Class: RuboCop::Cop::Bundler::InsecureProtocolSource

Inherits:
Cop
  • Object
show all
Defined in:
lib/rubocop/cop/bundler/insecure_protocol_source.rb

Overview

The symbol argument ‘:gemcutter`, `:rubygems` and `:rubyforge` are deprecated. So please change your source to URL string that ’rubygems.org’ if possible, or ‘rubygems.org’ if not.

This autocorrect will replace these symbols with ‘rubygems.org’. Because it is secure, HTTPS request is strongly recommended. And in most use cases HTTPS will be fine.

However, it don’t replace all ‘sources` of `http://` with `https://`. For example, when specifying an internal gem server using HTTP on the intranet, a use case where HTTPS can not be specified was considered. Consider using HTTP only if you can not use HTTPS.

Examples:

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org'

Constant Summary collapse

MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \
'are insecure. ' \
"Please change your source to 'https://rubygems.org' " \
"if possible, or 'http://rubygems.org' if not.".freeze

Constants included from Util

Util::ASGN_NODES, Util::BYTE_ORDER_MARK, Util::CONDITIONAL_NODES, Util::EQUALS_ASGN_NODES, Util::LITERAL_REGEX, Util::LOGICAL_OPERATOR_NODES, Util::MODIFIER_NODES, Util::OPERATOR_METHODS, Util::SHORTHAND_ASGN_NODES

Instance Attribute Summary

Attributes inherited from Cop

#config, #corrections, #offenses, #processed_source

Instance Method Summary collapse

Methods inherited from Cop

#add_offense, all, autocorrect_incompatible_with, badge, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, cop_name, #cop_name, #correct, department, #duplicate_location?, #excluded_file?, #find_location, #highlights, inherited, #initialize, #join_force?, lint?, match?, #message, #messages, non_rails, #parse, qualified_cop_name, #relevant_file?, #target_rails_version, #target_ruby_version

Methods included from AST::Sexp

#s

Methods included from NodePattern::Macros

#def_node_matcher, #def_node_search, #node_search, #node_search_all, #node_search_body, #node_search_first

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #support_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

begins_its_line?, comment_line?, double_quotes_required?, effective_column, ends_its_line?, escape_string, first_part_of_call_chain, interpret_string_escapes, line_range, needs_escaping?, on_node, operator?, parentheses?, parenthesized_call?, precede?, range_between, range_by_whole_lines, range_with_surrounding_comma, range_with_surrounding_space, same_line?, source_range, strip_quotes, stripped_source_upto, symbol_without_quote?, to_string_literal, to_supported_styles, to_symbol_literal, within_node?

Methods included from PathUtil

absolute?, find_file_upwards, match_path?, pwd, relative_path, reset_pwd, smart_path

Constructor Details

This class inherits a constructor from RuboCop::Cop::Cop

Instance Method Details

#autocorrect(node) ⇒ Object



51
52
53
54
55
56
57
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 51

def autocorrect(node)
  lambda do |corrector|
    corrector.replace(
      node.first_argument.loc.expression, "'https://rubygems.org'"
    )
  end
end

#on_send(node) ⇒ Object



39
40
41
42
43
44
45
46
47
48
49
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 39

def on_send(node)
  insecure_protocol_source?(node) do |source|
    message = format(MSG, source: source)

    add_offense(
      node,
      location: source_range(node.first_argument.loc.expression),
      message: message
    )
  end
end