Class: RuboCop::Cop::Bundler::InsecureProtocolSource

Inherits:

RuboCop::Cop::Base

• Object
• RuboCop::Cop::Base
• RuboCop::Cop::Bundler::InsecureProtocolSource

Extended by:

AutoCorrector

Includes:

RangeHelp

Defined in:

lib/rubocop/cop/bundler/insecure_protocol_source.rb

Overview

The symbol argument ‘:gemcutter`, `:rubygems`, and `:rubyforge` are deprecated. So please change your source to URL string that ’rubygems.org’ if possible, or ‘rubygems.org’ if not.

This autocorrect will replace these symbols with ‘rubygems.org’. Because it is secure, HTTPS request is strongly recommended. And in most use cases HTTPS will be fine.

However, it don’t replace all ‘sources` of `http://` with `https://`. For example, when specifying an internal gem server using HTTP on the intranet, a use case where HTTPS cannot be specified was considered. Consider using HTTP only if you cannot use HTTPS.

Examples:

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org'

Constant Summary

MSG =

'The source `:%<source>s` is deprecated because HTTP requests ' \
'are insecure. ' \
"Please change your source to 'https://rubygems.org' " \
"if possible, or 'http://rubygems.org' if not."

RESTRICT_ON_SEND =

%i[source].freeze

Instance Attribute Summary

Attributes inherited from RuboCop::Cop::Base

#config, #processed_source

Instance Method Summary

• #insecure_protocol_source?(node) ⇒ Object
• #on_send(node) ⇒ Object

Methods included from AutoCorrector

support_autocorrect?

Methods inherited from RuboCop::Cop::Base

#add_global_offense, #add_offense, autocorrect_incompatible_with, badge, #callbacks_needed, callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, #cop_name, cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #ready, #relevant_file?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version

Methods included from ExcludeLimit

#exclude_limit

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

silence_warnings

Constructor Details

This class inherits a constructor from RuboCop::Cop::Base

Instance Method Details

#insecure_protocol_source?(node) ⇒ Object

# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 40

def_node_matcher :insecure_protocol_source?, <<~PATTERN
  (send nil? :source
    $(sym ${:gemcutter :rubygems :rubyforge}))
PATTERN

#on_send(node) ⇒ Object

# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 45

def on_send(node)
  insecure_protocol_source?(node) do |source_node, source|
    message = format(MSG, source: source)

    add_offense(
      source_node,
      message: message
    ) do |corrector|
      corrector.replace(
        source_node, "'https://rubygems.org'"
      )
    end
  end
end