Class: RuboCop::Cop::Bundler::InsecureProtocolSource

Inherits:
RuboCop::Cop::Base show all
Extended by:
AutoCorrector
Includes:
RangeHelp
Defined in:
lib/rubocop/cop/bundler/insecure_protocol_source.rb

Overview

Passing symbol arguments to `source` (e.g. `source :rubygems`) is deprecated because they default to using HTTP requests. Instead, specify `'rubygems.org'` if possible, or `'rubygems.org'` if not.

When autocorrecting, this cop will replace symbol arguments with `'rubygems.org'`.

This cop will not replace existing sources that use `http://`. This may be necessary where HTTPS is not available. For example, where using an internal gem server via an intranet, or where HTTPS is prohibited. However, you should strongly prefer `https://` where possible, as it is more secure.

Examples:

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org' # use only if HTTPS is unavailable

Constant Summary collapse

MSG =
'The source `:%<source>s` is deprecated because HTTP requests ' \
'are insecure. ' \
"Please change your source to 'https://rubygems.org' " \
"if possible, or 'http://rubygems.org' if not."
RESTRICT_ON_SEND =
%i[source].freeze

Instance Attribute Summary

Attributes inherited from RuboCop::Cop::Base

#config, #processed_source

Instance Method Summary collapse

Methods included from AutoCorrector

support_autocorrect?

Methods inherited from RuboCop::Cop::Base

#add_global_offense, #add_offense, autocorrect_incompatible_with, badge, #callbacks_needed, callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #cop_config, #cop_name, cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #parse, #ready, #relevant_file?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version

Methods included from ExcludeLimit

#exclude_limit

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

silence_warnings

Constructor Details

This class inherits a constructor from RuboCop::Cop::Base

Instance Method Details

#insecure_protocol_source?(node) ⇒ Object


41
42
43
44
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 41

def_node_matcher :insecure_protocol_source?, <<~PATTERN
  (send nil? :source
    $(sym ${:gemcutter :rubygems :rubyforge}))
PATTERN

#on_send(node) ⇒ Object


46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 46

def on_send(node)
  insecure_protocol_source?(node) do |source_node, source|
    message = format(MSG, source: source)

    add_offense(
      source_node,
      message: message
    ) do |corrector|
      corrector.replace(
        source_node, "'https://rubygems.org'"
      )
    end
  end
end