rubocop 1.79.2 → 1.81.7

data/lib/rubocop/cop/lint/duplicate_regexp_character_class_element.rb

@@ -24,8 +24,6 @@ module RuboCop
 
         MSG_REPEATED_ELEMENT = 'Duplicate element inside regexp character class'
 
-        OCTAL_DIGITS_AFTER_ESCAPE = 2
-
         def on_regexp(node)
           each_repeated_character_class_element_loc(node) do |loc|
             add_offense(loc, message: MSG_REPEATED_ELEMENT) do |corrector|
@@ -40,9 +38,9 @@ module RuboCop
 
             seen = Set.new
             group_expressions(node, expr.expressions) do |group|
-              group_source = group.map(&:to_s).join
+              group_source = group.to_s
 
-              yield source_range(group) if seen.include?(group_source)
+              yield group.expression if seen.include?(group_source)
 
               seen << group_source
             end
@@ -52,40 +50,13 @@ module RuboCop
         private
 
         def group_expressions(node, expressions)
-          # Create a mutable list to simplify state tracking while we iterate.
-          expressions = expressions.to_a
-
-          until expressions.empty?
-            # With we may need to compose a group of multiple expressions.
-            group = [expressions.shift]
-            next if within_interpolation?(node, group.first)
-
-            # With regexp_parser < 2.7 escaped octal sequences may be up to 3
-            # separate expressions ("\\0", "0", "1").
-            pop_octal_digits(group, expressions) if escaped_octal?(group.first.to_s)
-
-            yield(group)
-          end
-        end
-
-        def pop_octal_digits(current_child, expressions)
-          OCTAL_DIGITS_AFTER_ESCAPE.times do
-            next_child = expressions.first
-            break unless octal?(next_child.to_s)
+          expressions.each do |expression|
+            next if within_interpolation?(node, expression)
 
-            current_child << expressions.shift
+            yield(expression)
           end
         end
 
-        def source_range(children)
-          return children.first.expression if children.size == 1
-
-          range_between(
-            children.first.expression.begin_pos,
-            children.last.expression.begin_pos + children.last.to_s.length
-          )
-        end
-
         def skip_expression?(expr)
           expr.type != :set || expr.token == :intersection
         end
@@ -99,14 +70,6 @@ module RuboCop
           interpolation_locs(node).any? { |il| il.overlaps?(parse_tree_child_loc) }
         end
 
-        def escaped_octal?(string)
-          string.length == 2 && string[0] == '\\' && octal?(string[1])
-        end
-
-        def octal?(char)
-          ('0'..'7').cover?(char)
-        end
-
         def interpolation_locs(node)
           @interpolation_locs ||= {}
 

data/lib/rubocop/cop/lint/empty_interpolation.rb

@@ -19,12 +19,23 @@ module RuboCop
         MSG = 'Empty interpolation detected.'
 
         def on_interpolation(begin_node)
+          return if in_percent_literal_array?(begin_node)
+
           node_children = begin_node.children.dup
           node_children.delete_if { |e| e.nil_type? || (e.basic_literal? && e.str_content&.empty?) }
           return unless node_children.empty?
 
           add_offense(begin_node) { |corrector| corrector.remove(begin_node) }
         end
+
+        private
+
+        def in_percent_literal_array?(begin_node)
+          array_node = begin_node.each_ancestor(:array).first
+          return false unless array_node
+
+          array_node.percent_literal?
+        end
       end
     end
   end

