Class: RuboCop::Cop::Bundler::InsecureProtocolSource

Inherits:
RuboCop::Cop::Base show all
Extended by:
AutoCorrector
Includes:
RangeHelp
Defined in:
lib/rubocop/cop/bundler/insecure_protocol_source.rb

Overview

The symbol argument `:gemcutter`, `:rubygems`, and `:rubyforge` are deprecated. So please change your source to URL string that 'rubygems.org' if possible, or 'rubygems.org' if not.

This autocorrect will replace these symbols with 'rubygems.org'. Because it is secure, HTTPS request is strongly recommended. And in most use cases HTTPS will be fine.

However, it don't replace all `sources` of `http://` with `https://`. For example, when specifying an internal gem server using HTTP on the intranet, a use case where HTTPS cannot be specified was considered. Consider using HTTP only if you cannot use HTTPS.

Examples:

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org'

Constant Summary collapse

MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \
'are insecure. ' \
"Please change your source to 'https://rubygems.org' " \
"if possible, or 'http://rubygems.org' if not."
RESTRICT_ON_SEND =
%i[source].freeze

Constants included from Util

Util::LITERAL_REGEX

Instance Attribute Summary

Attributes inherited from RuboCop::Cop::Base

#config, #processed_source

Instance Method Summary collapse

Methods included from AutoCorrector

support_autocorrect?

Methods inherited from RuboCop::Cop::Base

#add_global_offense, #add_offense, autocorrect_incompatible_with, badge, #callbacks_needed, callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, #cop_name, cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #ready, #relevant_file?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

add_parentheses, args_begin, args_end, begins_its_line?, comment_line?, comment_lines?, double_quotes_required?, escape_string, first_part_of_call_chain, indent, interpret_string_escapes, line_range, needs_escaping?, on_node, parentheses?, same_line?, to_string_literal, to_supported_styles, trim_string_interporation_escape_character

Methods included from PathUtil

absolute?, hidden_dir?, hidden_file?, hidden_file_in_not_hidden_dir?, match_path?, maybe_hidden_file?, relative_path, smart_path

Constructor Details

This class inherits a constructor from RuboCop::Cop::Base

Instance Method Details

#on_send(node) ⇒ Object


44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 44

def on_send(node)
  insecure_protocol_source?(node) do |source_node, source|
    message = format(MSG, source: source)

    add_offense(
      source_node,
      message: message
    ) do |corrector|
      corrector.replace(
        source_node, "'https://rubygems.org'"
      )
    end
  end
end