Skip to content

Commit

Permalink
Release v0.5
Browse files Browse the repository at this point in the history
  • Loading branch information
jaredcwhite committed Apr 11, 2024
1 parent bd04162 commit af0985f
Show file tree
Hide file tree
Showing 11 changed files with 81 additions and 14 deletions.
6 changes: 4 additions & 2 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ require:
- rubocop-performance

AllCops:
TargetRubyVersion: 2.5
TargetRubyVersion: 3.1
NewCops: enable
SuggestExtensions: false
Exclude:
Expand All @@ -26,6 +26,8 @@ Layout/HashAlignment:
EnforcedHashRocketStyle: table
Layout/IndentationWidth:
Severity: error
Layout/LeadingCommentSpace:
Enabled: false
Layout/MultilineMethodCallIndentation:
EnforcedStyle: indented
Layout/MultilineOperationIndentation:
Expand Down Expand Up @@ -78,7 +80,7 @@ Style/ModuleFunction:
Style/MultilineBlockChain:
Enabled: false
Style/MultilineTernaryOperator:
Severity: error
Enabled: false
Style/ParallelAssignment:
Enabled: false
Style/PercentLiteralDelimiters:
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Changelog

## 0.5.0 / 2024-04-11

* Require minimum Ruby v3.1
* Rename insecure heredoc cop to `Bridgetown/InsecureHeredoc`
* Disable Layout/LeadingCommentSpace
* Disable Style/MultilineTernaryOperator

## 0.4.1 / 2023-11-10

* Add support for `html_attributes` and `(` characters in the heredoc cop.
Expand Down
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ source "https://rubygems.org"
gemspec

gem "bridgetown"
gem "rake", "~> 13.0"
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ You can override any settings inherited from the extension by configuring cops i

Besides cops which are provided directly by RuboCop and `rubocop-performance`, there are a few additional cops provided by this plugin:

* `Bridgetown/HTMLEscapedHeredoc`: this will monitor any heredocs in your code starting with `HTML` or `MARKDOWN` for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code in the string with one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 1.4 by default (but you can use them in any Ruby application including Rails).
* `Bridgetown/InsecureHeredoc`: this will monitor any heredocs in your code starting with `HTML` or `MARKDOWN` for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code in the string with one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 2.0 by default (but you can use them in any Ruby application including Rails).
* `Bridgetown/NoPAllowed`: this encourages using your framework's logger rather than `p` to output debugging information.
* `Bridgetown/NoPutsAllowed`: this encourages using your framework's logger rather than `puts` to output debugging information.

Expand Down
2 changes: 2 additions & 0 deletions Rakefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,5 @@ require "bundler/gem_tasks"
require "rubocop/rake_task"

RuboCop::RakeTask.new

task default: :rubocop
27 changes: 27 additions & 0 deletions bin/rake
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

#
# This file was generated by Bundler.
#
# The application 'rake' is installed as part of a gem, and
# this file is here to facilitate running it.
#

ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)

bundle_binstub = File.expand_path("bundle", __dir__)

if File.file?(bundle_binstub)
if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
load(bundle_binstub)
else
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
end
end

require "rubygems"
require "bundler/setup"

load Gem.bin_path("rake", "rake")
27 changes: 27 additions & 0 deletions bin/rubocop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

#
# This file was generated by Bundler.
#
# The application 'rubocop' is installed as part of a gem, and
# this file is here to facilitate running it.
#

ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)

bundle_binstub = File.expand_path("bundle", __dir__)

if File.file?(bundle_binstub)
if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
load(bundle_binstub)
else
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
end
end

require "rubygems"
require "bundler/setup"

load Gem.bin_path("rubocop", "rubocop")
2 changes: 1 addition & 1 deletion lib/rubocop-bridgetown.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
require "rubocop"

path_to_cops = File.join(File.expand_path("rubocop", __dir__), "cop", "**", "*.rb")
Dir[path_to_cops].sort.each { |cop| require cop }
Dir[path_to_cops].each { |cop| require cop }
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,17 @@
module RuboCop
module Cop
module Bridgetown
class HTMLEscapedHeredoc < Cop
class InsecureHeredoc < Cop
include Heredoc

MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, or `render` inside interpolations."
MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, " \
"or `render` inside interpolations."

def on_heredoc(node)
return unless node.source.match?(%r!(HTML|MARKDOWN)$!) &&
heredoc_body(node).match?(%r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])%)
heredoc_body(node).match?(
%r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])%
)

add_offense(node, message: MSG)
end
Expand Down
12 changes: 5 additions & 7 deletions rubocop-bridgetown.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,22 @@ $LOAD_PATH.unshift File.expand_path("lib", __dir__)

Gem::Specification.new do |s|
s.name = "rubocop-bridgetown"
s.version = "0.4.1"
s.version = "0.5.0"
s.authors = ["Bridgetown Team"]
s.email = ["[email protected]"]
s.homepage = "https://github.com/bridgetownrb/rubocop-bridgetown"
s.license = "MIT"
s.summary = "Code style check for Bridgetown projects"
s.description = "A RuboCop extension to enforce common code style in Bridgetown projects and beyond"
s.description = "A RuboCop extension to enforce common code style in Bridgetown and beyond"
s.metadata["rubygems_mfa_required"] = "true"

s.files = `git ls-files -z`.split("\x0").select do |file|
s.files = `git ls-files -z`.split("\x0").select do |file|
file.match(%r!(^lib/)|LICENSE|README.md|.rubocop.yml!)
end

s.require_paths = ["lib"]
s.required_ruby_version = ">= 2.5.0"
s.required_ruby_version = ">= 3.1.0"

s.add_runtime_dependency "rubocop", "~> 1.23"
s.add_runtime_dependency "rubocop-performance", "~> 1.12"

s.add_development_dependency "bundler"
s.add_development_dependency "rake", "~> 12.0"
end
Empty file removed script/.keep
Empty file.

0 comments on commit af0985f

Please sign in to comment.