data/lib/rubocop/cop/lint/missing_cop_enable_directive.rb

@@ -9,9 +9,21 @@ module RuboCop
       # cop disables on wide ranges of code, that latter contributors to
       # a file wouldn't be aware of.
       #
-      # @example
-      #   # Lint/MissingCopEnableDirective:
-      #   #   MaximumRangeSize: .inf
+      # You can set `MaximumRangeSize` to define the maximum number of
+      # consecutive lines a cop can be disabled for.
+      #
+      # - `.inf` any size (default)
+      # - `0` allows only single-line disables
+      # - `1` means the maximum allowed is as follows:
+      #
+      # [source,ruby]
+      # ----
+      # # rubocop:disable SomeCop
+      # a = 1
+      # # rubocop:enable SomeCop
+      # ----
+      #
+      # @example MaximumRangeSize: .inf (default)
       #
       #   # good
       #   # rubocop:disable Layout/SpaceAroundOperators
@@ -25,9 +37,7 @@ module RuboCop
       #   x= 0
       #   # EOF
       #
-      # @example
-      #   # Lint/MissingCopEnableDirective:
-      #   #   MaximumRangeSize: 2
+      # @example MaximumRangeSize: 2
       #
       #   # good
       #   # rubocop:disable Layout/SpaceAroundOperators
@@ -52,10 +62,9 @@ module RuboCop
           each_missing_enable do |cop, line_range|
             next if acceptable_range?(cop, line_range)
 
-            range = source_range(processed_source.buffer, line_range.min, 0..0)
             comment = processed_source.comment_at_line(line_range.begin)
 
-            add_offense(range, message: message(cop, comment))
+            add_offense(comment, message: message(cop, comment))
           end
         end
 

data/lib/rubocop/cop/lint/rescue_exception.rb

@@ -24,10 +24,7 @@ module RuboCop
         MSG = 'Avoid rescuing the `Exception` class. Perhaps you meant to rescue `StandardError`?'
 
         def on_resbody(node)
-          return unless node.children.first
-
-          rescue_args = node.children.first.children
-          return unless rescue_args.any? { |a| targets_exception?(a) }
+          return unless node.exceptions.any? { |exception| targets_exception?(exception) }
 
           add_offense(node)
         end

data/lib/rubocop/cop/lint/self_assignment.rb

@@ -45,7 +45,7 @@ module RuboCop
           return if allow_rbs_inline_annotation? && rbs_inline_annotation?(node.receiver)
 
           if node.method?(:[]=)
-            handle_key_assignment(node) if node.arguments.size == 2
+            handle_key_assignment(node)
           elsif node.assignment_method?
             handle_attribute_assignment(node) if node.arguments.size == 1
           end
@@ -105,12 +105,13 @@ module RuboCop
         end
 
         def handle_key_assignment(node)
-          value_node = node.arguments[1]
+          value_node = node.last_argument
+          node_arguments = node.arguments[0...-1]
 
-          if value_node.send_type? && value_node.method?(:[]) &&
+          if value_node.respond_to?(:method?) && value_node.method?(:[]) &&
              node.receiver == value_node.receiver &&
-             !node.first_argument.call_type? &&
-             node.first_argument == value_node.first_argument
+             node_arguments.none?(&:call_type?) &&
+             node_arguments == value_node.arguments
             add_offense(node)
           end
         end

data/lib/rubocop/cop/lint/shadowed_argument.rb

@@ -125,13 +125,13 @@ module RuboCop
             next false if assignment_node.shorthand_asgn?
             next false unless assignment_node.parent
 
-            node_within_block_or_conditional =
-              node_within_block_or_conditional?(assignment_node.parent, argument.scope.node)
+            conditional_assignment =
+              conditional_assignment?(assignment_node.parent, argument.scope.node)
 
             unless uses_var?(assignment_node, argument.name)
               # It's impossible to decide whether a branch or block is executed,
               # so the precise reassignment location is undecidable.
-              next false if node_within_block_or_conditional
+              next false if conditional_assignment
 
               yield(assignment.node, location_known)
               break
@@ -147,13 +147,13 @@ module RuboCop
           node.source_range.begin_pos
         end
 
-        # Check whether the given node is nested into block or conditional.
+        # Check whether the given node is always executed or not
         #
-        def node_within_block_or_conditional?(node, stop_search_node)
+        def conditional_assignment?(node, stop_search_node)
           return false if node == stop_search_node
 
