simplycop 2.20.1 → 2.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.custom_simplycop.yml +8 -0
- data/.rubocop.yml +1 -1
- data/.simplycop_bundler.yml +3 -0
- data/.simplycop_lint.yml +4 -0
- data/.simplycop_metaprogramming.yml +4 -10
- data/.simplycop_rspec.yml +6 -0
- data/.simplycop_security.yml +0 -7
- data/.simplycop_style.yml +4 -0
- data/Rakefile +65 -0
- data/catalog-info.yaml +1 -1
- data/lib/simplycop/custom_cops/dont_print_all_env.rb +1 -1
- data/lib/simplycop/custom_cops/timecop_without_block.rb +3 -1
- data/lib/simplycop/security/csrf_token_validation.rb +4 -4
- data/lib/simplycop/security/reject_all_requests_local.rb +4 -3
- data/lib/simplycop/version.rb +1 -1
- metadata +2 -3
- data/lib/simplycop/security/check_for_vulnerable_code.rb +0 -34
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f0c8db771440d3f4a712243e92b70e3c75e2b2d5a7fd17b062d571293a928a6
|
|
4
|
+
data.tar.gz: 1641457bc4c51b107a9f50ba2dcbe9c609f492e933d48eb1b3c2a28170a74e24
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ccd2546e974a11452b2782497e2271bea2bfd7437819acb22852dccd10c6ea27eec9e5fc458c332f6558857b0beba52055c8786f41d99b355ffec48313a17b5
|
|
7
|
+
data.tar.gz: 77e2084a5b25fabbcacc8637487f8801a744a241d1c553d57638a19ed529309dd19a49a08998ef6efb541f5b84aaa174e761c2bdadfdb9fc302dd96eb0778d82
|
data/.custom_simplycop.yml
CHANGED
|
@@ -2,6 +2,7 @@ require:
|
|
|
2
2
|
- './lib/simplycop/custom_cops/timecop_without_block.rb'
|
|
3
3
|
- './lib/simplycop/custom_cops/dont_print_all_env.rb'
|
|
4
4
|
- './lib/simplycop/custom_cops/no_foreground_indices.rb'
|
|
5
|
+
- './lib/simplycop/custom_cops/variable_name_shadowing_method.rb'
|
|
5
6
|
|
|
6
7
|
AllCops:
|
|
7
8
|
ExtraDetails: true
|
|
@@ -23,3 +24,10 @@ CustomCops/NoForegroundIndices:
|
|
|
23
24
|
|
|
24
25
|
Include:
|
|
25
26
|
- app/models/*
|
|
27
|
+
|
|
28
|
+
CustomCops/VariableNameShadowingMethod:
|
|
29
|
+
Enabled: true
|
|
30
|
+
Details: >-
|
|
31
|
+
This cop checks for local variable assignments that shadow method names in the same scope.
|
|
32
|
+
This can cause subtle bugs where the variable returns nil instead of calling the method,
|
|
33
|
+
since Ruby determines local variable scope at parse time, not runtime.
|
data/.rubocop.yml
CHANGED
data/.simplycop_bundler.yml
CHANGED
data/.simplycop_lint.yml
CHANGED
|
@@ -2,6 +2,7 @@ Lint/AmbiguousAssignment:
|
|
|
2
2
|
Enabled: true
|
|
3
3
|
|
|
4
4
|
Lint/AmbiguousBlockAssociation:
|
|
5
|
+
Enabled: true
|
|
5
6
|
Exclude:
|
|
6
7
|
- spec/**/*
|
|
7
8
|
|
|
@@ -138,6 +139,9 @@ Lint/EmptyInterpolation:
|
|
|
138
139
|
Lint/EmptyWhen:
|
|
139
140
|
Enabled: true
|
|
140
141
|
|
|
142
|
+
Lint/EnsureReturn:
|
|
143
|
+
Enabled: true
|
|
144
|
+
|
|
141
145
|
