simplycop 1.0.0.pre

data/.simplycop_metaprogramming.yml

@@ -0,0 +1,38 @@
+AllCops:
+  ExtraDetails: true
+
+require:
+  - './lib/simplycop/custom_cops/constantize.rb'
+  - './lib/simplycop/custom_cops/define_method.rb'
+  - './lib/simplycop/custom_cops/instance_eval.rb'
+  - './lib/simplycop/custom_cops/method_missing.rb'
+
+CustomCops/Constantize:
+  Enabled: true
+  Details: >-
+    Decision 001 : Avoid metaprogamming, where feasible
+    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+
+CustomCops/DefineMethod:
+  Enabled: true
+  Details: >-
+    Decision 001 : Avoid metaprogamming, where feasible
+    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+
+CustomCops/InstanceEval:
+  Enabled: true
+  Details: >-
+    Decision 001 : Avoid metaprogamming, where feasible
+    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+
+CustomCops/MethodMissing:
+  Enabled: true
+  Details: >-
+    Decision 001 : Avoid metaprogamming, where feasible
+    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+
+Style/Send:
+  Enabled: true
+  Details: >-
+    Decision 001 : Avoid metaprogamming, where feasible
+    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`

data/.simplycop_rails.yml

@@ -0,0 +1,100 @@
+require:
+  - rubocop-rails
+
+AllCops:
+  Exclude:
+    - 'db/schema.rb'
+    - 'vendor/**/*'
+
+  # Cop names are not displayed in offense messages by default. Change behavior
+  # by overriding DisplayCopNames, or by giving the -D/--display-cop-names
+  # option.
+  DisplayCopNames: true
+  # Style guide URLs are not displayed in offense messages by default. Change
+  # behavior by overriding DisplayStyleGuide, or by giving the
+  # -S/--display-style-guide option.
+  DisplayStyleGuide: true
+  UseCache: true
+  MaxFilesInCache: 5000
+# Adapted from: https://github.com/simplybusiness/how-we-roll/blob/master/development/RUBYSTYLEGUIDE.markdown
+
+Rails:
+  Enabled: true
+
+## Rails Cops
+Rails/TimeZone:
+  Enabled: true
+  Severity: warning
+
+Rails/Date:
+  Enabled: true
+  Severity: warning
+
+Rails/Delegate:
+  Enabled: false
+
+Rails/Output:
+  Enabled: true
+
+Rails/Validation:
+  Enabled: true
+
+Rails/FindBy:
+  Enabled: true
+
+Rails/ActionFilter:
+  Enabled: true
+
+Rails/ReadWriteAttribute:
+  Enabled: true
+
+Rails/PluralizationGrammar:
+  Enabled: true
+
+Rails/SkipsModelValidations:
+  Enabled: true
+
+Rails/ActiveRecordCallbacksOrder:
+  Enabled: true
+
+Rails/AfterCommitOverride:
+  Enabled: true
+
+Rails/FindById:
+  Enabled: true
+
+Rails/Inquiry:
+  Enabled: false
+
+Rails/MailerName:
+  Enabled: true
+
+Rails/MatchRoute:
+  Enabled: true
+
+Rails/NegateInclude:
+  Enabled: true
+
+Rails/Pluck:
+  Enabled: false
+
+Rails/PluckInWhere:
+  Enabled: false
+
+Rails/RenderInline:
+  Enabled: true
+
+Rails/RenderPlainText:
+  Enabled: true
+
+Rails/ShortI18n:
+  Enabled: true
+
+Rails/SquishedSQLHeredocs:
+  Enabled: true
+
+Rails/WhereExists:
+  Enabled: false
+
+Rails/WhereNot:
+  Enabled: false

