123456789_123456789_123456789_123456789_123456789_

Class: RuboCop::Cop::Gemspec::RequireMFA

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
self, ::RuboCop::Cop::AutoCorrector, ::RuboCop::Cop::Base, ::RuboCop::ExcludeLimit, NodePattern::Macros, RuboCop::AST::Sexp
Instance Chain:
Inherits: RuboCop::Cop::Base
Defined in: lib/rubocop/cop/gemspec/require_mfa.rb

Overview

Requires a gemspec to have #rubygems_mfa_required metadata set.

This setting tells RubyGems that MFA (Multi-Factor Authentication) is required for accounts to be able perform privileged operations, such as (see RubyGems' documentation for the full list of privileged operations):

  • gem push

  • gem yank

  • gem owner --add/remove

  • adding or removing owners using gem ownership page

This helps make your gem more secure, as users can be more confident that gem updates were pushed by maintainers.

Examples:

# bad
Gem::Specification.new do |spec|
  # no {rubygems_mfa_required} metadata specified
end

# good
Gem::Specification.new do |spec|
  spec. = {
    'rubygems_mfa_required' => 'true'
  }
end

# good
Gem::Specification.new do |spec|
  spec.['rubygems_mfa_required'] = 'true'
end

# bad
Gem::Specification.new do |spec|
  spec. = {
    'rubygems_mfa_required' => 'false'
  }
end

# good
Gem::Specification.new do |spec|
  spec. = {
    'rubygems_mfa_required' => 'true'
  }
end

# bad
Gem::Specification.new do |spec|
  spec.['rubygems_mfa_required'] = 'false'
end

# good
Gem::Specification.new do |spec|
  spec.['rubygems_mfa_required'] = 'true'
end

Constant Summary

::RuboCop::Cop::Base - Inherited

EMPTY_OFFENSES, RESTRICT_ON_SEND

Class Attribute Summary

::RuboCop::Cop::AutoCorrector - Extended

::RuboCop::Cop::Base - Inherited

.gem_requirements, .lint?,
.support_autocorrect?

Returns if class supports autocorrect.

.support_multiple_source?

Override if your cop should be called repeatedly for multiple investigations Between calls to on_new_investigation and on_investigation_end, the result of processed_source will remain constant.

Class Method Summary

::RuboCop::Cop::Base - Inherited

.autocorrect_incompatible_with

List of cops that should not try to autocorrect at the same time as this cop.

.badge

Naming.

.callbacks_needed, .cop_name, .department,
.documentation_url

Returns a url to view this cops documentation online.

.exclude_from_registry

Call for abstract Cop classes.

.inherited,
.joining_forces

Override and return the Force class(es) you need to join.

.match?

Returns true if the cop name or the cop namespace matches any of the given names.

.new,
.requires_gem

Register a version requirement for the given gem name.

.restrict_on_send

::RuboCop::ExcludeLimit - Extended

exclude_limit

Sets up a configuration option to have an exclude limit tracked.

transform

Instance Attribute Summary

Instance Method Summary

::RuboCop::Cop::GemspecHelp - Included

::RuboCop::Cop::Base - Inherited

#add_global_offense

Adds an offense that has no particular location.

#add_offense

Adds an offense on the specified range (or node with an expression) Unless that offense is disabled for this range, a corrector will be yielded to provide the cop the opportunity to autocorrect the offense.

#begin_investigation

Called before any investigation.

#callbacks_needed,
#cop_config

Configuration Helpers.

#cop_name, #excluded_file?,
#external_dependency_checksum

This method should be overridden when a cop’s behavior depends on state that lives outside of these locations:

#inspect,
#message

Gets called if no message is specified when calling add_offense or add_global_offense Cops are discouraged to override this; instead pass your message directly.

#name

Alias for Base#cop_name.

#offenses,
#on_investigation_end

Called after all on_…​

#on_new_investigation

Called before all on_…​

#on_other_file

Called instead of all on_…​

#parse

There should be very limited reasons for a Cop to do it’s own parsing.

#parser_engine,
#ready

Called between investigations.

#relevant_file?,
#target_gem_version

Returns a gems locked versions (i.e.

#target_rails_version, #target_ruby_version, #annotate, #apply_correction, #attempt_correction,
#callback_argument

Reserved for Cop::Cop.

#complete_investigation

Called to complete an investigation.

#correct, #current_corrector,
#current_offense_locations

Reserved for Commissioner:

#current_offenses, #currently_disabled_lines, #custom_severity, #default_severity, #disable_uncorrectable, #enabled_line?, #file_name_matches_any?, #find_message, #find_severity, #range_for_original, #range_from_node_or_range,
#reset_investigation

Actually private methods.

#use_corrector

::RuboCop::Cop::AutocorrectLogic - Included

::RuboCop::Cop::IgnoredNode - Included

Constructor Details

This class inherits a constructor from RuboCop::Cop::Base

Instance Method Details

#autocorrect(corrector, node, block_var, metadata) (private)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 115

def autocorrect(corrector, node, block_var, )
  if 
    return unless .hash_type?

    (corrector, )
  else
    insert_mfa_required(corrector, node, block_var)
  end
end

#change_value(corrector, value) (private)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 139

def change_value(corrector, value)
  corrector.replace(value, "'true'")
end

#correct_metadata(corrector, metadata) (private)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 125

def (corrector, )
  if .pairs.any?
    corrector.insert_after(.pairs.last, ",\n'rubygems_mfa_required' => 'true'")
  else
    corrector.insert_before(.loc.end, "'rubygems_mfa_required' => 'true'")
  end
end

#insert_mfa_required(corrector, node, block_var) (private)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 133

def insert_mfa_required(corrector, node, block_var)
  corrector.insert_before(node.loc.end, <<~RUBY)
    #{block_var}.metadata['rubygems_mfa_required'] = 'true'
  RUBY
end

#metadata(node)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 70

def_node_matcher :, <<~PATTERN
  `{
    (send _ :metadata= $_)
    (send (send _ :metadata) :[]= (str "rubygems_mfa_required") $_)
  }
PATTERN

#mfa_value(metadata_value) (private)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 108

def mfa_value()
  return unless 
  return  if .str_type?

  rubygems_mfa_required().first
end

#on_block(node)

InternalAffairs/NumblockHandler

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 87

def on_block(node) # rubocop:disable Metrics/MethodLength, InternalAffairs/NumblockHandler
  gem_specification(node) do |block_var|
     = (node)
    mfa_value = mfa_value()

    if mfa_value
      unless true_string?(mfa_value)
        add_offense(mfa_value) do |corrector|
          change_value(corrector, mfa_value)
        end
      end
    else
      add_offense(node) do |corrector|
        autocorrect(corrector, node, block_var, )
      end
    end
  end
end

#rubygems_mfa_required(node)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 78

def_node_search :rubygems_mfa_required, <<~PATTERN
  (pair (str "rubygems_mfa_required") $_)
PATTERN

#true_string?(node)

[ GitHub ]

  
# File 'lib/rubocop/cop/gemspec/require_mfa.rb', line 83

def_node_matcher :true_string?, <<~PATTERN
  (str "true")
PATTERN