Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
186b2143
Commit
186b2143
authored
Nov 15, 2018
by
Jarka Košanová
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add cop prohibiting params argument in url_for
parent
9804df11
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
74 additions
and
0 deletions
+74
-0
rubocop/cop/safe_params.rb
rubocop/cop/safe_params.rb
+34
-0
rubocop/rubocop.rb
rubocop/rubocop.rb
+1
-0
spec/rubocop/cop/safe_params_spec.rb
spec/rubocop/cop/safe_params_spec.rb
+39
-0
No files found.
rubocop/cop/safe_params.rb
0 → 100644
View file @
186b2143
# frozen_string_literal: true
module
RuboCop
module
Cop
class
SafeParams
<
RuboCop
::
Cop
::
Cop
MSG
=
'Use `safe_params` instead of `params` in url_for.'
.
freeze
METHOD_NAME_PATTERN
=
:url_for
UNSAFE_PARAM
=
:params
def
on_send
(
node
)
return
unless
method_name
(
node
)
==
METHOD_NAME_PATTERN
add_offense
(
node
,
location: :expression
)
unless
safe_params?
(
node
)
end
private
def
safe_params?
(
node
)
node
.
descendants
.
each
do
|
param_node
|
next
unless
param_node
.
descendants
.
empty?
return
false
if
method_name
(
param_node
)
==
UNSAFE_PARAM
end
true
end
def
method_name
(
node
)
node
.
children
[
1
]
end
end
end
end
rubocop/rubocop.rb
View file @
186b2143
...
...
@@ -5,6 +5,7 @@ require_relative 'cop/gitlab/httparty'
require_relative
'cop/gitlab/finder_with_find_by'
require_relative
'cop/gitlab/union'
require_relative
'cop/include_sidekiq_worker'
require_relative
'cop/safe_params'
require_relative
'cop/avoid_return_from_blocks'
require_relative
'cop/avoid_break_from_strong_memoize'
require_relative
'cop/avoid_route_redirect_leading_slash'
...
...
spec/rubocop/cop/safe_params_spec.rb
0 → 100644
View file @
186b2143
# frozen_string_literal: true
require
'spec_helper'
require
'rubocop'
require
'rubocop/rspec/support'
require_relative
'../../../rubocop/cop/safe_params'
describe
RuboCop
::
Cop
::
SafeParams
do
include
CopHelper
subject
(
:cop
)
{
described_class
.
new
}
it
'flags the params as an argument of url_for'
do
expect_offense
(
<<~
SOURCE
)
url_for(params)
^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
SOURCE
end
it
'flags the merged params as an argument of url_for'
do
expect_offense
(
<<~
SOURCE
)
url_for(params.merge(additional_params))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
SOURCE
end
it
'flags the merged params arg as an argument of url_for'
do
expect_offense
(
<<~
SOURCE
)
url_for(something.merge(additional).merge(params))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
SOURCE
end
it
'does not flag other argument of url_for'
do
expect_no_offenses
(
<<~
SOURCE
)
url_for(something)
SOURCE
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment