simplycop 1.1.1 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a54a114f25c519f0cbec8e857770ff428ea51a1148b5eb3ce719388541b8c647
-  data.tar.gz: b75b736960f350917d6422d71bfb9da64827d054679bd589ff43e077818894db
+  metadata.gz: 88f566a01241a5651bbeee6ab969274e2aaddc7ae5d202a5178e69ddfb777442
+  data.tar.gz: 6d0ae21a2f04e4a78e3abb43ae04fca74109fb84732a67d918d5c511e2465f78
 SHA512:
-  metadata.gz: e13383ca8dd858a47d623680a5a1cb792bac2a4046c91b26be909499d26910d8e0a8afd830d5eb69ac88d4f569ab2ce60069842610ccbda03cd920c09859f23a
-  data.tar.gz: 48ef17ec00705a490c3541fa661afc04a225c8f688831c2c8f1f8d12564abc6dd0b3c02b0f35c81989655c9b3253aceca4e7267efbfd554456b335375abe9325
+  metadata.gz: a0c1d3b1ab76fedf742d219b0b8c8c19380634ae2e5b0886ffbe41709e0b6a64184e4f87efae1c20fafacfe3b5b2916574b1bcddca7d47ca7c206093ffa2f5f0
+  data.tar.gz: b64adedc727cfa74c539e8e221016764e89f8ea158fbfa910be89acc4d5fc39d70091e54ac4724612d4018e74a6f52fc2678927876e901e3430696405aa29f03

data/.custom_simplycop.yml

@@ -1,5 +1,6 @@
 require:
   - './lib/simplycop/custom_cops/timecop_without_block.rb'
+  - './lib/simplycop/custom_cops/dont_print_all_env.rb'
 
 AllCops:
   ExtraDetails: true
@@ -9,3 +10,8 @@ CustomCops/TimecopWithoutBlock:
   Details: >-
     Time in all tests is faked to be midday. Using `Timecop.return` rather than the block format will spoil that for all subsequent tests.
     `https://github.com/simplybusiness/chopin/pull/10607`
+
+CustomCops/DontPrintAllEnv:
+  Enabled: true
+  Details: >-
+    This cop checks if someone accidentally print all environment variables as they may contain secrets.

data/.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "05:00"
+    open-pull-requests-limit: 99
+    labels:
+      - dependencies
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "05:00"
+    open-pull-requests-limit: 99
+    labels:
+      - dependencies

data/.github/workflows/version_forget_me_not.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-18.04
 
     steps:
-      - uses: simplybusiness/version-forget-me-not@v1
+      - uses: simplybusiness/version-forget-me-not@v2
         env:
           ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VERSION_FILE_PATH: "lib/simplycop/version.rb"

data/.simplycop.yml

@@ -18,6 +18,7 @@ AllCops:
   DisplayStyleGuide: true
   UseCache: true
   MaxFilesInCache: 5000
+  ExtraDetails: true
 # Adapted from: https://github.com/simplybusiness/how-we-roll/blob/master/development/RUBYSTYLEGUIDE.markdown
 
 Naming/VariableName:
@@ -130,7 +131,7 @@ Layout/CaseIndentation:
   Enabled: true
 
 Style/MethodDefParentheses:
-  Enabled: false
+  Enabled: true
 
 Style/MultilineTernaryOperator:
   Enabled: true
@@ -216,6 +217,10 @@ Style/LambdaCall:
 Metrics/ModuleLength:
   Enabled: true
 
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*.rb
+
 Style/For:
   Enabled: true
 
