Class: RuboCop::Cop::Betterment::AuthorizationInController

Inherits:

Base

• Object
• Base
• RuboCop::Cop::Betterment::AuthorizationInController

Defined in:

lib/rubocop/cop/betterment/authorization_in_controller.rb

Constant Summary

MSG_UNSAFE_CREATE =

MSG_UNSAFE_CREATE = ‘Model created/updated using unsafe parameters’.freeze

"Model created/updated using unsafe parameters.\nPlease query for the associated record in a way that enforces authorization (e.g. \"trust-root chaining\"),\nand then pass the resulting object into your model instead of the unsafe parameter.\n\nINSTEAD OF THIS:\npost_parameters = params.permit(:album_id, :caption)\nPost.new(post_parameters)\n\nDO THIS:\nalbum = current_user.albums.find(params[:album_id])\npost_parameters = params.permit(:caption).merge(album: album)\nPost.new(post_parameters)\n\nSee here for more information on this error:\nhttps://github.com/Betterment/betterlint/blob/main/README.md#bettermentauthorizationincontroller\n"

Instance Attribute Summary

• #unsafe_parameters ⇒ Object

  Returns the value of attribute unsafe_parameters.

• #unsafe_regex ⇒ Object

  Returns the value of attribute unsafe_regex.

Instance Method Summary

• #initialize(config = nil, options = nil) ⇒ AuthorizationInController constructor

  A new instance of AuthorizationInController.

• #on_class(node) ⇒ Object
• #on_new_investigation ⇒ Object
• #on_send(node) ⇒ Object (also: #on_csend)

  rubocop:disable Metrics/PerceivedComplexity.

Constructor Details

#initialize(config = nil, options = nil) ⇒ AuthorizationInController

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 36

def initialize(config = nil, options = nil)
  super
  @unsafe_parameters = cop_config.fetch("unsafe_parameters").map(&:to_sym)
  @unsafe_regex = Regexp.new cop_config.fetch("unsafe_regex")
end

Instance Attribute Details

#unsafe_parameters ⇒ Object

Returns the value of attribute unsafe_parameters.

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 7

def unsafe_parameters
  @unsafe_parameters
end

#unsafe_regex ⇒ Object

Returns the value of attribute unsafe_regex.

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 7

def unsafe_regex
  @unsafe_regex
end

Instance Method Details

#on_class(node) ⇒ Object

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 48

def on_class(node)
  @class_methods = Utils::Parser.get_instance_methods(node).freeze
  @param_wrappers = find_param_wrappers(@class_methods).freeze
end

#on_new_investigation ⇒ Object

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 42

def on_new_investigation
  super
  @class_methods = {}.freeze
  @param_wrappers = [].freeze
end

#on_send(node) ⇒ Object Also known as: on_csend

rubocop:disable Metrics/PerceivedComplexity

# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 53

def on_send(node) # rubocop:disable Metrics/PerceivedComplexity
  return if !model_new?(node) && !model_update?(node)

  node.arguments.each do |argument|
    if argument.send_type? || argument.variable?
      flag_literal_param_use(argument)
      flag_indirect_param_use(argument)
    elsif argument.hash_type?
      argument.children.select(&:pair_type?).each do |pair|
        _key, value = *pair.children
        flag_literal_param_use(value)
        flag_indirect_param_use(value)
      end
    end
  end
end