From af0985f138d8ece6bdadc228900c56114c215440 Mon Sep 17 00:00:00 2001 From: Jared White Date: Thu, 11 Apr 2024 10:39:01 -0700 Subject: [PATCH] Release v0.5 --- .rubocop.yml | 6 +++-- CHANGELOG.md | 7 +++++ Gemfile | 1 + README.md | 2 +- Rakefile | 2 ++ bin/rake | 27 +++++++++++++++++++ bin/rubocop | 27 +++++++++++++++++++ lib/rubocop-bridgetown.rb | 2 +- ...escaped_heredoc.rb => insecure_heredoc.rb} | 9 ++++--- rubocop-bridgetown.gemspec | 12 ++++----- script/.keep | 0 11 files changed, 81 insertions(+), 14 deletions(-) create mode 100755 bin/rake create mode 100755 bin/rubocop rename lib/rubocop/cop/bridgetown/{html_escaped_heredoc.rb => insecure_heredoc.rb} (63%) delete mode 100644 script/.keep diff --git a/.rubocop.yml b/.rubocop.yml index e25809b..a85ee8b 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -2,7 +2,7 @@ require: - rubocop-performance AllCops: - TargetRubyVersion: 2.5 + TargetRubyVersion: 3.1 NewCops: enable SuggestExtensions: false Exclude: @@ -26,6 +26,8 @@ Layout/HashAlignment: EnforcedHashRocketStyle: table Layout/IndentationWidth: Severity: error +Layout/LeadingCommentSpace: + Enabled: false Layout/MultilineMethodCallIndentation: EnforcedStyle: indented Layout/MultilineOperationIndentation: @@ -78,7 +80,7 @@ Style/ModuleFunction: Style/MultilineBlockChain: Enabled: false Style/MultilineTernaryOperator: - Severity: error + Enabled: false Style/ParallelAssignment: Enabled: false Style/PercentLiteralDelimiters: diff --git a/CHANGELOG.md b/CHANGELOG.md index 96209df..e90964d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## 0.5.0 / 2024-04-11 + +* Require minimum Ruby v3.1 +* Rename insecure heredoc cop to `Bridgetown/InsecureHeredoc` +* Disable Layout/LeadingCommentSpace +* Disable Style/MultilineTernaryOperator + ## 0.4.1 / 2023-11-10 * Add support for `html_attributes` and `(` characters in the heredoc cop. diff --git a/Gemfile b/Gemfile index 2f5cf19..4cc5807 100644 --- a/Gemfile +++ b/Gemfile @@ -4,3 +4,4 @@ source "https://rubygems.org" gemspec gem "bridgetown" +gem "rake", "~> 13.0" diff --git a/README.md b/README.md index 1ef9aed..1ccc4d5 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ You can override any settings inherited from the extension by configuring cops i Besides cops which are provided directly by RuboCop and `rubocop-performance`, there are a few additional cops provided by this plugin: -* `Bridgetown/HTMLEscapedHeredoc`: this will monitor any heredocs in your code starting with `HTML` or `MARKDOWN` for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code in the string with one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 1.4 by default (but you can use them in any Ruby application including Rails). +* `Bridgetown/InsecureHeredoc`: this will monitor any heredocs in your code starting with `HTML` or `MARKDOWN` for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code in the string with one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 2.0 by default (but you can use them in any Ruby application including Rails). * `Bridgetown/NoPAllowed`: this encourages using your framework's logger rather than `p` to output debugging information. * `Bridgetown/NoPutsAllowed`: this encourages using your framework's logger rather than `puts` to output debugging information. diff --git a/Rakefile b/Rakefile index 931e125..1924143 100644 --- a/Rakefile +++ b/Rakefile @@ -4,3 +4,5 @@ require "bundler/gem_tasks" require "rubocop/rake_task" RuboCop::RakeTask.new + +task default: :rubocop diff --git a/bin/rake b/bin/rake new file mode 100755 index 0000000..51e10c4 --- /dev/null +++ b/bin/rake @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rake' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rake", "rake") diff --git a/bin/rubocop b/bin/rubocop new file mode 100755 index 0000000..2b1fa1f --- /dev/null +++ b/bin/rubocop @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rubocop' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rubocop", "rubocop") diff --git a/lib/rubocop-bridgetown.rb b/lib/rubocop-bridgetown.rb index 71a9ca3..2abd7f9 100644 --- a/lib/rubocop-bridgetown.rb +++ b/lib/rubocop-bridgetown.rb @@ -3,4 +3,4 @@ require "rubocop" path_to_cops = File.join(File.expand_path("rubocop", __dir__), "cop", "**", "*.rb") -Dir[path_to_cops].sort.each { |cop| require cop } +Dir[path_to_cops].each { |cop| require cop } diff --git a/lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb b/lib/rubocop/cop/bridgetown/insecure_heredoc.rb similarity index 63% rename from lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb rename to lib/rubocop/cop/bridgetown/insecure_heredoc.rb index b284158..1e772c0 100644 --- a/lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb +++ b/lib/rubocop/cop/bridgetown/insecure_heredoc.rb @@ -3,14 +3,17 @@ module RuboCop module Cop module Bridgetown - class HTMLEscapedHeredoc < Cop + class InsecureHeredoc < Cop include Heredoc - MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, or `render` inside interpolations." + MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, " \ + "or `render` inside interpolations." def on_heredoc(node) return unless node.source.match?(%r!(HTML|MARKDOWN)$!) && - heredoc_body(node).match?(%r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])%) + heredoc_body(node).match?( + %r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])% + ) add_offense(node, message: MSG) end diff --git a/rubocop-bridgetown.gemspec b/rubocop-bridgetown.gemspec index 210d94d..5e5b76d 100644 --- a/rubocop-bridgetown.gemspec +++ b/rubocop-bridgetown.gemspec @@ -4,24 +4,22 @@ $LOAD_PATH.unshift File.expand_path("lib", __dir__) Gem::Specification.new do |s| s.name = "rubocop-bridgetown" - s.version = "0.4.1" + s.version = "0.5.0" s.authors = ["Bridgetown Team"] s.email = ["maintainers@bridgetownrb.com"] s.homepage = "https://github.com/bridgetownrb/rubocop-bridgetown" s.license = "MIT" s.summary = "Code style check for Bridgetown projects" - s.description = "A RuboCop extension to enforce common code style in Bridgetown projects and beyond" + s.description = "A RuboCop extension to enforce common code style in Bridgetown and beyond" + s.metadata["rubygems_mfa_required"] = "true" - s.files = `git ls-files -z`.split("\x0").select do |file| + s.files = `git ls-files -z`.split("\x0").select do |file| file.match(%r!(^lib/)|LICENSE|README.md|.rubocop.yml!) end s.require_paths = ["lib"] - s.required_ruby_version = ">= 2.5.0" + s.required_ruby_version = ">= 3.1.0" s.add_runtime_dependency "rubocop", "~> 1.23" s.add_runtime_dependency "rubocop-performance", "~> 1.12" - - s.add_development_dependency "bundler" - s.add_development_dependency "rake", "~> 12.0" end diff --git a/script/.keep b/script/.keep deleted file mode 100644 index e69de29..0000000