@@ -246,10 +251,10 @@ Style/HashEachMethods:
   Enabled: false
 
 Style/HashTransformKeys:
-  Enabled: false
+  Enabled: true
 
 Style/HashTransformValues:
-  Enabled: false
+  Enabled: true
 
 Layout/EmptyLinesAroundAttributeAccessor:
   Enabled: true

data/.simplycop_rails.yml

@@ -1,64 +1,20 @@
 require:
   - rubocop-rails
 
-AllCops:
-  Exclude:
-    - 'db/schema.rb'
-    - 'vendor/**/*'
-
-  # Cop names are not displayed in offense messages by default. Change behavior
-  # by overriding DisplayCopNames, or by giving the -D/--display-cop-names
-  # option.
-  DisplayCopNames: true
-  # Style guide URLs are not displayed in offense messages by default. Change
-  # behavior by overriding DisplayStyleGuide, or by giving the
-  # -S/--display-style-guide option.
-  DisplayStyleGuide: true
-  UseCache: true
-  MaxFilesInCache: 5000
-# Adapted from: https://github.com/simplybusiness/how-we-roll/blob/master/development/RUBYSTYLEGUIDE.markdown
-
-Rails:
-  Enabled: true
-
-## Rails Cops
-Rails/TimeZone:
-  Enabled: true
-  Severity: warning
-
-Rails/Date:
-  Enabled: true
-  Severity: warning
-
-Rails/Delegate:
-  Enabled: false
-
-Rails/Output:
-  Enabled: true
-
-Rails/Validation:
-  Enabled: true
-
-Rails/FindBy:
-  Enabled: true
-
-Rails/ActionFilter:
-  Enabled: true
-
-Rails/ReadWriteAttribute:
+Rails/ActiveRecordCallbacksOrder:
   Enabled: true
 
-Rails/PluralizationGrammar:
+Rails/AfterCommitOverride:
   Enabled: true
 
-Rails/SkipsModelValidations:
+Rails/AttributeDefaultBlockValue:
   Enabled: true
 
-Rails/ActiveRecordCallbacksOrder:
+Rails/DefaultScope:
   Enabled: true
 
-Rails/AfterCommitOverride:
-  Enabled: true
+Rails/Delegate:
+  Enabled: false
 
 Rails/FindById:
   Enabled: true
@@ -75,9 +31,11 @@ Rails/MatchRoute:
 Rails/NegateInclude:
   Enabled: true
 
+# Conflicts with Mongoid
 Rails/Pluck:
   Enabled: false
 
+# Conflicts with Mongoid
 Rails/PluckInWhere:
   Enabled: false
 
@@ -93,8 +51,13 @@ Rails/ShortI18n:
 Rails/SquishedSQLHeredocs:
   Enabled: true
 
+Rails/WhereEquals:
+  Enabled: true
+
+# Conflicts with Mongoid
 Rails/WhereExists:
   Enabled: false
 
+# Conflicts with Mongoid
 Rails/WhereNot:
   Enabled: false

data/.simplycop_rspec.yml

@@ -1,234 +1,48 @@
 require:
   - rubocop-rspec
 
-RSpec/ContextMethod:
-  Enabled: false
-
-RSpec/LeakyConstantDeclaration:
-  Enabled: false
-
-RSpec/EmptyLineAfterExample:
-  Enabled: false
-
-RSpec/AnyInstance:
-  Description: Check that instances are not being stubbed globally.
-  Enabled: true
-
-RSpec/AroundBlock:
-  Description: Checks that around blocks actually run the test.
-  Enabled: true
-
-RSpec/BeEql:
-  Description: Check for expectations where `be(...)` can replace `eql(...)`.
-  Enabled: true
-
 RSpec/BeforeAfterAll:
-  Description: Check that before/after(:all) isn't being used.
   Enabled: false
 
 RSpec/DescribeClass:
-  Description: Check that the first argument to the top level describe is a constant.
-  Enabled: false
-
-RSpec/DescribedClass:
-  Description: Checks that tests use `described_class`.
-  SkipBlocks: false
   Enabled: false
-  EnforcedStyle: described_class
-  SupportedStyles:
-    - described_class
-    - explicit
 
 RSpec/DescribeMethod:
-  Description: Checks that the second argument to `describe` specifies a method.
-  Enabled: false
-
-RSpec/DescribeSymbol:
-  Description: Avoid describing symbols.
   Enabled: false
 
-RSpec/IteratedExpectation:
-  Description: Check that `all` matcher is used instead of iterating over an array.
-  Enabled: true
-
-RSpec/EmptyExampleGroup:
-  Description: Checks if an example group does not include any tests.
-  Enabled: true
-
-RSpec/EmptyLineAfterFinalLet:
-  Description: Checks if there is an empty line after the last let block.
-  Enabled: false
-
-RSpec/EmptyLineAfterSubject:
-  Description: Checks if there is an empty line after subject block.
+RSpec/DescribedClass:
   Enabled: false
 
