RubyGems - simplycop - Versions diffs - 2.20.1 → 2.21.0 - Mend

simplycop 2.20.1 → 2.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/.custom_simplycop.yml +8 -0
data/.rubocop.yml +1 -1
data/.simplycop_bundler.yml +3 -0
data/.simplycop_lint.yml +4 -0
data/.simplycop_metaprogramming.yml +5 -5
data/.simplycop_rspec.yml +6 -0
data/.simplycop_security.yml +0 -7
data/.simplycop_style.yml +7 -2
data/Rakefile +65 -0
data/catalog-info.yaml +1 -1
data/lib/simplycop/custom_cops/dont_print_all_env.rb +1 -1
data/lib/simplycop/custom_cops/timecop_without_block.rb +3 -1
data/lib/simplycop/security/csrf_token_validation.rb +4 -4
data/lib/simplycop/security/reject_all_requests_local.rb +4 -3
data/lib/simplycop/version.rb +1 -1
metadata +2 -3
data/lib/simplycop/security/check_for_vulnerable_code.rb +0 -34

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6157c3eef86dfe12f513756c99d70f0dfa29771d33ab4e8cb3e2750df0743180
-  data.tar.gz: bae1f7c522cde06878c7766b47fd43806018d9a9fcc4680f819776c62bcaa010
+  metadata.gz: ba502fad34635a0c5b55f197ca7086705e081137223b5da106a2a7fce220bea1
+  data.tar.gz: 26b88acbb442ebd8d3f9836f3ec032487abc80494e8f2f26dca730d39cc39d7f
 SHA512:
-  metadata.gz: 6d44d159da2e4fd39e405cd29df55071e051f13e86a7ac38bf643206f9257ef533616ce58bdd47f18daf849ddabd27e77284e0f61f240b0dfe4910a1ec6a5699
-  data.tar.gz: 5360a0a6bcd97ef3a524392472ed5048eb9d22fea7938fe5e8a49eae7dccbc96f0312615d2867cd8e0d4c85f5977bbf7f4bcf8a089ca6fe6834bab3c65f9ca79
+  metadata.gz: 13a9345653d9954019dfe545fcfa9c1ceb73e55c2e68964bbd437aebd1d44b41d1f6f1eb17d02e309111e82a24d2f9bf4af86c2be9c71c1e9f6331f1b166e566
+  data.tar.gz: 2557071ba0f10cbdcb9782273e2fd5711a70ccd49d3eb9851eaf0ba8ea5de86281a13cef5bc50457855c7333b8fba5f874416662ff60be566eb1212dbb2109fa

data/.custom_simplycop.yml CHANGED Viewed

@@ -2,6 +2,7 @@ require:
   - './lib/simplycop/custom_cops/timecop_without_block.rb'
   - './lib/simplycop/custom_cops/dont_print_all_env.rb'
   - './lib/simplycop/custom_cops/no_foreground_indices.rb'
+  - './lib/simplycop/custom_cops/variable_name_shadowing_method.rb'
 AllCops:
   ExtraDetails: true
@@ -23,3 +24,10 @@ CustomCops/NoForegroundIndices:
   Include:
     - app/models/*
+CustomCops/VariableNameShadowingMethod:
+  Enabled: true
+  Details: >-
+    This cop checks for local variable assignments that shadow method names in the same scope.
+    This can cause subtle bugs where the variable returns nil instead of calling the method,
+    since Ruby determines local variable scope at parse time, not runtime.

data/.rubocop.yml CHANGED Viewed

@@ -8,6 +8,6 @@ inherit_from:
   - .simplycop_rspec_rails.yml
 AllCops:
-  TargetRubyVersion: 3.1
+  TargetRubyVersion: 3.2
   Exclude:
     - simplycop.gemspec

data/.simplycop_bundler.yml CHANGED Viewed

@@ -1,6 +1,9 @@
 Bundler/DuplicatedGem:
   Enabled: true
+Bundler/DuplicatedGroup:
+  Enabled: true
 Bundler/GemComment:
   Enabled: false

data/.simplycop_lint.yml CHANGED Viewed

@@ -2,6 +2,7 @@ Lint/AmbiguousAssignment:
   Enabled: true
 Lint/AmbiguousBlockAssociation:
+  Enabled: true
   Exclude:
     - spec/**/*
@@ -138,6 +139,9 @@ Lint/EmptyInterpolation:
 Lint/EmptyWhen:
   Enabled: true
+Lint/EnsureReturn:
+  Enabled: true
 Lint/ErbNewArguments:
   Enabled: true

