simplycop 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb033be1d0c83f6ddf82d2d096aa89992caeb1e51f55b6966ecbc69b77f9462e
4
- data.tar.gz: 8e04105bcda67012c7c1e9ef83cd91e34ae7318a8e06e9ad24f0deb96f27831f
3
+ metadata.gz: 266e346cb15a66ac2a156e5aa7f9baa95db52601c74759ebf8de088e65d5555a
4
+ data.tar.gz: 4c59e192a0733f3311c104868ab9b70a746310c58b1f58515334e9b366127d6a
5
5
  SHA512:
6
- metadata.gz: e9f93c07d4fd1a18109ae5561aa9246578f16656c1fb95aeb188cf0b3a6d3702a7b5cc8e1680dac2ae1bc2474569dcd5eb84f33e8563dbad0fc7a574cc71e69a
7
- data.tar.gz: bc2f67423f8ff100f0f883b5dd4047ff1728f11e4ae709c0d1fa2d990ae0f75a8e380e47d7640a9a9353d9865e5c9efa78600e9e7e9d34cf04094557586cb666
6
+ metadata.gz: e5c2b709e412069b735d778df516789fce3253a6aa8fc6e691f412639d7b8cde5adaf36ca09a62bb82b326e44480d98358b4c4480d707bda8e4f12c2a1a3269b
7
+ data.tar.gz: 8da07133883fda0eefcd34f750dacc2f0d43e3480ddb719a32d943de61ec089b91641c28935ccf3fc498ecc79cbe962c2f88fbc4210b3afc91d62f363e9ee539
@@ -1,5 +1,6 @@
1
1
  require:
2
2
  - './lib/simplycop/custom_cops/timecop_without_block.rb'
3
+ - './lib/simplycop/custom_cops/dont_print_all_env.rb'
3
4
 
4
5
  AllCops:
5
6
  ExtraDetails: true
@@ -9,3 +10,8 @@ CustomCops/TimecopWithoutBlock:
9
10
  Details: >-
10
11
  Time in all tests is faked to be midday. Using `Timecop.return` rather than the block format will spoil that for all subsequent tests.
11
12
  `https://github.com/simplybusiness/chopin/pull/10607`
13
+
14
+ CustomCops/DontPrintAllEnv:
15
+ Enabled: true
16
+ Details: >-
17
+ This cop checks if someone accidentally print all environment variables as they may contain secrets.
@@ -0,0 +1,36 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CustomCops
4
+ class DontPrintAllEnv < RuboCop::Cop::Cop
5
+ # This cop checks if someone accidentally print all environment variables
6
+ # because some of them may contain secrets.
7
+ #
8
+ # @example
9
+ # # bad
10
+ # puts ENV.to_h
11
+ # puts `env`
12
+ # puts ENVIRON.to_h
13
+ #
14
+ # # good
15
+ # puts ENV['SOME_KEY']
16
+ # puts ENVIRON['SOME_KEY']
17
+ MSG = 'Printing all Environment Variables is extremely risky'\
18
+ ' If this code has been run, then it is likely that secrets have been'\
19
+ ' exposed in plaintext. Please alert `#infosec` about this so it can be'\
20
+ ' investigated immediately.'\
21
+
22
+ def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
23
+ (send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
24
+ PATTERN
25
+
26
+ def_node_matcher :print_all_env_shell?, <<~PATTERN
27
+ (send nil? {:puts :p :print} (xstr(str "env")))
28
+ PATTERN
29
+
30
+ def on_send(node)
31
+ return unless convert_env_to_hash_or_array?(node) || print_all_env_shell?(node)
32
+
33
+ add_offense(node, location: :selector)
34
+ end
35
+ end
36
+ end
@@ -7,5 +7,5 @@
7
7
  #
8
8
 
9
9
  module Simplycop
10
- VERSION = '1.2.0'
10
+ VERSION = '1.3.0'
11
11
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: simplycop
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Simply Business
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-15 00:00:00.000000000 Z
11
+ date: 2020-12-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rubocop
@@ -124,6 +124,7 @@ files:
124
124
  - lib/simplycop.rb
125
125
  - lib/simplycop/custom_cops/constantize.rb
126
126
  - lib/simplycop/custom_cops/define_method.rb
127
+ - lib/simplycop/custom_cops/dont_print_all_env.rb
127
128
  - lib/simplycop/custom_cops/instance_eval.rb
128
129
  - lib/simplycop/custom_cops/method_missing.rb
129
130
  - lib/simplycop/custom_cops/timecop_without_block.rb