lib/rubocop/cop/gitlab_security/json_serialization.rb in gitlab-styles-13.0.0 vs lib/rubocop/cop/gitlab_security/json_serialization.rb in gitlab-styles-13.0.1
- old
+ new
@@ -28,11 +28,11 @@
# only: %i[username],
# include: { identities: { only: %i[provider] } }
# )
#
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
- class JsonSerialization < RuboCop::Cop::Cop
+ class JsonSerialization < RuboCop::Cop::Base
MSG = "Don't use `%s` without specifying `only`"
# Check for `to_json` sent to any object that's not a Hash literal or
# Serializer instance
# @!method json_serialization?(node)
@@ -70,12 +70,13 @@
@_has_top_level_only = false
@method = matched.first
if matched.last.nil? || matched.last.empty?
+ @offense_found = true
# Empty `to_json` call
- add_offense(node, location: :selector, message: format_message)
+ add_offense(node.loc.selector, message: format_message)
else
check_arguments(node, matched)
end
end
@@ -100,10 +101,12 @@
check_pair(child_node)
end
return unless requires_only?
+ @offense_found = true
+
# Add a top-level offense for the entire argument list, but only if
# we haven't yet added any offenses to the child Hash values (such
# as `include`)
add_offense(node.children.last, message: format_message)
end
@@ -115,18 +118,19 @@
includes = pair.value
includes.each_child_node do |child_node|
next if contains_only?(child_node)
+ @offense_found = true
add_offense(child_node, message: format_message)
end
end
end
def requires_only?
return false if @_has_top_level_only
- offenses.count.zero?
+ !@offense_found
end
end
end
end
end