-          node.conditional? || node.block_type? ||
-            node_within_block_or_conditional?(node.parent, stop_search_node)
+          node.conditional? || node.type?(:block, :rescue) ||
+            conditional_assignment?(node.parent, stop_search_node)
         end
 
         # Get argument references without assignments' references

data/lib/rubocop/cop/lint/uri_escape_unescape.rb

@@ -17,6 +17,7 @@ module RuboCop
       #
       #   # good
       #   CGI.escape('http://example.com')
+      #   URI.encode_uri_component(uri) # Since Ruby 3.1
       #   URI.encode_www_form([['example', 'param'], ['lang', 'en']])
       #   URI.encode_www_form(page: 10, locale: 'en')
       #   URI.encode_www_form_component('http://example.com')
@@ -27,6 +28,7 @@ module RuboCop
       #
       #   # good
       #   CGI.unescape(enc_uri)
+      #   URI.decode_uri_component(uri) # Since Ruby 3.1
       #   URI.decode_www_form(enc_uri)
       #   URI.decode_www_form_component(enc_uri)
       class UriEscapeUnescape < Base

data/lib/rubocop/cop/lint/void.rb

@@ -16,6 +16,12 @@ module RuboCop
       # enumerator.each { |item| item >= 2 } #=> [2, 3]
       # ----
       #
+      # NOTE: Return values in assignment method definitions such as `def foo=(arg)` are
+      # detected because they are in a void context. However, autocorrection does not remove
+      # the return value, as that would change behavior. In such cases, whether to remove
+      # the return value or rename the method to something more appropriate should be left to
+      # the user.
+      #
       # @example CheckForMethodsWithNoSideEffects: false (default)
       #   # bad
       #   def some_method
@@ -233,6 +239,7 @@ module RuboCop
 
         def autocorrect_void_expression(corrector, node)
           return if node.parent.if_type?
+          return if (def_node = node.each_ancestor(:any_def).first) && def_node.assignment_method?
 
           corrector.remove(range_with_surrounding_space(range: node.source_range, side: :left))
         end

data/lib/rubocop/cop/message_annotator.rb

@@ -102,7 +102,7 @@ module RuboCop
       def reference_urls
         urls = cop_config
                .values_at('References', 'Reference') # Support legacy Reference key
-               .flat_map { Array(_1) }
+               .flat_map { |url| Array(url) }
                .reject(&:empty?)
 
         urls unless urls.empty?

data/lib/rubocop/cop/mixin/check_line_breakable.rb

@@ -227,7 +227,7 @@ module RuboCop
 
       def chained_to_heredoc?(node)
         while (node = node.receiver)
-          return true if node.type?(:str, :dstr, :xstr) && node.heredoc?
+          return true if node.any_str_type? && node.heredoc?
         end
 
         false

data/lib/rubocop/cop/mixin/end_keyword_alignment.rb

@@ -19,8 +19,7 @@ module RuboCop
       def check_end_kw_alignment(node, align_ranges)
         return if ignored_node?(node)
 
-        end_loc = node.loc.end
-        return if accept_end_kw_alignment?(end_loc)
+        return unless (end_loc = node.loc.end)
 
         matching = matching_ranges(end_loc, align_ranges)
 
@@ -57,11 +56,6 @@ module RuboCop
         add_offense(end_loc, message: msg) { |corrector| autocorrect(corrector, node) }
       end
 
-      def accept_end_kw_alignment?(end_loc)
-        end_loc.nil? || # Discard modifier forms of if/while/until.
-          !/\A[ \t]*end/.match?(processed_source.lines[end_loc.line - 1])
-      end
-
       def style_parameter_name
         'EnforcedStyleAlignWith'
       end

data/lib/rubocop/cop/mixin/trailing_comma.rb

@@ -140,7 +140,7 @@ module RuboCop
       end
 
       def last_item_precedes_newline?(node)
-        after_last_item = node.children.last.source_range.end.join(node.loc.end.begin)
+        after_last_item = node.children.last.source_range.end.join(node.source_range.end)
 