data/.simplycop_rspec.yml

@@ -0,0 +1,234 @@
+require:
+  - rubocop-rspec
+
+RSpec/ContextMethod:
+  Enabled: false
+
+RSpec/LeakyConstantDeclaration:
+  Enabled: false
+
+RSpec/EmptyLineAfterExample:
+  Enabled: false
+
+RSpec/AnyInstance:
+  Description: Check that instances are not being stubbed globally.
+  Enabled: true
+
+RSpec/AroundBlock:
+  Description: Checks that around blocks actually run the test.
+  Enabled: true
+
+RSpec/BeEql:
+  Description: Check for expectations where `be(...)` can replace `eql(...)`.
+  Enabled: true
+
+RSpec/BeforeAfterAll:
+  Description: Check that before/after(:all) isn't being used.
+  Enabled: false
+
+RSpec/DescribeClass:
+  Description: Check that the first argument to the top level describe is a constant.
+  Enabled: false
+
+RSpec/DescribedClass:
+  Description: Checks that tests use `described_class`.
+  SkipBlocks: false
+  Enabled: false
+  EnforcedStyle: described_class
+  SupportedStyles:
+    - described_class
+    - explicit
+
+RSpec/DescribeMethod:
+  Description: Checks that the second argument to `describe` specifies a method.
+  Enabled: false
+
+RSpec/DescribeSymbol:
+  Description: Avoid describing symbols.
+  Enabled: false
+
+RSpec/IteratedExpectation:
+  Description: Check that `all` matcher is used instead of iterating over an array.
+  Enabled: true
+
+RSpec/EmptyExampleGroup:
+  Description: Checks if an example group does not include any tests.
+  Enabled: true
+
+RSpec/EmptyLineAfterFinalLet:
+  Description: Checks if there is an empty line after the last let block.
+  Enabled: false
+
+RSpec/EmptyLineAfterSubject:
+  Description: Checks if there is an empty line after subject block.
+  Enabled: false
+
+RSpec/ExampleLength:
+  Description: Checks for long examples.
+  Enabled: false
+  Max: 5
+
+RSpec/ExampleWording:
+  Description: Checks for common mistakes in example descriptions.
+  Enabled: true
+  CustomTransform:
+    be: is
+    BE: IS
+    have: has
+    HAVE: HAS
+  IgnoredWords: []
+
+RSpec/ExpectActual:
+  Description: Checks for `expect(...)` calls containing literal values.
+  Enabled: true
+
+RSpec/ExpectOutput:
+  Description: Checks for opportunities to use `expect { ... }.to output`.
+  Enabled: false
+
+RSpec/FilePath:
+  Description: Checks that spec file paths are consistent with the test subject.
+  Enabled: false
+  CustomTransform:
+    RuboCop: rubocop
+    RSpec: rspec
+  IgnoreMethods: false
+
+RSpec/Focus:
+  Description: Checks if examples are focused.
+  Enabled: false
+
+RSpec/HookArgument:
+  Description: Checks the arguments passed to `before`, `around`, and `after`.
+  Enabled: true
+  EnforcedStyle: implicit
+  SupportedStyles:
+    - implicit
+    - each
+    - example
+
+RSpec/ImplicitExpect:
+  Description: Check that a consistent implicit expectation style is used.
+  Enabled: true
+  EnforcedStyle: is_expected
+  SupportedStyles:
+    - is_expected
+    - should
+
+RSpec/InstanceSpy:
+  Description: Checks for `instance_double` used with `have_received`.
+  Enabled: false
+
+RSpec/InstanceVariable:
+  Description: Checks for instance variable usage in specs.
+  AssignmentOnly: false
+  Enabled: false
+
+RSpec/ItBehavesLike:
+  Description: Checks that only one `it_behaves_like` style is used.
+  Enabled: true
+  EnforcedStyle: it_behaves_like
+  SupportedStyles:
+    - it_behaves_like
+    - it_should_behave_like
+
+RSpec/LeadingSubject:
+  Description: Checks for `subject` definitions that come after `let` definitions.
+  Enabled: true
+
+RSpec/LetSetup:
+  Description: Checks unreferenced `let!` calls being used for test setup.
+  Enabled: true
+
+RSpec/MessageChain:
+  Description: Check that chains of messages are not being stubbed.
+  Enabled: true
+
+RSpec/MessageExpectation:
+  Description: Checks for consistent message expectation style.
+  Enabled: false
+  EnforcedStyle: allow
+  SupportedStyles:
+    - allow
+    - expect
+
+RSpec/MessageSpies:
+  Description: Checks that message expectations are set using spies.
+  Enabled: false
+  EnforcedStyle: have_received
+  SupportedStyles:
+    - have_received
+    - receive
+
+RSpec/MultipleDescribes:
+  Description: Checks for multiple top level describes.
+  Enabled: true
+
+RSpec/MultipleExpectations:
+  Description: Checks if examples contain too many `expect` calls.
+  Enabled: false
+  Max: 1
+
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
+RSpec/NamedSubject:
+  Description: Checks for explicitly referenced test subjects.
+  Enabled: true
+
+RSpec/NestedGroups:
+  Description: Checks for nested example groups.
+  Enabled: true
+  Max: 4
+
+RSpec/NotToNot:
+  Description: Checks for consistent method usage for negating expectations.
+  EnforcedStyle: not_to
+  SupportedStyles:
+    - not_to
+    - to_not
+  Enabled: false
+
+RSpec/OverwritingSetup:
+  Enabled: true
+  Description: Checks if there is a let/subject that overwrites an existing one.
+
+RSpec/RepeatedDescription:
+  Enabled: true
+  Description: Check for repeated description strings in example groups.
+
+RSpec/RepeatedExample:
+  Enabled: true
+  Description: Check for repeated examples within example groups.
+
+RSpec/SharedContext:
+  Description: Checks for proper shared_context and shared_examples usage.
+  Enabled: true
+
+RSpec/SingleArgumentMessageChain:
+  Description: Checks that chains of messages contain more than one element.
+  Enabled: true
+
+RSpec/ScatteredLet:
+  Description: Checks for let scattered across the example group.
+  Enabled: true
+
+RSpec/ScatteredSetup:
+  Description: Checks for setup scattered across multiple hooks in an example group.
+  Enabled: false
+
+RSpec/SubjectStub:
+  Description: Checks for stubbed test subjects.
+  Enabled: true
+
+RSpec/VerifiedDoubles:
+  Description: Prefer using verifying doubles over normal doubles.
+  Enabled: false
+  IgnoreSymbolicNames: true
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*.rb'
+
+RSpec/StubbedMock:
+  Enabled: false