data/.simplycop_metaprogramming.yml CHANGED Viewed

@@ -8,28 +8,28 @@ CustomCops/Constantize:
   Enabled: true
   Details: >-
     Decision 001 : Avoid metaprogamming, where feasible
-    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+    `https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
 CustomCops/DefineMethod:
   Enabled: true
   Details: >-
     Decision 001 : Avoid metaprogamming, where feasible
-    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+    `https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
 CustomCops/InstanceEval:
   Enabled: true
   Details: >-
     Decision 001 : Avoid metaprogamming, where feasible
-    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+    `https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
 CustomCops/MethodMissing:
   Enabled: true
   Details: >-
     Decision 001 : Avoid metaprogamming, where feasible
-    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+    `https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
 Style/Send:
   Enabled: true
   Details: >-
     Decision 001 : Avoid metaprogamming, where feasible
-    `https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
+    `https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`

data/.simplycop_rspec.yml CHANGED Viewed

@@ -200,6 +200,9 @@ RSpec/MatchArray:
 RSpec/MessageChain:
   Enabled: true
+RSpec/MessageExpectation:
+  Enabled: false
 RSpec/MessageSpies:
   Enabled: false
@@ -334,6 +337,9 @@ RSpec/UnspecifiedException:
 RSpec/VariableDefinition:
   Enabled: true
+RSpec/VariableName:
+  Enabled: true
 RSpec/VerifiedDoubleReference:
   Enabled: true

data/.simplycop_security.yml CHANGED Viewed

@@ -1,7 +1,6 @@
 require:
   - './lib/simplycop/security/csrf_token_validation.rb'
   - './lib/simplycop/security/reject_all_requests_local.rb'
-  - './lib/simplycop/security/check_for_vulnerable_code.rb'
 # Custom security cops
@@ -17,12 +16,6 @@ Security/RejectAllRequestsLocal:
     Affected environments are integration, staging, production
     if you need to disable it please check with InfoSec department first.
-Security/CheckForVulnerableCode:
-  Enabled: true
-  Details: >-
-    Please make sure that this is addressed accordingly.
-    Do not hesitate to contact infosec for help and guidance
 # Standard security cops
 Security/CompoundHash:

data/.simplycop_style.yml CHANGED Viewed

@@ -19,6 +19,9 @@ Style/ArgumentsForwarding:
 Style/ArrayCoercion:
   Enabled: true
+Style/ArrayFirstLast:
+  Enabled: false
 Style/ArrayIntersect:
   Enabled: true
@@ -731,8 +734,9 @@ Style/SelfAssignment:
 Style/Semicolon:
   Enabled: true
-Style/Send:
-  Enabled: false
+# Style/Send is configured in .simplycop_metaprogramming.yml instead
+# since it's primarily a metaprogramming concern (discouraging use of `send` method)
+# If .simplycop_metaprogramming.yml is not present, Style/Send is disabled by default
 Style/SendWithLiteralMethodName:
   Enabled: true
@@ -879,6 +883,7 @@ Style/WhileUntilModifier:
   Enabled: true
 Style/WordArray:
+  Enabled: true
   EnforcedStyle: brackets
 Style/YAMLFileRead:

data/Rakefile CHANGED Viewed

@@ -1,3 +1,68 @@
 # frozen_string_literal: true
+# rubocop:disable Rails/RakeEnvironment
 require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+# RSpec task for running tests
+RSpec::Core::RakeTask.new(:spec) do |task|
+  task.rspec_opts = '--format documentation --color'
+end
+# RuboCop task for linting
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.options = ['--display-cop-names', '--format', 'progress']
+end
+# Combined quality check task
+desc 'Run all quality checks (tests + linting)'
+task quality: [:spec, :rubocop]
+# CI task (same as quality but with different name for CI systems)
+desc 'Run all checks for CI (tests + linting)'
+task ci: :quality
+# Default task
+task default: :quality
+# Custom task to list all custom cops
+desc 'List all custom cops with their descriptions'
+task :list_custom_cops do
+  puts "📋 Custom Cops in SimplyCop:\n\n"
+  # Custom cops
+  Dir.glob('lib/simplycop/custom_cops/*.rb').each do |file|
+    cop_name = File.basename(file, '.rb')
+    puts "🔍 CustomCops/#{cop_name.split('_').map(&:capitalize).join('')}"
+    # Try to extract description from the file
+    content = File.read(file)
+    if /# @example\s*\n#\s*#bad\s*\n(.*?)#\s*#good/m.match?(content)
+      puts "   Description: Found in #{file}"
+    end
+    puts
+  end
+  # Security cops
+  Dir.glob('lib/simplycop/security/*.rb').each do |file|
+    cop_name = File.basename(file, '.rb')
+    puts "🔒 Security/#{cop_name.split('_').map(&:capitalize).join('')}"
+    puts "   Description: Found in #{file}"
+    puts
+  end
+end
+# Development setup task
+desc 'Setup development environment'
+task :setup do
+  puts '🔧 Setting up development environment...'
+  sh 'bundle install'
+  puts '✅ Bundle installed'
+  sh 'bundle exec rspec --version'
+  puts '✅ RSpec ready'
+  sh 'bundle exec rubocop --version'
+  puts '✅ RuboCop ready'
+  puts '🎉 Development environment ready!'
+end
+# rubocop:enable Rails/RakeEnvironment

