Class: Rubocop::Cop::GemFetcher

Inherits:

RuboCop::Cop::Base

• Object
• RuboCop::Cop::Base
• Rubocop::Cop::GemFetcher

Defined in:

lib/rubocop/cop/gem_fetcher.rb

Overview

Prevents usage of the ‘git` and `github` arguments to `gem` in a `Gemfile` in order to avoid additional points of failure beyond rubygems.org.

Examples:

# bad
gem 'rack', git: 'https://github.com/rack/rack'

# good
gem "rack"

Constant Summary

MSG =

'Do not use gems from git repositories, only use gems from RubyGems or vendored gems. ' \
'See https://docs.gitlab.com/ee/development/gemfile.html#no-gems-fetched-from-git-repositories'

GIT_SOURCES =

See bundler.io/guides/git.html#custom-git-sources

%i[git github gist bitbucket].freeze

RESTRICT_ON_SEND =

%i[gem].freeze

Instance Method Summary

• #gem_option(node) ⇒ Object
• #on_send(node) ⇒ Object

Instance Method Details

#gem_option(node) ⇒ Object

# File 'lib/rubocop/cop/gem_fetcher.rb', line 22

def_node_matcher :gem_option, <<~PATTERN
  (send nil? :gem _ ...
    (hash
      <$(pair (sym {#{GIT_SOURCES.map(&:inspect).join(' ')}}) _)
      ...>
    )
  )
PATTERN

#on_send(node) ⇒ Object

# File 'lib/rubocop/cop/gem_fetcher.rb', line 33

def on_send(node)
  pair_node = gem_option(node)
  return unless pair_node

  add_offense(pair_node)
end