lib/rubocop/cop/gem_fetcher.rb in gitlab-styles-9.1.0 vs lib/rubocop/cop/gem_fetcher.rb in gitlab-styles-9.2.0
- old
+ new
@@ -4,34 +4,32 @@
module Cop
# Prevents usage of the `git` and `github` arguments to `gem` in a
# `Gemfile` in order to avoid additional points of failure beyond
# rubygems.org.
class GemFetcher < RuboCop::Cop::Base
- MSG = 'Do not use gems from git repositories, only use gems from RubyGems.'
+ MSG = 'Do not use gems from git repositories, only use gems from RubyGems or vendored gems. ' \
+ 'See https://docs.gitlab.com/ee/development/gemfile.html#no-gems-fetched-from-git-repositories'
- GIT_KEYS = [:git, :github].freeze
+ # See https://bundler.io/guides/git.html#custom-git-sources
+ GIT_SOURCES = %i[git github gist bitbucket].freeze
- def on_send(node)
- return unless gemfile?(node)
+ # @!method gem_option(node)
+ def_node_matcher :gem_option, <<~PATTERN
+ (send nil? :gem _
+ (hash
+ <$(pair (sym {#{GIT_SOURCES.map(&:inspect).join(' ')}}) _)
+ ...>
+ )
+ )
+ PATTERN
- func_name = node.children[1]
- return unless func_name == :gem
+ RESTRICT_ON_SEND = %i[gem].freeze
- node.children.last.each_node(:pair) do |pair|
- key_name = pair.children[0].children[0].to_sym
- add_offense(pair.source_range) if GIT_KEYS.include?(key_name)
- end
- end
+ def on_send(node)
+ pair_node = gem_option(node)
+ return unless pair_node
- private
-
- def gemfile?(node)
- node
- .location
- .expression
- .source_buffer
- .name
- .end_with?("Gemfile")
+ add_offense(pair_node)
end
end
end
end