simplycop 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.custom_simplycop.yml +6 -0
- data/lib/simplycop/custom_cops/dont_print_all_env.rb +36 -0
- data/lib/simplycop/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 266e346cb15a66ac2a156e5aa7f9baa95db52601c74759ebf8de088e65d5555a
|
4
|
+
data.tar.gz: 4c59e192a0733f3311c104868ab9b70a746310c58b1f58515334e9b366127d6a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e5c2b709e412069b735d778df516789fce3253a6aa8fc6e691f412639d7b8cde5adaf36ca09a62bb82b326e44480d98358b4c4480d707bda8e4f12c2a1a3269b
|
7
|
+
data.tar.gz: 8da07133883fda0eefcd34f750dacc2f0d43e3480ddb719a32d943de61ec089b91641c28935ccf3fc498ecc79cbe962c2f88fbc4210b3afc91d62f363e9ee539
|
data/.custom_simplycop.yml
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require:
|
2
2
|
- './lib/simplycop/custom_cops/timecop_without_block.rb'
|
3
|
+
- './lib/simplycop/custom_cops/dont_print_all_env.rb'
|
3
4
|
|
4
5
|
AllCops:
|
5
6
|
ExtraDetails: true
|
@@ -9,3 +10,8 @@ CustomCops/TimecopWithoutBlock:
|
|
9
10
|
Details: >-
|
10
11
|
Time in all tests is faked to be midday. Using `Timecop.return` rather than the block format will spoil that for all subsequent tests.
|
11
12
|
`https://github.com/simplybusiness/chopin/pull/10607`
|
13
|
+
|
14
|
+
CustomCops/DontPrintAllEnv:
|
15
|
+
Enabled: true
|
16
|
+
Details: >-
|
17
|
+
This cop checks if someone accidentally print all environment variables as they may contain secrets.
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module CustomCops
|
4
|
+
class DontPrintAllEnv < RuboCop::Cop::Cop
|
5
|
+
# This cop checks if someone accidentally print all environment variables
|
6
|
+
# because some of them may contain secrets.
|
7
|
+
#
|
8
|
+
# @example
|
9
|
+
# # bad
|
10
|
+
# puts ENV.to_h
|
11
|
+
# puts `env`
|
12
|
+
# puts ENVIRON.to_h
|
13
|
+
#
|
14
|
+
# # good
|
15
|
+
# puts ENV['SOME_KEY']
|
16
|
+
# puts ENVIRON['SOME_KEY']
|
17
|
+
MSG = 'Printing all Environment Variables is extremely risky'\
|
18
|
+
' If this code has been run, then it is likely that secrets have been'\
|
19
|
+
' exposed in plaintext. Please alert `#infosec` about this so it can be'\
|
20
|
+
' investigated immediately.'\
|
21
|
+
|
22
|
+
def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
|
23
|
+
(send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
|
24
|
+
PATTERN
|
25
|
+
|
26
|
+
def_node_matcher :print_all_env_shell?, <<~PATTERN
|
27
|
+
(send nil? {:puts :p :print} (xstr(str "env")))
|
28
|
+
PATTERN
|
29
|
+
|
30
|
+
def on_send(node)
|
31
|
+
return unless convert_env_to_hash_or_array?(node) || print_all_env_shell?(node)
|
32
|
+
|
33
|
+
add_offense(node, location: :selector)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
data/lib/simplycop/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simplycop
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Simply Business
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-12-
|
11
|
+
date: 2020-12-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rubocop
|
@@ -124,6 +124,7 @@ files:
|
|
124
124
|
- lib/simplycop.rb
|
125
125
|
- lib/simplycop/custom_cops/constantize.rb
|
126
126
|
- lib/simplycop/custom_cops/define_method.rb
|
127
|
+
- lib/simplycop/custom_cops/dont_print_all_env.rb
|
127
128
|
- lib/simplycop/custom_cops/instance_eval.rb
|
128
129
|
- lib/simplycop/custom_cops/method_missing.rb
|
129
130
|
- lib/simplycop/custom_cops/timecop_without_block.rb
|