data/catalog-info.yaml CHANGED Viewed

@@ -10,7 +10,7 @@ metadata:
     simplybusiness.com/bnw-app-name: simplycop
     simplybusiness.com/sast-scanning: enabled
     rubygems.org/name: simplycop
-    rubygems.org/current-version: 2.20.1
+    rubygems.org/current-version: 2.21.0
 spec:
   type: library
   lifecycle: production

data/lib/simplycop/custom_cops/dont_print_all_env.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module CustomCops
     MSG = 'Printing all Environment Variables is extremely risky ' \
           'If this code has been run, then it is likely that secrets have been ' \
           'exposed in plaintext. Please alert `#infosec` about this so it can be ' \
-          'investigated immediately.' \
+          'investigated immediately.'
     def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
       (send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})

data/lib/simplycop/custom_cops/timecop_without_block.rb CHANGED Viewed

@@ -30,7 +30,9 @@ module CustomCops
     # this denotes the following structure:
     # `Timecop.method(arg1, arg2, &block)`, which is also a valid way of passing in a block
     def last_child_is_a_block?(node)
-      node.children.last&.type == :block_pass if node.children.last.respond_to?(:type)
+      return false unless node.children.last.respond_to?(:type)
+      node.children.last.type == :block_pass
     end
   end
 end

data/lib/simplycop/security/csrf_token_validation.rb CHANGED Viewed

@@ -1,14 +1,14 @@
 module Security
   class CSRFTokenValidation < RuboCop::Cop::Base
     MSG = 'Do not disable authenticity token validation'
-    def_node_matcher :skip_before_action, '(send _ :skip_before_action _)'
+    def_node_matcher :skip_before_action, '(send _ :skip_before_action ...)'
     def on_send(node)
       return unless skip_before_action(node)
-      _, _, parts = *node
-      method = parts.node_parts
-      add_offense(node.loc.selector) if found_match(method[0])
+      _, _, first_arg = *node
+      method_name = first_arg.children.first if first_arg.type == :sym
+      add_offense(node.loc.selector) if found_match(method_name)
     end
     def found_match(method)

data/lib/simplycop/security/reject_all_requests_local.rb CHANGED Viewed

@@ -13,12 +13,13 @@ module Security
     end
     def block_listed?(string)
-      RAILS_ENV.each_with_object([]) do |env, results|
-        results << string.include?(env)
-      end.any?(true)
+      RAILS_ENV.any? { |env| string.include?(env) }
     end
     def found_match(string)
+      # Don't match commented lines
+      return false if /^\s*#/.match?(string)
       /config.consider_all_requests\S?.*=\s?.*true/.match?(string)
     end
   end

data/lib/simplycop/version.rb CHANGED Viewed

@@ -7,5 +7,5 @@
 #
 module Simplycop
-  VERSION = '2.20.1'
+  VERSION = '2.21.0'
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: simplycop
 version: !ruby/object:Gem::Version
-  version: 2.20.1
+  version: 2.21.0
 platform: ruby
 authors:
 - Simply Business
 bindir: bin
 cert_chain: []
-date: 2025-07-07 00:00:00.000000000 Z
+date: 2025-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -221,7 +221,6 @@ files:
 - lib/simplycop/custom_cops/no_foreground_indices.rb
 - lib/simplycop/custom_cops/timecop_without_block.rb
 - lib/simplycop/custom_cops/variable_name_shadowing_method.rb
-- lib/simplycop/security/check_for_vulnerable_code.rb
 - lib/simplycop/security/csrf_token_validation.rb
 - lib/simplycop/security/reject_all_requests_local.rb
 - lib/simplycop/version.rb

data/lib/simplycop/security/check_for_vulnerable_code.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Security
-  class CheckForVulnerableCode < RuboCop::Cop::Base
-    RESULT = {}
-    def self.read_file
-      gem_path = File.expand_path("#{File.dirname(__FILE__)}../../../../")
-      file = File.read("#{gem_path}/vuln_db.json").strip
-      json = JSON.parse(file)
-      json["vulnerabilities"]["rails"]
-    end
-    VULNERABILITY_LIST = read_file
-    VULNERABILITY_LIST.each do |string|
-      search = string["search_string"]
-      info = string["info"]
-      RESULT[search.to_sym] = info
-      def_node_matcher search.to_sym, "(send _ :#{search} _)"
-    end
-    def on_send(node)
-      _, method = *node
-      return unless method
-      if (info = RESULT[method])
-        message = "Rails: Possible vulnerability found, CVE Details - #{info} "
-        add_offense(node.loc.selector, message: message)
-      end
-    end
-  end
-end