rubopolis 0.0.6

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7a7ed5bfea758072102a9bbea085269d3acb334d7adcb5dc981fdabdb52c4085
+  data.tar.gz: 5ba582879db9e949f97491045bf986a9536c74618d844cf47b7045b20d75c7c7
+SHA512:
+  metadata.gz: 0ff04065bc7620d1983b3acbf99c1e9b8bb8168d5f604d030ea23e3b5f7e26f748af07bc29a4ae560d9ac0e40c7baf189b2d8b498ad6dcd0a91c03e2c54fa729
+  data.tar.gz: 7c6cce7704b0336b6a4f13c2669f51a63c250b1c3052207d0c95cb4d7cc8215d0b52a01f5527e7ffa4ceac2f9f1f80054e46bf63e36a2708a82425171fae3e32

data/README.md

@@ -0,0 +1,22 @@
+# rubopolis
+## About
+This repo is a collection of useful rubocops for Rails project.
+
+These are the list of custom cops in this project right now:
+1. Migration filename convention
+2. Time usage
+3. Query injection prevention
+
+
+## Installation
+Add rubopolis gem to you application:
+```
+TODO
+```
+
+## Contribute
+Contributions are welcome!
+
+Fork the repository
+Write code and tests
+Submit a PR

data/config/default.yml

@@ -0,0 +1,12 @@
+Cop/MigrationFilename:
+  Description: 'Enforce the database migration filename is not a future date'
+  Enabled: true
+  VersionAdded: '0.0.1'
+Cop/QueryInject:
+  Description: 'Ensure code does not have an query inject-able code'
+  Enabled: true
+  VersionAdded: '0.0.1'
+Cop/TimeUsage:
+  Description: 'Use `Time.current` or `Date.current` instead for standardisation.'
+  Enabled: true
+  VersionAdded: '0.0.1'

data/lib/rubopolis/cop/migration_filename.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rubocop'
+
+module Rubopolis
+  module Cop
+    # This cop is used to enforce proper migration filename in codebase
+
+    # @example
+    #   # bad
+    #   Manipulating the filename timestamp to be the future
+    #
+    #   # good
+    #   System generated filename
+    class MigrationFilename < RuboCop::Cop::Base
+      include RuboCop::Cop::RangeHelp
+
+      MSG_FUTURE_TIMESTAMP = 'The name of this file (`%<basename>s`) should not use future timestamp.'
+
+      def on_new_investigation
+        file_path = processed_source.file_path
+
+        return unless file_path.include?('/db/')
+
+        for_bad_filename(file_path) { |range, msg| add_offense(range, message: msg) }
+      end
+
+      def for_bad_filename(file_path)
+        basename = File.basename(file_path)
+
+        filename_datetime = basename.split('_', 2).first
+        current_timestamp = Time.now.strftime('%Y%m%d%H%M%S')
+
+        msg = format(MSG_FUTURE_TIMESTAMP, basename: basename) if filename_datetime > current_timestamp
+
+        yield source_range(processed_source.buffer, 1, 0), msg if msg
+      end
+    end
+  end
+end

data/lib/rubopolis/cop/query_injection.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'rubocop/cop/mixin/active_record_helper'
+
+module Rubopolis
+  module Cop
+    # This cop is used to identify usages of `find_by` or `where` with string or params inputs.
+    # Use either hash or array input to avoid potential SQL injection.
+    # Feel free to disable the rule manually if code is assessed to be safe from injection.
+
+    # @example
+    #   # bad
+    #   User.find_by("name = 'Bruce'")
+    #   User.find_by(params[:name_query])
+    #
+    #   # good
+    #   User.find_by('name = ?', 'Bruce')
+    #   User.find_by(['name = ?', 'Bruce'])
+    #   User.find_by(name: 'Bruce')
+    class QueryInjection < RuboCop::Cop::Base
+      include RuboCop::Cop::RangeHelp
+      include RuboCop::Cop::ActiveRecordHelper
+
+      MSG = '`%s` should be called with hash or array arguments only: see lib/custom_cops/query_injection'
+
+      def on_send(node)
+        return if node.receiver.nil? && !inherit_active_record_base?(node)
+        return unless method?(node)
+        return unless where_or_find_by?(node)
+        return if acceptable_arg?(node.arguments[0])
+
+        # when arguments are > 1 strings, it should be templated and are most likely safe.
+        return if node.arguments.length > 1
+
+        range = offense_range(node)
+        add_offense(range, message: format(MSG, @method))
+      end
+
+      private
+
+      def offense_range(node)
+        range_between(node.loc.selector.begin_pos, node.arguments[0].loc.expression.end_pos)
+      end
+
+      def method?(node)
+        node.arguments.any? && node.respond_to?(:method?)
+      end
+
+      def where_or_find_by?(node)
+        if node.method?(:where)
+          @method = 'where'
+          return true
+        elsif node.method?(:find_by)
+          @method = 'find_by'
+          return true
+        end
+
+        false
+      end
+
+      def array?(node)
+        node.is_a?(RuboCop::AST::ArrayNode)
+      end
+
+      def kwarg?(node)
+        node.is_a?(RuboCop::AST::HashNode)
+      end
+
+      def acceptable_arg?(node)
+        # TODO: current implementation does not allow generated arguments
+        # i.e. find_by(function_that_returns_hash)
+        #
+        # if this is desired:
+        # - raise a chore ticket to update this cop
+        # - update rubocop_todo.yml to ignore the file in question OR
+        # - temporarily disable the rule in the file with an inline comment
+
+        array?(node) || kwarg?(node)
+      end
+    end
+  end
+end