Lint/ErbNewArguments:
|
|
142
146
|
Enabled: true
|
|
143
147
|
|
|
@@ -8,28 +8,22 @@ CustomCops/Constantize:
|
|
|
8
8
|
Enabled: true
|
|
9
9
|
Details: >-
|
|
10
10
|
Decision 001 : Avoid metaprogamming, where feasible
|
|
11
|
-
`https://
|
|
11
|
+
`https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
|
|
12
12
|
|
|
13
13
|
CustomCops/DefineMethod:
|
|
14
14
|
Enabled: true
|
|
15
15
|
Details: >-
|
|
16
16
|
Decision 001 : Avoid metaprogamming, where feasible
|
|
17
|
-
`https://
|
|
17
|
+
`https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
|
|
18
18
|
|
|
19
19
|
CustomCops/InstanceEval:
|
|
20
20
|
Enabled: true
|
|
21
21
|
Details: >-
|
|
22
22
|
Decision 001 : Avoid metaprogamming, where feasible
|
|
23
|
-
`https://
|
|
23
|
+
`https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
|
|
24
24
|
|
|
25
25
|
CustomCops/MethodMissing:
|
|
26
26
|
Enabled: true
|
|
27
27
|
Details: >-
|
|
28
28
|
Decision 001 : Avoid metaprogamming, where feasible
|
|
29
|
-
`https://
|
|
30
|
-
|
|
31
|
-
Style/Send:
|
|
32
|
-
Enabled: true
|
|
33
|
-
Details: >-
|
|
34
|
-
Decision 001 : Avoid metaprogamming, where feasible
|
|
35
|
-
`https://github.com/simplybusiness/chopin/blob/master/doc/decision-records/001-metaprogramming.md`
|
|
29
|
+
`https://backstage.simplybusiness.io/docs/default/component/chopin/decision-records/001-metaprogramming/001-metaprogramming/`
|
data/.simplycop_rspec.yml
CHANGED
|
@@ -200,6 +200,9 @@ RSpec/MatchArray:
|
|
|
200
200
|
RSpec/MessageChain:
|
|
201
201
|
Enabled: true
|
|
202
202
|
|
|
203
|
+
RSpec/MessageExpectation:
|
|
204
|
+
Enabled: false
|
|
205
|
+
|
|
203
206
|
RSpec/MessageSpies:
|
|
204
207
|
Enabled: false
|
|
205
208
|
|
|
@@ -334,6 +337,9 @@ RSpec/UnspecifiedException:
|
|
|
334
337
|
RSpec/VariableDefinition:
|
|
335
338
|
Enabled: true
|
|
336
339
|
|
|
340
|
+
RSpec/VariableName:
|
|
341
|
+
Enabled: true
|
|
342
|
+
|
|
337
343
|
RSpec/VerifiedDoubleReference:
|
|
338
344
|
Enabled: true
|
|
339
345
|
|
data/.simplycop_security.yml
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require:
|
|
2
2
|
- './lib/simplycop/security/csrf_token_validation.rb'
|
|
3
3
|
- './lib/simplycop/security/reject_all_requests_local.rb'
|
|
4
|
-
- './lib/simplycop/security/check_for_vulnerable_code.rb'
|
|
5
4
|
|
|
6
5
|
# Custom security cops
|
|
7
6
|
|
|
@@ -17,12 +16,6 @@ Security/RejectAllRequestsLocal:
|
|
|
17
16
|
Affected environments are integration, staging, production
|
|
18
17
|
if you need to disable it please check with InfoSec department first.
|
|
19
18
|
|
|
20
|
-
Security/CheckForVulnerableCode:
|
|
21
|
-
Enabled: true
|
|
22
|
-
Details: >-
|
|
23
|
-
Please make sure that this is addressed accordingly.
