs?(arg_node)
+                    (arg_node.heredoc? && comment_block_docs?(arg_node))
 
           add_offense(node.loc.selector)
         end

data/lib/rubocop/cop/style/documentation.rb

@@ -71,8 +71,9 @@ module RuboCop
       #
       class Documentation < Base
         include DocumentationComment
+        include RangeHelp
 
-        MSG = 'Missing top-level %<type>s documentation comment.'
+        MSG = 'Missing top-level documentation comment for `%<type>s %<identifier>s`.'
 
         # @!method constant_definition?(node)
         def_node_matcher :constant_definition?, '{class module casgn}'
@@ -88,33 +89,35 @@ module RuboCop
         def on_class(node)
           return unless node.body
 
-          check(node, node.body, :class)
+          check(node, node.body)
         end
 
         def on_module(node)
-          check(node, node.body, :module)
+          check(node, node.body)
         end
 
         private
 
-        def check(node, body, type)
+        def check(node, body)
           return if namespace?(body)
           return if documentation_comment?(node)
           return if constant_allowed?(node)
           return if nodoc_self_or_outer_module?(node)
           return if macro_only?(body)
 
-          add_offense(node.loc.keyword, message: format(MSG, type: type))
+          range = range_between(node.loc.expression.begin_pos, node.loc.name.end_pos)
+          message = format(MSG, type: node.type, identifier: identifier(node))
+          add_offense(range, message: message)
         end
 
         def nodoc_self_or_outer_module?(node)
           nodoc_comment?(node) ||
-            compact_namespace?(node) && nodoc_comment?(outer_module(node).first)
+            (compact_namespace?(node) && nodoc_comment?(outer_module(node).first))
         end
 
         def macro_only?(body)
-          body.respond_to?(:macro?) && body.macro? ||
-            body.respond_to?(:children) && body.children&.all? { |child| macro_only?(child) }
+          (body.respond_to?(:macro?) && body.macro?) ||
+            (body.respond_to?(:children) && body.children&.all? { |child| macro_only?(child) })
         end
 
         def namespace?(node)
@@ -165,6 +168,18 @@ module RuboCop
         def allowed_constants
           @allowed_constants ||= cop_config.fetch('AllowedConstants', []).map(&:intern)
         end
+
+        def identifier(node)
+          # Get the fully qualified identifier for a class/module
+          nodes = [node, *node.each_ancestor(:class, :module)]
+          nodes.reverse_each.flat_map { |n| qualify_const(n.identifier) }.join('::')
+        end
+
+        def qualify_const(node)
+          return if node.nil?
+
+          [qualify_const(node.namespace), node.short_name].compact
+        end
       end
     end
   end

data/lib/rubocop/cop/style/double_negation.rb

@@ -9,6 +9,21 @@ module RuboCop
       # that use boolean as a return value. When using `EnforcedStyle: forbidden`, double negation
       # should be forbidden always.
       #
+      # NOTE: when `something` is a boolean value
+      # `!!something` and `!something.nil?` are not the same thing.
+      # As you're unlikely to write code that can accept values of any type
+      # this is rarely a problem in practice.
+      #
+      # @safety
+      #   Autocorrection is unsafe when the value is `false`, because the result
+      #   of the expression will change.
+      #
+      #   [source,ruby]
+      #   ----
+      #   !!false     #=> false
+      #   !false.nil? #=> true
+      #   ----
+      #
       # @example
       #   # bad
       #   !!something
@@ -27,11 +42,6 @@ module RuboCop
       #   def foo?
       #     !!return_value
       #   end
-      #
-      # Please, note that when something is a boolean value
-      # !!something and !something.nil? are not the same thing.
-      # As you're unlikely to write code that can accept values of any type
-      # this is rarely a problem in practice.
       class DoubleNegation < Base
         include ConfigurableEnforcedStyle
         extend AutoCorrector

data/lib/rubocop/cop/style/empty_method.rb

@@ -62,7 +62,7 @@ module RuboCop
         end
 
         def correct_style?(node)
-          compact_style? && compact?(node) || expanded_style? && expanded?(node)
+          (compact_style? && compact?(node)) || (expanded_style? && expanded?(node))
         end
 
         def corrected(node)