         after_last_item.source.start_with?(/,?\s*(#.*)?\n/)
       end

data/lib/rubocop/cop/naming/method_name.rb

@@ -147,7 +147,9 @@ module RuboCop
         alias on_defs on_def
 
         def on_alias(node)
-          handle_method_name(node.new_identifier, node.new_identifier.value)
+          return unless (new_identifier = node.new_identifier).sym_type?
+
+          handle_method_name(new_identifier, new_identifier.value)
         end
 
         private
@@ -198,7 +200,7 @@ module RuboCop
 
           if forbidden_name?(name.to_s)
             register_forbidden_name(node)
-          elsif !OPERATOR_METHODS.include?(name)
+          elsif !OPERATOR_METHODS.include?(name.to_sym)
             check_name(node, name, range_position(node))
           end
         end

data/lib/rubocop/cop/naming/predicate_method.rb

@@ -14,7 +14,7 @@ module RuboCop
       # method calls are assumed to return boolean values. The cop does not make an assessment
       # if the return type is unknown (non-predicate method calls, variables, etc.).
       #
-      # NOTE: Operator methods (`def ==`, etc.) are ignored.
+      # NOTE: The `initialize` method and operator methods (`def ==`, etc.) are ignored.
       #
       # By default, the cop runs in `conservative` mode, which allows a method to be named
       # with a question mark as long as at least one return value is boolean. In `aggressive`
@@ -113,6 +113,18 @@ module RuboCop
       #     true
       #   end
       #
+      # @example AllowedMethods: [call] (default)
+      #   # good
+      #   def call
+      #     foo == bar
+      #   end
+      #
+      # @example AllowedPatterns: [\Afoo]
+      #   # good
+      #   def foo?
+      #     'foo'
+      #   end
+      #
       # @example AllowBangMethods: false (default)
       #   # bad
       #   def save!
@@ -149,7 +161,8 @@ module RuboCop
         private
 
         def allowed?(node)
-          allowed_method?(node.method_name) ||
+          node.method?(:initialize) ||
+            allowed_method?(node.method_name) ||
             matches_allowed_pattern?(node.method_name) ||
             allowed_bang_method?(node) ||
             node.operator_method? ||
@@ -180,8 +193,7 @@ module RuboCop
             return_values << extract_return_value(return_node)
           end
 
-          last_value = last_value(node)
-          return_values << last_value if last_value
+          return_values << last_value(node)
 
           process_return_values(return_values)
         end
@@ -234,8 +246,9 @@ module RuboCop
         end
 
         def last_value(node)
-          value = node.begin_type? ? node.children.last : node
-          value&.return_type? ? extract_return_value(value) : value
+          value = node.begin_type? ? node.children.last || s(:nil) : node
+
+          value.return_type? ? extract_return_value(value) : value
         end
 
         def process_return_values(return_values)

data/lib/rubocop/cop/security/json_load.rb

@@ -6,22 +6,40 @@ module RuboCop
       # Checks for the use of JSON class methods which have potential
       # security issues.
       #
+      # `JSON.load` and similar methods allow deserialization of arbitrary ruby objects:
+      #
+      # [source,ruby]
+      # ----
+      # require 'json/add/string'
+      # result = JSON.load('{ "json_class": "String", "raw": [72, 101, 108, 108, 111] }')
+      # pp result # => "Hello"
+      # ----
+      #
+      # Never use `JSON.load` for untrusted user input. Prefer `JSON.parse` unless you have
+      # a concrete use-case for `JSON.load`.
+      #
+      # NOTE: Starting with `json` gem version 2.8.0, triggering this behavior without explicitly
+      # passing the `create_additions` keyword argument emits a deprecation warning, with the
+      # goal of being secure by default in the next major version 3.0.0.
+      #
       # @safety
       #   This cop's autocorrection is unsafe because it's potentially dangerous.
-      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   If using a stream, like `JSON.load(open('file'))`, you will need to call
       #   `#read` manually, like `JSON.parse(open('file').read)`.
-      #   If reading single values (rather than proper JSON objects), like
-      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      #   option, like `JSON.parse('false', quirks_mode: true)`.
       #   Other similar issues may apply.
       #
       # @example
       #   # bad
-      #   JSON.load("{}")
-      #   JSON.restore("{}")
+      #   JSON.load('{}')
+      #   JSON.restore('{}')
       #
       #   # good
-      #   JSON.parse("{}")
+      #   JSON.parse('{}')
+      #   JSON.unsafe_load('{}')
+      #
+      #   # good - explicit use of `create_additions` option
+      #   JSON.load('{}', create_additions: true)
+      #   JSON.load('{}', create_additions: false)
       #
       class JSONLoad < Base
         extend AutoCorrector
@@ -29,13 +47,17 @@ module RuboCop
         MSG = 'Prefer `JSON.parse` over `JSON.%<method>s`.'
         RESTRICT_ON_SEND = %i[load restore].freeze
 
