Skip to content

Update rubocop, brakeman, rspec, erb_lint, bullet, bootsnap gems #7569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mitchellhenke merged 8 commits into from
Jan 3, 2023
Merged

Update rubocop, brakeman, rspec, erb_lint, bullet, bootsnap gems #7569

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
8bbb7e0
Update Rubocop
Jan 3, 2023
ecc383b
update rspec
Jan 3, 2023
d293541
Rubocop updates
Jan 3, 2023
a0c85b3
update erb_lint
Jan 3, 2023
c922920
update bullet
Jan 3, 2023
99ae82c
update bootsnap
Jan 3, 2023
03cd406
add brakeman ignore
Jan 3, 2023
18e1475
fix spec
Jan 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .erb-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,5 @@ linters:
suggestion: 'Rename classes that are known to be hidden by the Hush plugin'
SpaceAroundErbTag:
enabled: true
CommentSyntax:
Copy link
Copy Markdown
Contributor Author

@mitchellhenke mitchellhenke Jan 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds a check to prevent incorrect comment tags in ERB (examples borrowed from the erb_lint repository):

<%# erb comment here %>
<%= # bad erb comment here %>
<%
  # apparently this comment syntax is valid?
%>
<% # very; bad erb comment here %>

enabled: true
4 changes: 2 additions & 2 deletions .rubocop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -636,7 +636,7 @@ Metrics/BlockLength:
CountComments: false
Enabled: true
Max: 25
IgnoredMethods:
AllowedMethods:
- Struct.new
- RedactedStruct.new
Exclude:
Expand Down Expand Up @@ -1080,7 +1080,7 @@ Style/LineEndConcatenation:

Style/MethodCallWithoutArgsParentheses:
Enabled: true
IgnoredMethods: []
AllowedMethods: []

Style/MethodDefParentheses:
Enabled: true
Expand Down
8 changes: 4 additions & 4 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ group :development, :test do
gem 'bullet', '~> 7.0'
gem 'capybara-webmock', git: 'https://github.com/hashrocket/capybara-webmock.git', ref: '63d790a0'
gem 'data_uri', require: false
gem 'erb_lint', '~> 0.1.0', require: false
gem 'erb_lint', '~> 0.3.0', require: false
gem 'i18n-tasks', '>= 0.9.31'
gem 'knapsack'
gem 'nokogiri', '~> 1.13.10'
Expand All @@ -104,9 +104,9 @@ group :development, :test do
gem 'pry-rails'
gem 'psych'
gem 'puma'
gem 'rspec-rails', '6.0.0.rc1'
gem 'rubocop', '~> 1.29.1', require: false
gem 'rubocop-performance', '~> 1.14.0', require: false
gem 'rspec-rails', '~> 6.0'
gem 'rubocop', '~> 1.42.0', require: false
gem 'rubocop-performance', '~> 1.15.0', require: false
gem 'rubocop-rails', '>= 2.5.2', require: false
end