data/lib/rubopolis/cop/time_usage.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Rubopolis
+  module Cop
+    # This cop is used to identify usages of `Time.zone.now` or `Time.zone.today` and any Time class related arithmetic.
+    # Use `Time.current` or `Date.current` instead for standardisation.
+    # Feel free to disable the rule manually if necessary.
+
+    # @example
+    #   # bad
+    #   Time.zone.today
+    #   Time.zone.now
+    #   Time.current + 2.weeks
+    #   Time.current - 2.weeks
+    #
+    #   # good
+    #   Date.current
+    #   Time.current
+    #   2.weeks.ago
+    #   2.weeks.since or 2.weeks.from_now
+    class TimeUsage < RuboCop::Cop::Base
+      USAGE_MSG = '`Time.zone.now` or `Time.zone.today` should not be used, to consider Time.current or ' \
+                  'Date.current instead: see lib/custom_cops/time_usage'
+
+      ARITHMETIC_MSG = 'Avoid subtracting or adding for Time, to use methods like `ago` and `since/from_now` e.g. ' \
+                       '`2.weeks.ago`, `5.minutes.since`. Refer to https://api.rubyonrails.org/classes/Time.html ' \
+                       'for more info'
+
+      def_node_matcher :time_now?, <<~PATTERN
+        (send (send (const nil? :Time) :zone) :now)
+      PATTERN
+
+      def_node_matcher :time_today?, <<~PATTERN
+        (send (send (const nil? :Time) :zone) :today)
+      PATTERN
+
+      def_node_matcher :time_addition?, <<~PATTERN
+        (send (send (const nil? :Time) :current) :+ $(...))
+      PATTERN
+
+      def_node_matcher :time_subtract?, <<~PATTERN
+        (send (send (const nil? :Time) :current) :- $(...))
+      PATTERN
+
+      def on_send(node)
+        if time_now?(node) || time_today?(node)
+          message = USAGE_MSG
+        elsif time_addition?(node) || time_subtract?(node)
+          message = ARITHMETIC_MSG
+        else
+          return
+        end
+
+        add_offense(node, message: message)
+      end
+    end
+  end
+end

data/lib/rubopolis/inject.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'rubocop'
+
+# Original from https://github.com/rubocop/rubocop-rspec/blob/master/lib/rubocop/rspec/inject.rb
+module Rubopolis
+  # Because RuboCop doesn't yet support plugins, we have to monkey patch in a
+  # bit of our configuration.
+  module Inject
+    def self.defaults!
+      path = CONFIG_DEFAULT.to_s
+      hash = ::RuboCop::ConfigLoader.send(:load_yaml_configuration, path)
+      config = ::RuboCop::Config.new(hash, path).tap(&:make_excludes_absolute)
+      puts "configuration from #{path}" if ::RuboCop::ConfigLoader.debug?
+      config = ::RuboCop::ConfigLoader.merge_with_default(config, path)
+      ::RuboCop::ConfigLoader.instance_variable_set(:@default_configuration, config)
+    end
+  end
+end

data/lib/rubopolis/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Rubopolis
+  module Version
+    WRAPPER_VERSION = '0.0.6'
+  end
+end

data/lib/rubopolis.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'pathname'
+require 'yaml'
+
+require_relative 'rubopolis/inject'
+require_relative 'rubopolis/version'
+require_relative 'rubopolis/cop/migration_filename'
+require_relative 'rubopolis/cop/query_injection'
+require_relative 'rubopolis/cop/time_usage'
+
+##
+# Base Module
+module Rubopolis
+  PROJECT_ROOT = ::Pathname.new(__dir__).parent.expand_path.freeze
+  CONFIG_DEFAULT = PROJECT_ROOT.join('config', 'default.yml').freeze
+  CONFIG = ::YAML.safe_load(CONFIG_DEFAULT.read).freeze
+
+  private_constant(:CONFIG_DEFAULT, :PROJECT_ROOT)
+end
+
+Rubopolis::Inject.defaults!

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: rubopolis
+version: !ruby/object:Gem::Version
+  version: 0.0.6
+platform: ruby
+authors:
+- Eileen Kang
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-01-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.33'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.33'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.17'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+description: All custom rubocop for Rails project
+email: eileen_kang@tech.gov.sg
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- config/default.yml
+- lib/rubopolis.rb
+- lib/rubopolis/cop/migration_filename.rb
+- lib/rubopolis/cop/query_injection.rb
+- lib/rubopolis/cop/time_usage.rb
+- lib/rubopolis/inject.rb
+- lib/rubopolis/version.rb
+homepage: https://github.com/GovTechSG/rubopolis
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.33
+signing_key:
+specification_version: 4
+summary: Custom rubocop for Rails project
+test_files: []