-        # @!method json_load(node)
-        def_node_matcher :json_load, <<~PATTERN
-          (send (const {nil? cbase} :JSON) ${:load :restore} ...)
+        # @!method insecure_json_load(node)
+        def_node_matcher :insecure_json_load, <<~PATTERN
+          (
+            send (const {nil? cbase} :JSON) ${:load :restore}
+            ...
+            !(hash `(sym $:create_additions))
+          )
         PATTERN
 
         def on_send(node)
-          json_load(node) do |method|
+          insecure_json_load(node) do |method|
             add_offense(node.loc.selector, message: format(MSG, method: method)) do |corrector|
               corrector.replace(node.loc.selector, 'parse')
             end

data/lib/rubocop/cop/style/array_intersect.rb

@@ -10,6 +10,8 @@ module RuboCop
       # * `(array1 & array2).any?`
       # * `(array1.intersection(array2)).any?`
       # * `array1.any? { |elem| array2.member?(elem) }`
+      # * `(array1 & array2).count > 0`
+      # * `(array1 & array2).size > 0`
       #
       # can be replaced with `array1.intersect?(array2)`.
       #
@@ -51,6 +53,19 @@ module RuboCop
       #   array1.intersect?(array2)
       #   !array1.intersect?(array2)
       #
+      #   # bad
+      #   (array1 & array2).count > 0
+      #   (array1 & array2).count.positive?
+      #   (array1 & array2).count != 0
+      #
+      #   (array1 & array2).count == 0
+      #   (array1 & array2).count.zero?
+      #
+      #   # good
+      #   array1.intersect?(array2)
+      #
+      #   !array1.intersect?(array2)
+      #
       # @example AllCops:ActiveSupportExtensionsEnabled: false (default)
       #   # good
       #   (array1 & array2).present?
@@ -73,17 +88,33 @@ module RuboCop
         PREDICATES = %i[any? empty? none?].to_set.freeze
         ACTIVE_SUPPORT_PREDICATES = (PREDICATES + %i[present? blank?]).freeze
 
+        ARRAY_SIZE_METHODS = %i[count length size].to_set.freeze
+
         # @!method bad_intersection_check?(node, predicates)
         def_node_matcher :bad_intersection_check?, <<~PATTERN
-          (call
+          $(call
             {
               (begin (send $_ :& $_))
-              (call $_ :intersection $_)
+              (call $!nil? :intersection $_)
             }
             $%1
           )
         PATTERN
 
+        # @!method intersection_size_check?(node, predicates)
+        def_node_matcher :intersection_size_check?, <<~PATTERN
+          (call
+            $(call
+              {
+                (begin (send $_ :& $_))
+                (call $!nil? :intersection $_)
+              }
+              %ARRAY_SIZE_METHODS
+            )
+            {$:> (int 0) | $:positive? | $:!= (int 0) | $:== (int 0) | $:zero?}
+          )
+        PATTERN
+
         # @!method any_none_block_intersection(node)
         def_node_matcher :any_none_block_intersection, <<~PATTERN
           {
@@ -104,15 +135,15 @@ module RuboCop
         PATTERN
 
