Class: RuboCop::Cop::Bundler::InsecureProtocolSource
- Inherits:
-
RuboCop::Cop::Base
- Object
- RuboCop::Cop::Base
- RuboCop::Cop::Bundler::InsecureProtocolSource
- Extended by:
- AutoCorrector
- Includes:
- RangeHelp
- Defined in:
- lib/rubocop/cop/bundler/insecure_protocol_source.rb
Overview
Passing symbol arguments to source
(e.g. source :rubygems
) is
deprecated because they default to using HTTP requests. Instead, specify
'https://rubygems.org'
if possible, or 'http://rubygems.org'
if not.
When autocorrecting, this cop will replace symbol arguments with
'https://rubygems.org'
.
This cop will not replace existing sources that use http://
. This may
be necessary where HTTPS is not available. For example, where using an
internal gem server via an intranet, or where HTTPS is prohibited.
However, you should strongly prefer https://
where possible, as it is
more secure.
If you don’t allow http://
, please set false
to AllowHttpProtocol
.
This option is true
by default for safe autocorrection.
Constant Summary collapse
- MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \ 'are insecure. ' \ "Please change your source to 'https://rubygems.org' " \ "if possible, or 'http://rubygems.org' if not."
- MSG_HTTP_PROTOCOL =
'Use `https://rubygems.org` instead of `http://rubygems.org`.'
- RESTRICT_ON_SEND =
%i[source].freeze
Instance Attribute Summary
Attributes inherited from RuboCop::Cop::Base
Instance Method Summary collapse
Methods included from AutoCorrector
Methods inherited from RuboCop::Cop::Base
#active_support_extensions_enabled?, #add_global_offense, #add_offense, autocorrect_incompatible_with, badge, #begin_investigation, callbacks_needed, #callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, cop_name, #cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, #inspect, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #parse, #ready, #relevant_file?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version
Methods included from ExcludeLimit
Methods included from AutocorrectLogic
#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #autocorrect_with_disable_uncorrectable?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?
Methods included from IgnoredNode
#ignore_node, #ignored_node?, #part_of_ignored_node?
Methods included from Util
Constructor Details
This class inherits a constructor from RuboCop::Cop::Base
Instance Method Details
#insecure_protocol_source?(node) ⇒ Object
54 55 56 57 |
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 54 def_node_matcher :insecure_protocol_source?, <<~PATTERN (send nil? :source ${(sym :gemcutter) (sym :rubygems) (sym :rubyforge) (:str "http://rubygems.org")}) PATTERN |
#on_send(node) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 59 def on_send(node) insecure_protocol_source?(node) do |source_node| source = source_node.value use_http_protocol = source == 'http://rubygems.org' return if allow_http_protocol? && use_http_protocol = if use_http_protocol MSG_HTTP_PROTOCOL else format(MSG, source: source) end add_offense(source_node, message: ) do |corrector| corrector.replace(source_node, "'https://rubygems.org'") end end end |