diff options
author | Bob Van Landuyt <bob@gitlab.com> | 2018-09-24 18:46:20 +0300 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-09-24 19:00:23 +0300 |
commit | 9730d13ba01cba7bd3c8e32265fd5d286218b27a (patch) | |
tree | b561051c3ae6b470a25249d837adeda0c72c9065 /rubocop | |
parent | 33fe84893d735b24dfbc49e58c48175dbddee4a8 (diff) |
Merge branch 'security-11-2-6881-project-group-approvers-leaks-private-group-info-ce' into 'security-11-2'
[11.2] Project group approvers leaks private group info
See merge request gitlab/gitlabhq!2489
Diffstat (limited to 'rubocop')
-rw-r--r-- | rubocop/cop/group_public_or_visible_to_user.rb | 22 | ||||
-rw-r--r-- | rubocop/rubocop.rb | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/rubocop/cop/group_public_or_visible_to_user.rb b/rubocop/cop/group_public_or_visible_to_user.rb new file mode 100644 index 00000000000..beda0b7f8ba --- /dev/null +++ b/rubocop/cop/group_public_or_visible_to_user.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true +# +module RuboCop + module Cop + # Cop that blacklists the usage of Group.public_or_visible_to_user + class GroupPublicOrVisibleToUser < RuboCop::Cop::Cop + MSG = '`Group.public_or_visible_to_user` should be used with extreme care. ' \ + 'Please ensure that you are not using it on its own and that the amount ' \ + 'of rows being filtered is reasonable.' + + def_node_matcher :public_or_visible_to_user?, <<~PATTERN + (send (const nil? :Group) :public_or_visible_to_user ...) + PATTERN + + def on_send(node) + return unless public_or_visible_to_user?(node) + + add_offense(node, location: :expression) + end + end + end +end diff --git a/rubocop/rubocop.rb b/rubocop/rubocop.rb index aa7ae601f75..405b607b796 100644 --- a/rubocop/rubocop.rb +++ b/rubocop/rubocop.rb @@ -26,3 +26,4 @@ require_relative 'cop/project_path_helper' require_relative 'cop/rspec/env_assignment' require_relative 'cop/rspec/factories_in_migration_specs' require_relative 'cop/sidekiq_options_queue' +require_relative 'cop/group_public_or_visible_to_user' |