simplycop 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb033be1d0c83f6ddf82d2d096aa89992caeb1e51f55b6966ecbc69b77f9462e
-  data.tar.gz: 8e04105bcda67012c7c1e9ef83cd91e34ae7318a8e06e9ad24f0deb96f27831f
+  metadata.gz: 266e346cb15a66ac2a156e5aa7f9baa95db52601c74759ebf8de088e65d5555a
+  data.tar.gz: 4c59e192a0733f3311c104868ab9b70a746310c58b1f58515334e9b366127d6a
 SHA512:
-  metadata.gz: e9f93c07d4fd1a18109ae5561aa9246578f16656c1fb95aeb188cf0b3a6d3702a7b5cc8e1680dac2ae1bc2474569dcd5eb84f33e8563dbad0fc7a574cc71e69a
-  data.tar.gz: bc2f67423f8ff100f0f883b5dd4047ff1728f11e4ae709c0d1fa2d990ae0f75a8e380e47d7640a9a9353d9865e5c9efa78600e9e7e9d34cf04094557586cb666
+  metadata.gz: e5c2b709e412069b735d778df516789fce3253a6aa8fc6e691f412639d7b8cde5adaf36ca09a62bb82b326e44480d98358b4c4480d707bda8e4f12c2a1a3269b
+  data.tar.gz: 8da07133883fda0eefcd34f750dacc2f0d43e3480ddb719a32d943de61ec089b91641c28935ccf3fc498ecc79cbe962c2f88fbc4210b3afc91d62f363e9ee539

data/.custom_simplycop.yml

@@ -1,5 +1,6 @@
 require:
   - './lib/simplycop/custom_cops/timecop_without_block.rb'
+  - './lib/simplycop/custom_cops/dont_print_all_env.rb'
 
 AllCops:
   ExtraDetails: true
@@ -9,3 +10,8 @@ CustomCops/TimecopWithoutBlock:
   Details: >-
     Time in all tests is faked to be midday. Using `Timecop.return` rather than the block format will spoil that for all subsequent tests.
     `https://github.com/simplybusiness/chopin/pull/10607`
+
+CustomCops/DontPrintAllEnv:
+  Enabled: true
+  Details: >-
+    This cop checks if someone accidentally print all environment variables as they may contain secrets.

data/lib/simplycop/custom_cops/dont_print_all_env.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module CustomCops
+  class DontPrintAllEnv < RuboCop::Cop::Cop
+    #  This cop checks if someone accidentally print all environment variables
+    #  because some of them may contain secrets.
+    #
+    # @example
+    #   # bad
+    #   puts ENV.to_h
+    #   puts `env`
+    #   puts ENVIRON.to_h
+    #
+    #   # good
+    #   puts ENV['SOME_KEY']
+    #   puts ENVIRON['SOME_KEY']
+    MSG = 'Printing all Environment Variables is extremely risky'\
+    ' If this code has been run, then it is likely that secrets have been'\
+    ' exposed in plaintext. Please alert `#infosec` about this so it can be'\
+    ' investigated immediately.'\
+
+    def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
+      (send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
+    PATTERN
+
+    def_node_matcher :print_all_env_shell?, <<~PATTERN
+      (send nil? {:puts :p :print} (xstr(str "env")))
+    PATTERN
+
+    def on_send(node)
+      return unless convert_env_to_hash_or_array?(node) || print_all_env_shell?(node)
+
+      add_offense(node, location: :selector)
+    end
+  end
+end

data/lib/simplycop/version.rb

@@ -7,5 +7,5 @@
 #
 
 module Simplycop
-  VERSION = '1.2.0'
+  VERSION = '1.3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simplycop
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Simply Business
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2020-12-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -124,6 +124,7 @@ files:
 - lib/simplycop.rb
 - lib/simplycop/custom_cops/constantize.rb
 - lib/simplycop/custom_cops/define_method.rb
+- lib/simplycop/custom_cops/dont_print_all_env.rb
 - lib/simplycop/custom_cops/instance_eval.rb
 - lib/simplycop/custom_cops/method_missing.rb
 - lib/simplycop/custom_cops/timecop_without_block.rb