         MSG = 'Use `%<replacement>s` instead of `%<existing>s`.'
-        STRAIGHT_METHODS = %i[present? any?].freeze
-        NEGATED_METHODS = %i[blank? empty? none?].freeze
+        STRAIGHT_METHODS = %i[present? any? > positive? !=].freeze
+        NEGATED_METHODS = %i[blank? empty? none? == zero?].freeze
         RESTRICT_ON_SEND = (STRAIGHT_METHODS + NEGATED_METHODS).freeze
 
         def on_send(node)
           return if node.block_literal?
-          return unless (receiver, argument, method_name = bad_intersection?(node))
+          return unless (dot_node, receiver, argument, method_name = bad_intersection?(node))
 
-          dot = node.loc.dot.source
+          dot = dot_node.loc.dot.source
           bang = straight?(method_name) ? '' : '!'
           replacement = "#{bang}#{receiver.source}#{dot}intersect?(#{argument.source})"
 
@@ -135,13 +166,16 @@ module RuboCop
         private
 
         def bad_intersection?(node)
-          predicates = if active_support_extensions_enabled?
-                         ACTIVE_SUPPORT_PREDICATES
-                       else
-                         PREDICATES
-                       end
+          bad_intersection_check?(node, bad_intersection_predicates) ||
+            intersection_size_check?(node)
+        end
 
-          bad_intersection_check?(node, predicates)
+        def bad_intersection_predicates
+          if active_support_extensions_enabled?
+            ACTIVE_SUPPORT_PREDICATES
+          else
+            PREDICATES
+          end
         end
 
         def straight?(method_name)

data/lib/rubocop/cop/style/array_intersect_with_single_element.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Style
+      # Use `include?(element)` instead of `intersect?([element])`.
+      #
+      # @safety
+      #   The receiver might not be an array.
+      #
+      # @example
+      #   # bad
+      #   array.intersect?([element])
+      #
+      #   # good
+      #   array.include?(element)
+      class ArrayIntersectWithSingleElement < Base
+        extend AutoCorrector
+
+        MSG = 'Use `include?(element)` instead of `intersect?([element])`.'
+
+        RESTRICT_ON_SEND = %i[intersect?].freeze
+
+        # @!method single_element(node)
+        def_node_matcher :single_element, <<~PATTERN
+          (send _ _ $(array $_))
+        PATTERN
+
+        def on_send(node)
+          array, element = single_element(node)
+          return unless array
+
+          add_offense(
+            node.source_range.with(begin_pos: node.loc.selector.begin_pos)
+          ) do |corrector|
+            corrector.replace(node.loc.selector, 'include?')
+            corrector.replace(
+              array,
+              array.percent_literal? ? element.value.inspect : element.source
+            )
+          end
+        end
+        alias on_csend on_send
+      end
+    end
+  end
+end

data/lib/rubocop/cop/style/bitwise_predicate.rb

@@ -70,18 +70,25 @@ module RuboCop
             (send _ :& _))
         PATTERN
 
+        # rubocop:disable Metrics/AbcSize
         def on_send(node)
           return unless node.receiver&.begin_type?
           return unless (preferred_method = preferred_method(node))
 
           bit_operation = node.receiver.children.first
           lhs, _operator, rhs = *bit_operation
-          preferred = "#{lhs.source}.#{preferred_method}(#{rhs.source})"
+
+          preferred = if preferred_method == 'allbits?' && lhs.source == node.first_argument.source
+                        "#{rhs.source}.allbits?(#{lhs.source})"
+                      else
+                        "#{lhs.source}.#{preferred_method}(#{rhs.source})"
+                      end
 
           add_offense(node, message: format(MSG, preferred: preferred)) do |corrector|
             corrector.replace(node, preferred)
           end
         end
+        # rubocop:enable Metrics/AbcSize
 
         private