|
|
24
|
-
Do not hesitate to contact infosec for help and guidance
|
|
25
|
-
|
|
26
19
|
# Standard security cops
|
|
27
20
|
|
|
28
21
|
Security/CompoundHash:
|
data/.simplycop_style.yml
CHANGED
|
@@ -19,6 +19,9 @@ Style/ArgumentsForwarding:
|
|
|
19
19
|
Style/ArrayCoercion:
|
|
20
20
|
Enabled: true
|
|
21
21
|
|
|
22
|
+
Style/ArrayFirstLast:
|
|
23
|
+
Enabled: false
|
|
24
|
+
|
|
22
25
|
Style/ArrayIntersect:
|
|
23
26
|
Enabled: true
|
|
24
27
|
|
|
@@ -879,6 +882,7 @@ Style/WhileUntilModifier:
|
|
|
879
882
|
Enabled: true
|
|
880
883
|
|
|
881
884
|
Style/WordArray:
|
|
885
|
+
Enabled: true
|
|
882
886
|
EnforcedStyle: brackets
|
|
883
887
|
|
|
884
888
|
Style/YAMLFileRead:
|
data/Rakefile
CHANGED
|
@@ -1,3 +1,68 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
# rubocop:disable Rails/RakeEnvironment
|
|
3
4
|
require 'bundler/gem_tasks'
|
|
5
|
+
require 'rspec/core/rake_task'
|
|
6
|
+
require 'rubocop/rake_task'
|
|
7
|
+
|
|
8
|
+
# RSpec task for running tests
|
|
9
|
+
RSpec::Core::RakeTask.new(:spec) do |task|
|
|
10
|
+
task.rspec_opts = '--format documentation --color'
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# RuboCop task for linting
|
|
14
|
+
RuboCop::RakeTask.new(:rubocop) do |task|
|
|
15
|
+
task.options = ['--display-cop-names', '--format', 'progress']
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# Combined quality check task
|
|
19
|
+
desc 'Run all quality checks (tests + linting)'
|
|
20
|
+
task quality: [:spec, :rubocop]
|
|
21
|
+
|
|
22
|
+
# CI task (same as quality but with different name for CI systems)
|
|
23
|
+
desc 'Run all checks for CI (tests + linting)'
|
|
24
|
+
task ci: :quality
|
|
25
|
+
|
|
26
|
+
# Default task
|
|
27
|
+
task default: :quality
|
|
28
|
+
|
|
29
|
+
# Custom task to list all custom cops
|
|
30
|
+
desc 'List all custom cops with their descriptions'
|
|
31
|
+
task :list_custom_cops do
|
|
32
|
+
puts "📋 Custom Cops in SimplyCop:\n\n"
|
|
33
|
+
|
|
34
|
+
# Custom cops
|
|
35
|
+
Dir.glob('lib/simplycop/custom_cops/*.rb').each do |file|
|
|
36
|
+
cop_name = File.basename(file, '.rb')
|
|
37
|
+
puts "🔍 CustomCops/#{cop_name.split('_').map(&:capitalize).join('')}"
|
|
38
|
+
|
|
39
|
+
# Try to extract description from the file
|
|
40
|
+
content = File.read(file)
|
|
41
|
+
if /# @example\s*\n#\s*#bad\s*\n(.*?)#\s*#good/m.match?(content)
|
|
42
|
+
puts " Description: Found in #{file}"
|
|
43
|
+
end
|
|
44
|
+
puts
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# Security cops
|
|
48
|
+
Dir.glob('lib/simplycop/security/*.rb').each do |file|
|
|
49
|
+
cop_name = File.basename(file, '.rb')
|
|
50
|
+
puts "🔒 Security/#{cop_name.split('_').map(&:capitalize).join('')}"
|
|
51
|
+
puts " Description: Found in #{file}"
|
|
52
|
+
puts
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Development setup task
|
|
57
|
+
desc 'Setup development environment'
|
|
58
|
+
task :setup do
|
|
59
|
+
puts '🔧 Setting up development environment...'
|
|
60
|
+
sh 'bundle install'
|
|
61
|
+
puts '✅ Bundle installed'
|
|
62
|
+
sh 'bundle exec rspec --version'
|
|
63
|
+
puts '✅ RSpec ready'
|
|
64
|
+
sh 'bundle exec rubocop --version'
|
|
65
|
+
puts '✅ RuboCop ready'
|
|
66
|
+
puts '🎉 Development environment ready!'
|
|
67
|
+
end
|
|
68
|
+
# rubocop:enable Rails/RakeEnvironment
|
data/catalog-info.yaml
CHANGED
|
@@ -10,7 +10,7 @@ metadata:
|
|
|
10
10
|
simplybusiness.com/bnw-app-name: simplycop
|
|
11
11
|
simplybusiness.com/sast-scanning: enabled
|
|
12
12
|
rubygems.org/name: simplycop
|
|
13
|
-
rubygems.org/current-version: 2.
|
|
13
|
+
rubygems.org/current-version: 2.22.0
|
|
14
14
|
spec:
|
|
15
15
|
type: library
|
|
16
16
|
lifecycle: production
|
|
@@ -17,7 +17,7 @@ module CustomCops
|
|
|
17
17
|
MSG = 'Printing all Environment Variables is extremely risky ' \
|
|
18
18
|
'If this code has been run, then it is likely that secrets have been ' \
|
|
19
19
|
'exposed in plaintext. Please alert `#infosec` about this so it can be ' \
|
|
20
|
-
'investigated immediately.'
|
|
20
|
+
'investigated immediately.'
