Class: RuboCop::Cop::Bundler::InsecureProtocolSource

Inherits:
Cop
  • Object
show all
Includes:
RangeHelp
Defined in:
lib/rubocop/cop/bundler/insecure_protocol_source.rb

Overview

The symbol argument ‘:gemcutter`, `:rubygems`, and `:rubyforge` are deprecated. So please change your source to URL string that ’rubygems.org’ if possible, or ‘rubygems.org’ if not.

This autocorrect will replace these symbols with ‘rubygems.org’. Because it is secure, HTTPS request is strongly recommended. And in most use cases HTTPS will be fine.

However, it don’t replace all ‘sources` of `http://` with `https://`. For example, when specifying an internal gem server using HTTP on the intranet, a use case where HTTPS can not be specified was considered. Consider using HTTP only if you can not use HTTPS.

Examples:

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org'

Constant Summary collapse

MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \
'are insecure. ' \
"Please change your source to 'https://rubygems.org' " \
"if possible, or 'http://rubygems.org' if not.".freeze

Constants included from Util

Util::LITERAL_REGEX

Instance Attribute Summary

Attributes inherited from Cop

#config, #corrections, #offenses, #processed_source

Instance Method Summary collapse

Methods inherited from Cop

#add_offense, all, autocorrect_incompatible_with, badge, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, cop_name, #cop_name, #correct, department, #duplicate_location?, #excluded_file?, #find_location, #highlights, inherited, #initialize, #join_force?, lint?, match?, #message, #messages, non_rails, #parse, qualified_cop_name, #relevant_file?, #target_rails_version, #target_ruby_version

Methods included from AST::Sexp

#s

Methods included from NodePattern::Macros

#def_node_matcher, #def_node_search, #node_search, #node_search_all, #node_search_body, #node_search_first

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #support_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

begins_its_line?, comment_line?, double_quotes_required?, escape_string, first_part_of_call_chain, interpret_string_escapes, line_range, needs_escaping?, on_node, parentheses?, same_line?, to_string_literal, to_supported_styles, tokens

Methods included from PathUtil

absolute?, hidden_dir?, hidden_file_in_not_hidden_dir?, match_path?, pwd, relative_path, reset_pwd, smart_path

Constructor Details

This class inherits a constructor from RuboCop::Cop::Cop

Instance Method Details

#autocorrect(node) ⇒ Object



53
54
55
56
57
58
59
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 53

def autocorrect(node)
  lambda do |corrector|
    corrector.replace(
      node.first_argument.loc.expression, "'https://rubygems.org'"
    )
  end
end

#on_send(node) ⇒ Object



41
42
43
44
45
46
47
48
49
50
51
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 41

def on_send(node)
  insecure_protocol_source?(node) do |source|
    message = format(MSG, source: source)

    add_offense(
      node,
      location: range(node.first_argument.loc.expression),
      message: message
    )
  end
end