Class: RuboCop::Cop::Bundler::InsecureProtocolSource
- Inherits:
-
RuboCop::Cop::Base
- Object
- RuboCop::Cop::Base
- RuboCop::Cop::Bundler::InsecureProtocolSource
- Extended by:
- AutoCorrector
- Defined in:
- lib/rubocop/cop/bundler/insecure_protocol_source.rb
Overview
Passing symbol arguments to ‘source` (e.g. `source :rubygems`) is deprecated because they default to using HTTP requests. Instead, specify `’rubygems.org’‘ if possible, or `’rubygems.org’‘ if not.
When autocorrecting, this cop will replace symbol arguments with ‘’rubygems.org’‘.
This cop will not replace existing sources that use ‘http://`. This may be necessary where HTTPS is not available. For example, where using an internal gem server via an intranet, or where HTTPS is prohibited. However, you should strongly prefer `https://` where possible, as it is more secure.
If you don’t allow ‘http://`, please set `false` to `AllowHttpProtocol`. This option is `true` by default for safe autocorrection.
Constant Summary collapse
- MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \ 'are insecure. ' \ "Please change your source to 'https://rubygems.org' " \ "if possible, or 'http://rubygems.org' if not."
- MSG_HTTP_PROTOCOL =
'Use `https://rubygems.org` instead of `http://rubygems.org`.'
- RESTRICT_ON_SEND =
%i[source].freeze
Instance Attribute Summary
Attributes inherited from RuboCop::Cop::Base
Instance Method Summary collapse
Methods included from AutoCorrector
Methods inherited from RuboCop::Cop::Base
#active_support_extensions_enabled?, #add_global_offense, #add_offense, #always_autocorrect?, autocorrect_incompatible_with, badge, #begin_investigation, #callbacks_needed, callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #contextual_autocorrect?, #cop_config, cop_name, #cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, #inspect, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #parse, #parser_engine, #ready, #relevant_file?, requires_gem, #string_literals_frozen_by_default?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version
Methods included from ExcludeLimit
Methods included from AutocorrectLogic
#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #autocorrect_with_disable_uncorrectable?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?
Methods included from IgnoredNode
#ignore_node, #ignored_node?, #part_of_ignored_node?
Methods included from Util
Constructor Details
This class inherits a constructor from RuboCop::Cop::Base
Instance Method Details
#insecure_protocol_source?(node) ⇒ Object
53 54 55 56 |
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 53 def_node_matcher :insecure_protocol_source?, <<~PATTERN (send nil? :source ${(sym :gemcutter) (sym :rubygems) (sym :rubyforge) (:str "http://rubygems.org")}) PATTERN |
#on_send(node) ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 58 def on_send(node) insecure_protocol_source?(node) do |source_node| source = source_node.value use_http_protocol = source == 'http://rubygems.org' return if allow_http_protocol? && use_http_protocol = if use_http_protocol MSG_HTTP_PROTOCOL else format(MSG, source: source) end add_offense(source_node, message: ) do |corrector| corrector.replace(source_node, "'https://rubygems.org'") end end end |