|
|
21
21
|
|
|
22
22
|
def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
|
|
23
23
|
(send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
|
|
@@ -30,7 +30,9 @@ module CustomCops
|
|
|
30
30
|
# this denotes the following structure:
|
|
31
31
|
# `Timecop.method(arg1, arg2, &block)`, which is also a valid way of passing in a block
|
|
32
32
|
def last_child_is_a_block?(node)
|
|
33
|
-
|
|
33
|
+
return false unless node.children.last.respond_to?(:type)
|
|
34
|
+
|
|
35
|
+
node.children.last.type == :block_pass
|
|
34
36
|
end
|
|
35
37
|
end
|
|
36
38
|
end
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
module Security
|
|
2
2
|
class CSRFTokenValidation < RuboCop::Cop::Base
|
|
3
3
|
MSG = 'Do not disable authenticity token validation'
|
|
4
|
-
def_node_matcher :skip_before_action, '(send _ :skip_before_action
|
|
4
|
+
def_node_matcher :skip_before_action, '(send _ :skip_before_action ...)'
|
|
5
5
|
|
|
6
6
|
def on_send(node)
|
|
7
7
|
return unless skip_before_action(node)
|
|
8
8
|
|
|
9
|
-
_, _,
|
|
10
|
-
|
|
11
|
-
add_offense(node.loc.selector) if found_match(
|
|
9
|
+
_, _, first_arg = *node
|
|
10
|
+
method_name = first_arg.children.first if first_arg.type == :sym
|
|
11
|
+
add_offense(node.loc.selector) if found_match(method_name)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def found_match(method)
|
|
@@ -13,12 +13,13 @@ module Security
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def block_listed?(string)
|
|
16
|
-
RAILS_ENV.
|
|
17
|
-
results << string.include?(env)
|
|
18
|
-
end.any?(true)
|
|
16
|
+
RAILS_ENV.any? { |env| string.include?(env) }
|
|
19
17
|
end
|
|
20
18
|
|
|
21
19
|
def found_match(string)
|
|
20
|
+
# Don't match commented lines
|
|
21
|
+
return false if /^\s*#/.match?(string)
|
|
22
|
+
|
|
22
23
|
/config.consider_all_requests\S?.*=\s?.*true/.match?(string)
|
|
23
24
|
end
|
|
24
25
|
end
|
data/lib/simplycop/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simplycop
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.22.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Simply Business
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-07-
|
|
10
|
+
date: 2025-07-17 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: rubocop
|
|
@@ -221,7 +221,6 @@ files:
|
|
|
221
221
|
- lib/simplycop/custom_cops/no_foreground_indices.rb
|
|
222
222
|
- lib/simplycop/custom_cops/timecop_without_block.rb
|
|
223
223
|
- lib/simplycop/custom_cops/variable_name_shadowing_method.rb
|
|
224
|
-
- lib/simplycop/security/check_for_vulnerable_code.rb
|
|
225
224
|
- lib/simplycop/security/csrf_token_validation.rb
|
|
226
225
|
- lib/simplycop/security/reject_all_requests_local.rb
|
|
227
226
|
- lib/simplycop/version.rb
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
module Security
|
|
2
|
-
class CheckForVulnerableCode < RuboCop::Cop::Base
|
|
3
|
-
RESULT = {}
|
|
4
|
-
|
|
5
|
-
def self.read_file
|
|
6
|
-
gem_path = File.expand_path("#{File.dirname(__FILE__)}../../../../")
|
|
7
|
-
|
|
8
|
-
file = File.read("#{gem_path}/vuln_db.json").strip
|
|
9
|
-
json = JSON.parse(file)
|
|
10
|
-
json["vulnerabilities"]["rails"]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
VULNERABILITY_LIST = read_file
|
|
14
|
-
|
|
15
|
-
VULNERABILITY_LIST.each do |string|
|
|
16
|
-
search = string["search_string"]
|
|
17
|
-
info = string["info"]
|
|
18
|
-
|
|
19
|
-
RESULT[search.to_sym] = info
|
|
20
|
-
def_node_matcher search.to_sym, "(send _ :#{search} _)"
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def on_send(node)
|
|
24
|
-
_, method = *node
|
|
25
|
-
return unless method
|
|
26
|
-
|
|
27
|
-
if (info = RESULT[method])
|
|
28
|
-
message = "Rails: Possible vulnerability found, CVE Details - #{info} "
|
|
29
|
-
|
|
30
|
-
add_offense(node.loc.selector, message: message)
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|