2020-12-16 10:10:18 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2022-09-21 14:10:44 -04:00
|
|
|
require 'rubocop-rspec'
|
|
|
|
|
|
2020-12-16 10:10:18 -05:00
|
|
|
module RuboCop
|
|
|
|
|
module Cop
|
|
|
|
|
module RSpec
|
|
|
|
|
# This cop checks for invalid credentials passed to HTTParty
|
|
|
|
|
#
|
|
|
|
|
# @example
|
|
|
|
|
#
|
|
|
|
|
# # bad
|
|
|
|
|
# HTTParty.get(url, basic_auth: { user: 'foo' })
|
|
|
|
|
#
|
|
|
|
|
# # good
|
|
|
|
|
# HTTParty.get(url, basic_auth: { username: 'foo' })
|
2022-09-14 11:12:56 -04:00
|
|
|
class HTTPartyBasicAuth < RuboCop::Cop::Base
|
|
|
|
|
extend RuboCop::Cop::AutoCorrector
|
|
|
|
|
|
2021-03-25 23:09:21 -04:00
|
|
|
MESSAGE = "`basic_auth: { user: ... }` does not work - replace `user:` with `username:`"
|
2020-12-16 10:10:18 -05:00
|
|
|
|
|
|
|
|
RESTRICT_ON_SEND = %i(get put post delete).freeze
|
|
|
|
|
|
|
|
|
|
def_node_matcher :httparty_basic_auth?, <<~PATTERN
|
|
|
|
|
(send
|
|
|
|
|
(const _ :HTTParty)
|
|
|
|
|
{#{RESTRICT_ON_SEND.map(&:inspect).join(' ')}}
|
|
|
|
|
<(hash
|
|
|
|
|
<(pair
|
|
|
|
|
(sym :basic_auth)
|
|
|
|
|
(hash
|
|
|
|
|
<(pair $(sym :user) _) ...>
|
|
|
|
|
)
|
|
|
|
|
) ...>
|
|
|
|
|
) ...>
|
|
|
|
|
)
|
|
|
|
|
PATTERN
|
|
|
|
|
|
|
|
|
|
def on_send(node)
|
|
|
|
|
return unless m = httparty_basic_auth?(node)
|
|
|
|
|
|
2022-09-14 11:12:56 -04:00
|
|
|
add_offense(m, message: MESSAGE) do |corrector|
|
|
|
|
|
corrector.replace(m, 'username')
|
2020-12-16 10:10:18 -05:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