data/.simplycop_security.yml

@@ -0,0 +1,25 @@
+require:
+  - './lib/simplycop/security/csrf_token_validation.rb'
+  - './lib/simplycop/security/reject_all_requests_local.rb'
+  - './lib/simplycop/security/check_for_vulnerable_code.rb'
+
+AllCops:
+  ExtraDetails: true
+
+Security/CSRFTokenValidation:
+  Enabled: true
+  Details: >-
+    It is important to have authenticity token validation enabled.
+    if you need to disable it please check with InfoSec department first.
+
+Security/RejectAllRequestsLocal:
+  Enabled: true
+  Details: >-
+    Affected environments are integration, staging, production
+    if you need to disable it please check with InfoSec department first.
+
+Security/CheckForVulnerableCode:
+  Enabled: true
+  Details: >-
+    Please make sure that this is addressed accordingly.
+    Do not hesitate to contact infosec for help and guidance

data/CODEOWNERS

@@ -0,0 +1,3 @@
+# Add your project owners info here
+# More information: https://help.github.com/articles/about-codeowners/
+* @simplybusiness/silversmiths

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in shared-rubocop.gemspec
+gemspec

data/README.md

@@ -0,0 +1,73 @@
+# Simplycop
+
+Provides standard shared rubocop configuration for Simply Business applications. No more copying `.rubocop.yml`, no more out-of-sync configuration files. Yay!
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'simplycop', git: 'git@github.com:simplybusiness/simplycop.git'
+
+```
+
+Then install gems by executing:
+
+    $ bundle install
+
+Put following lines at the beginning of your `rubocop.yml` file:
+
+```yaml
+inherit_gem:
+  simplycop: .simplycop.yml
+
+AllCops:
+  Exclude:
+    - 'vendor/**/*'
+```
+
+* If you are implementing this in rails project and have rspec , you probably want the standard rails and rspec cops. you can include this by adding:
+
+```yaml
+inherit_gem:
+  simplycop:
+    - .simplycop.yml
+    - .simplycop_rails.yml
+    - .simplycop_rspec.yml
+```
+
+## Usage
+
+Run Rubocop as you would usually do, i.e.
+
+    $ bundle exec rubocop
+
+or from your continuous integration tool.
+
+## Guidances
+
+* If you are implementing this in a non-rails project, you probably don't want or need the rails cops. In case they cause problems, you can exclude them using:
+```yaml
+Rails:
+  Enabled: false
+```
+* When adding rubocop and simplycop to a legacy project, you might want to initially disable some of the rules.
+
+## Security Cops
+- CheckForVulnerableCode
+
+This cop was built to identify possible Rails vulnerable code.
+Its purpose is to raise an awareness of the finding.
+When an offence was raised, please seek for help and guidance from application security team.
+
+IMPORTANT:
+This cop must be enabled at all times, if you need to disable it please check with AppSec team first.
+
+Example of vulnerable code:
+
+```ruby
+class BooksController < ApplicationController
+  caches_page :show
+end
+```
+Vulnerability Details: https://nvd.nist.gov/vuln/detail/CVE-2020-8159