Class: RuboCop::Cop::Bundler::InsecureProtocolSource
Relationships & Source Files | |
Super Chains via Extension / Inclusion / Inheritance | |
Class Chain:
self,
::RuboCop::Cop::AutoCorrector ,
::RuboCop::Cop::Base ,
::RuboCop::ExcludeLimit ,
NodePattern::Macros,
RuboCop::AST::Sexp
|
|
Instance Chain:
self,
::RuboCop::Cop::Base ,
::RuboCop::Cop::AutocorrectLogic ,
::RuboCop::Cop::IgnoredNode ,
::RuboCop::Util ,
RuboCop::AST::Sexp
|
|
Inherits: |
RuboCop::Cop::Base
|
Defined in: | lib/rubocop/cop/bundler/insecure_protocol_source.rb |
Overview
Passing symbol arguments to source
(e.g. source :rubygems
) is
deprecated because they default to using HTTP requests. Instead, specify
'https://rubygems.org' if possible, or 'http://rubygems.org' if not.
When autocorrecting, this cop will replace symbol arguments with 'https://rubygems.org'.
This cop will not replace existing sources that use http://. This may be necessary where HTTPS is not available. For example, where using an internal gem server via an intranet, or where HTTPS is prohibited. However, you should strongly prefer https:// where possible, as it is more secure.
If you don’t allow http://, please set false
to AllowHttpProtocol
.
This option is true
by default for safe autocorrection.
Constant Summary
-
MSG =
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 44'The source `:%<source>s` is deprecated because HTTP requests ' \ 'are insecure. ' \ "Please change your source to 'https://rubygems.org' " \ "if possible, or 'http://rubygems.org' if not."
-
MSG_HTTP_PROTOCOL =
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 48'Use `https://rubygems.org` instead of `http://rubygems.org`.'
-
RESTRICT_ON_SEND =
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 50%i[source].freeze
::RuboCop::Cop::Base
- Inherited
Class Attribute Summary
::RuboCop::Cop::AutoCorrector
- Extended
::RuboCop::Cop::Base
- Inherited
.gem_requirements, .lint?, | |
.support_autocorrect? | Returns if class supports autocorrect. |
.support_multiple_source? | Override if your cop should be called repeatedly for multiple investigations Between calls to |
Class Method Summary
::RuboCop::Cop::Base
- Inherited
.autocorrect_incompatible_with | List of cops that should not try to autocorrect at the same time as this cop. |
.badge | Naming. |
.callbacks_needed, .cop_name, .department, | |
.documentation_url | Returns a url to view this cops documentation online. |
.exclude_from_registry | Call for abstract Cop classes. |
.inherited, | |
.joining_forces | Override and return the Force class(es) you need to join. |
.match? | Returns true if the cop name or the cop namespace matches any of the given names. |
.new, | |
.requires_gem | Register a version requirement for the given gem name. |
.restrict_on_send |
::RuboCop::ExcludeLimit
- Extended
exclude_limit | Sets up a configuration option to have an exclude limit tracked. |
transform |
Instance Attribute Summary
- #allow_http_protocol? ⇒ Boolean readonly private
::RuboCop::Cop::Base
- Inherited
::RuboCop::Cop::AutocorrectLogic
- Included
Instance Method Summary
::RuboCop::Cop::Base
- Inherited
#add_global_offense | Adds an offense that has no particular location. |
#add_offense | Adds an offense on the specified range (or node with an expression) Unless that offense is disabled for this range, a corrector will be yielded to provide the cop the opportunity to autocorrect the offense. |
#begin_investigation | Called before any investigation. |
#callbacks_needed, | |
#cop_config | Configuration Helpers. |
#cop_name, #excluded_file?, | |
#external_dependency_checksum | This method should be overridden when a cop’s behavior depends on state that lives outside of these locations: |
#inspect, | |
#message | Gets called if no message is specified when calling |
#name | Alias for RuboCop::Cop::Base#cop_name. |
#offenses, | |
#on_investigation_end | Called after all on_… |
#on_new_investigation | Called before all on_… |
#on_other_file | Called instead of all on_… |
#parse | There should be very limited reasons for a Cop to do it’s own parsing. |
#parser_engine, | |
#ready | Called between investigations. |
#relevant_file?, | |
#target_gem_version | Returns a gems locked versions (i.e. |
#target_rails_version, #target_ruby_version, #annotate, #apply_correction, #attempt_correction, | |
#callback_argument | Reserved for Cop::Cop. |
#complete_investigation | Called to complete an investigation. |
#correct, #current_corrector, | |
#current_offense_locations | Reserved for Commissioner: |
#current_offenses, #currently_disabled_lines, #custom_severity, #default_severity, #disable_uncorrectable, #enabled_line?, #file_name_matches_any?, #find_message, #find_severity, #range_for_original, #range_from_node_or_range, | |
#reset_investigation | Actually private methods. |
#use_corrector |
::RuboCop::Cop::AutocorrectLogic
- Included
#disable_offense, #disable_offense_at_end_of_line, #disable_offense_before_and_after, #disable_offense_with_eol_or_surround_comment, #heredoc_range, #max_line_length, #multiline_ranges, #multiline_string?, | |
#range_by_lines | Expand the given range to include all of any lines it covers. |
#range_of_first_line, #range_overlaps_offense?, #string_continuation?, #surrounding_heredoc?, #surrounding_percent_array? |
::RuboCop::Cop::IgnoredNode
- Included
Constructor Details
This class inherits a constructor from RuboCop::Cop::Base
Instance Attribute Details
#allow_http_protocol? ⇒ Boolean
(readonly, private)
[ GitHub ]
# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 79
def allow_http_protocol? cop_config.fetch('AllowHttpProtocol', true) end
Instance Method Details
#insecure_protocol_source?(node)
[ GitHub ]# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 53
def_node_matcher :insecure_protocol_source?, <<~PATTERN (send nil? :source ${(sym :gemcutter) (sym :rubygems) (sym :rubyforge) (:str "http://rubygems.org")}) PATTERN
#on_send(node)
[ GitHub ]# File 'lib/rubocop/cop/bundler/insecure_protocol_source.rb', line 58
def on_send(node) insecure_protocol_source?(node) do |source_node| source = source_node.value use_http_protocol = source == 'http://rubygems.org' return if allow_http_protocol? && use_http_protocol = if use_http_protocol MSG_HTTP_PROTOCOL else format(MSG, source: source) end add_offense(source_node, message: ) do |corrector| corrector.replace(source_node, "'https://rubygems.org'") end end end