 RSpec/ExampleLength:
-  Description: Checks for long examples.
   Enabled: false
-  Max: 5
-
-RSpec/ExampleWording:
-  Description: Checks for common mistakes in example descriptions.
-  Enabled: true
-  CustomTransform:
-    be: is
-    BE: IS
-    have: has
-    HAVE: HAS
-  IgnoredWords: []
-
-RSpec/ExpectActual:
-  Description: Checks for `expect(...)` calls containing literal values.
-  Enabled: true
 
 RSpec/ExpectOutput:
-  Description: Checks for opportunities to use `expect { ... }.to output`.
   Enabled: false
 
 RSpec/FilePath:
-  Description: Checks that spec file paths are consistent with the test subject.
-  Enabled: false
-  CustomTransform:
-    RuboCop: rubocop
-    RSpec: rspec
-  IgnoreMethods: false
-
-RSpec/Focus:
-  Description: Checks if examples are focused.
-  Enabled: false
-
-RSpec/HookArgument:
-  Description: Checks the arguments passed to `before`, `around`, and `after`.
-  Enabled: true
-  EnforcedStyle: implicit
-  SupportedStyles:
-    - implicit
-    - each
-    - example
-
-RSpec/ImplicitExpect:
-  Description: Check that a consistent implicit expectation style is used.
-  Enabled: true
-  EnforcedStyle: is_expected
-  SupportedStyles:
-    - is_expected
-    - should
-
-RSpec/InstanceSpy:
-  Description: Checks for `instance_double` used with `have_received`.
   Enabled: false
 
 RSpec/InstanceVariable:
-  Description: Checks for instance variable usage in specs.
-  AssignmentOnly: false
   Enabled: false
 
-RSpec/ItBehavesLike:
-  Description: Checks that only one `it_behaves_like` style is used.
-  Enabled: true
-  EnforcedStyle: it_behaves_like
-  SupportedStyles:
-    - it_behaves_like
-    - it_should_behave_like
-
-RSpec/LeadingSubject:
-  Description: Checks for `subject` definitions that come after `let` definitions.
-  Enabled: true
-
-RSpec/LetSetup:
-  Description: Checks unreferenced `let!` calls being used for test setup.
-  Enabled: true
-
-RSpec/MessageChain:
-  Description: Check that chains of messages are not being stubbed.
-  Enabled: true
-
-RSpec/MessageExpectation:
-  Description: Checks for consistent message expectation style.
-  Enabled: false
-  EnforcedStyle: allow
-  SupportedStyles:
-    - allow
-    - expect
-
 RSpec/MessageSpies:
-  Description: Checks that message expectations are set using spies.
   Enabled: false
-  EnforcedStyle: have_received
-  SupportedStyles:
-    - have_received
-    - receive
-
-RSpec/MultipleDescribes:
-  Description: Checks for multiple top level describes.
-  Enabled: true
 
 RSpec/MultipleExpectations:
-  Description: Checks if examples contain too many `expect` calls.
   Enabled: false
-  Max: 1
 
 RSpec/MultipleMemoizedHelpers:
   Enabled: false
 
-RSpec/NamedSubject:
-  Description: Checks for explicitly referenced test subjects.
-  Enabled: true
-
 RSpec/NestedGroups:
-  Description: Checks for nested example groups.
   Enabled: true
   Max: 4
 
 RSpec/NotToNot:
-  Description: Checks for consistent method usage for negating expectations.
-  EnforcedStyle: not_to
-  SupportedStyles:
-    - not_to
-    - to_not
   Enabled: false
 