Expand Down
67 changes: 33 additions & 34 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,23 +177,22 @@ GEM
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
better_html (1.0.16)
actionview (>= 4.0)
activesupport (>= 4.0)
better_html (2.0.1)
actionview (>= 6.0)
activesupport (>= 6.0)
ast (~> 2.0)
erubi (~> 1.4)
html_tokenizer (~> 0.0.6)
parser (>= 2.4)
smart_properties
bindata (2.4.10)
binding_of_caller (1.0.0)
debug_inspector (>= 0.0.1)
bootsnap (1.9.3)
bootsnap (1.9.4)
msgpack (~> 1.0)
brakeman (5.2.1)
brakeman (5.4.0)
browser (5.3.1)
builder (3.2.4)
bullet (7.0.1)
bullet (7.0.7)
activesupport (>= 3.0.0)
uniform_notifier (~> 1.11)
bundler-audit (0.9.0.1)
Expand Down Expand Up @@ -260,16 +259,15 @@ GEM
htmlentities (~> 4.3.3)
launchy (~> 2.1)
mail (~> 2.7)
erb_lint (0.1.1)
erb_lint (0.3.1)
activesupport
better_html (~> 1.0.7)
html_tokenizer
better_html (>= 2.0.1)
parser (>= 2.7.1.4)
rainbow
rubocop
smart_properties
errbase (0.2.1)
erubi (1.11.0)
erubi (1.12.0)
et-orbi (1.2.7)
tzinfo
execjs (2.8.1)
Expand Down Expand Up @@ -328,7 +326,6 @@ GEM
heapy (0.2.0)
thor
highline (2.0.3)
html_tokenizer (0.0.7)
htmlbeautifier (1.4.2)
htmlentities (4.3.4)
http_accept_language (2.1.1)
Expand All @@ -352,6 +349,7 @@ GEM
jmespath (1.6.1)
jsbundling-rails (1.0.0)
railties (>= 6.0.0)
json (2.6.3)
jwe (0.4.0)
jwt (2.4.1)
knapsack (4.0.0)
Expand Down Expand Up @@ -395,9 +393,9 @@ GEM
method_source (1.0.0)
mini_histogram (0.3.1)
mini_mime (1.1.2)
mini_portile2 (2.8.0)
minitest (5.16.3)
msgpack (1.4.2)
mini_portile2 (2.8.1)
minitest (5.17.0)
msgpack (1.6.0)
multiset (0.5.3)
nenv (0.3.0)
net-imap (0.2.3)
Expand Down Expand Up @@ -436,7 +434,7 @@ GEM
parallel (1.22.1)
parallel_tests (3.7.3)
parallel
parser (3.1.2.1)
parser (3.2.0.0)
ast (~> 2.4.1)
pg (1.4.5)
pg_query (2.2.0)
Expand Down Expand Up @@ -467,8 +465,8 @@ GEM
puma (5.6.4)
nio4r (~> 2.0)
raabro (1.4.0)
racc (1.6.1)
rack (2.2.4)
racc (1.6.2)
rack (2.2.5)
rack-attack (6.5.0)
rack (>= 1.0, < 3)
rack-cors (1.1.1)
Expand Down Expand Up @@ -535,7 +533,7 @@ GEM
redis-session-store (0.11.4)
actionpack (>= 3, < 8)
redis (>= 3, < 5)
regexp_parser (2.6.0)
regexp_parser (2.6.1)
reline (0.2.7)
io-console (~> 0.5)
request_store (1.5.0)
Expand All @@ -557,13 +555,13 @@ GEM
rspec-mocks (~> 3.11.0)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.0)
rspec-expectations (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-mocks (3.11.1)
rspec-mocks (3.11.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-rails (6.0.0.rc1)
rspec-rails (6.0.1)
actionpack (>= 6.1)
activesupport (>= 6.1)
railties (>= 6.1)
Expand All @@ -573,21 +571,22 @@ GEM
rspec-support (~> 3.11)
rspec-retry (0.6.2)
rspec-core (> 3.3)
rspec-support (3.11.0)
rspec-support (3.11.1)
rspec_junit_formatter (0.6.0)
rspec-core (>= 2, < 4, != 2.12.0)
rubocop (1.29.1)
rubocop (1.42.0)
json (~> 2.3)
parallel (~> 1.10)
parser (>= 3.1.0.0)
parser (>= 3.1.2.1)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.17.0, < 2.0)
rubocop-ast (>= 1.24.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.21.0)
rubocop-ast (1.24.1)
parser (>= 3.1.1.0)
rubocop-performance (1.14.3)
rubocop-performance (1.15.2)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
rubocop-rails (2.12.4)
Expand Down Expand Up @@ -664,8 +663,8 @@ GEM
unf (0.1.4)
unf_ext
unf_ext (0.0.8)
unicode-display_width (2.3.0)
uniform_notifier (1.14.2)
unicode-display_width (2.4.0)
uniform_notifier (1.16.0)
uuid (2.3.9)
macaddr (~> 1.0)
valid_email (0.1.4)
Expand Down Expand Up @@ -747,7 +746,7 @@ DEPENDENCIES
devise (~> 4.8)
dotiw (>= 4.0.1)
email_spec
erb_lint (~> 0.1.0)
erb_lint (~> 0.3.0)
factory_bot_rails (>= 6.2.0)
faker
faraday (~> 2)
Expand Down Expand Up @@ -804,11 +803,11 @@ DEPENDENCIES
retries
rotp (~> 6.1)
rqrcode
rspec-rails (= 6.0.0.rc1)
rspec-rails (~> 6.0)
rspec-retry
rspec_junit_formatter
rubocop (~> 1.29.1)
rubocop-performance (~> 1.14.0)
rubocop (~> 1.42.0)
rubocop-performance (~> 1.15.0)
rubocop-rails (>= 2.5.2)
ruby-progressbar
ruby-saml
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/users/sessions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ def pending_account_reset_request
).call
end

LETTERS_AND_DASHES = /\A[a-z0-9\-]+\Z/i
LETTERS_AND_DASHES = /\A[a-z0-9-]+\Z/i

def request_id_if_valid
request_id = (params[:request_id] || sp_session[:request_id]).to_s
Expand Down
36 changes: 34 additions & 2 deletions config/brakeman.ignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@
},
"user_input": "params[:step]",
"confidence": "Weak",
"cwe_id": [
22
],
"note": ""
},
{
Expand Down Expand Up @@ -60,8 +63,34 @@
},
"user_input": "params[:step]",
"confidence": "Weak",
"cwe_id": [
22
],
"note": ""
},
{
"warning_type": "Weak Cryptography",
"warning_code": 126,
"fingerprint": "62a8c37ff0f723d2ebbbbf64c443a21632a2dcdc87fd20e6f61c2cec323482d2",
"check_name": "WeakRSAKey",
"message": "Use of padding mode PKCS1 (default if not specified), which is known to be insecure. Use OAEP instead",
"file": "app/services/irs_attempts_api/envelope_encryptor.rb",
"line": 19,
"link": "https://brakemanscanner.org/docs/warning_types/weak_cryptography/",
"code": "OpenSSL::PKey::RSA.new(Base64.strict_decode64(public_key_str)).public_encrypt(OpenSSL::Cipher.new(\"aes-256-cbc\").random_key)",
"render_path": null,
"location": {
"type": "method",
"class": "IrsAttemptsApi::EnvelopeEncryptor",
"method": "s(:self).encrypt"
},
"user_input": null,
"confidence": "High",
"cwe_id": [
780
],
"note": "This is necessary due to the parameters of the IRS systems that we integrate with."
},
{
"warning_type": "Dynamic Render Path",
"warning_code": 15,
Expand Down Expand Up @@ -91,9 +120,12 @@
},
"user_input": "params[:step]",
"confidence": "Weak",
"cwe_id": [
22
],
"note": ""
}
],
"updated": "2022-07-05 11:19:47 -0400",
"brakeman_version": "5.2.0"
"updated": "2023-01-03 12:29:54 -0600",
"brakeman_version": "5.4.0"
}
2 changes: 1 addition & 1 deletion spec/services/encryption/encryptors/pii_encryptor_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@
kms_client = instance_double(Encryption::KmsClient)
expect(Encryption::KmsClient).to receive(:new).and_return(kms_client)
expect(kms_client).to receive(:decrypt).
with('kms_ciphertext', 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc').
with('kms_ciphertext', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }).
and_return('aes_ciphertext')

cipher = instance_double(Encryption::AesCipher)
Expand Down