-RSpec/OverwritingSetup:
-  Enabled: true
-  Description: Checks if there is a let/subject that overwrites an existing one.
-
-RSpec/RepeatedDescription:
-  Enabled: true
-  Description: Check for repeated description strings in example groups.
-
-RSpec/RepeatedExample:
-  Enabled: true
-  Description: Check for repeated examples within example groups.
-
-RSpec/SharedContext:
-  Description: Checks for proper shared_context and shared_examples usage.
-  Enabled: true
-
-RSpec/SingleArgumentMessageChain:
-  Description: Checks that chains of messages contain more than one element.
-  Enabled: true
-
-RSpec/ScatteredLet:
-  Description: Checks for let scattered across the example group.
-  Enabled: true
-
 RSpec/ScatteredSetup:
-  Description: Checks for setup scattered across multiple hooks in an example group.
-  Enabled: false
-
-RSpec/SubjectStub:
-  Description: Checks for stubbed test subjects.
-  Enabled: true
-
-RSpec/VerifiedDoubles:
-  Description: Prefer using verifying doubles over normal doubles.
   Enabled: false
-  IgnoreSymbolicNames: true
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/**/*.rb'
 
 RSpec/StubbedMock:
   Enabled: false

data/.simplycop_security.yml

@@ -3,9 +3,6 @@ require:
   - './lib/simplycop/security/reject_all_requests_local.rb'
   - './lib/simplycop/security/check_for_vulnerable_code.rb'
 
-AllCops:
-  ExtraDetails: true
-
 Security/CSRFTokenValidation:
   Enabled: true
   Details: >-

data/lib/simplycop/custom_cops/dont_print_all_env.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module CustomCops
+  class DontPrintAllEnv < RuboCop::Cop::Cop
+    #  This cop checks if someone accidentally print all environment variables
+    #  because some of them may contain secrets.
+    #
+    # @example
+    #   # bad
+    #   puts ENV.to_h
+    #   puts `env`
+    #   puts ENVIRON.to_h
+    #
+    #   # good
+    #   puts ENV['SOME_KEY']
+    #   puts ENVIRON['SOME_KEY']
+    MSG = 'Printing all Environment Variables is extremely risky'\
+    ' If this code has been run, then it is likely that secrets have been'\
+    ' exposed in plaintext. Please alert `#infosec` about this so it can be'\
+    ' investigated immediately.'\
+
+    def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
+      (send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
+    PATTERN
+
+    def_node_matcher :print_all_env_shell?, <<~PATTERN
+      (send nil? {:puts :p :print} (xstr(str "env")))
+    PATTERN
+
+    def on_send(node)
+      return unless convert_env_to_hash_or_array?(node) || print_all_env_shell?(node)
+
+      add_offense(node, location: :selector)
+    end
+  end
+end

data/lib/simplycop/version.rb

@@ -7,5 +7,5 @@
 #
 
 module Simplycop
-  VERSION = '1.1.1'
+  VERSION = '1.4.2'
 end

data/simplycop.gemspec

@@ -17,9 +17,9 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rubocop', '~> 1.5.2'
-  spec.add_dependency 'rubocop-rails', '~> 2.8.1'
-  spec.add_dependency 'rubocop-rspec', '~> 2.0.1'
+  spec.add_dependency 'rubocop', '~> 1.6.1'
+  spec.add_dependency 'rubocop-rails', '~> 2.9.0'
+  spec.add_dependency 'rubocop-rspec', '~> 2.1.0'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake', '>= 12.3.3'
   spec.add_development_dependency 'rspec', '~> 3.10'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simplycop
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.4.2
 platform: ruby
 authors:
 - Simply Business
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-09 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -16,42 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.2
+        version: 1.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.2
+        version: 1.6.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.1
+        version: 2.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.1
+        version: 2.9.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +103,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".custom_simplycop.yml"
+- ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/publish_gem.yml"
 - ".github/workflows/version_forget_me_not.yml"
@@ -124,6 +125,7 @@ files:
 - lib/simplycop.rb
 - lib/simplycop/custom_cops/constantize.rb
 - lib/simplycop/custom_cops/define_method.rb
+- lib/simplycop/custom_cops/dont_print_all_env.rb
 - lib/simplycop/custom_cops/instance_eval.rb
 - lib/simplycop/custom_cops/method_missing.rb
 - lib/simplycop/custom_cops/timecop_without_block.rb