debian-mirror-gitlab/rubocop/cop/gitlab/avoid_uploaded_file_from_params.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

52 lines
1.7 KiB
Ruby
Raw Normal View History

2020-11-24 15:15:51 +05:30
# frozen_string_literal: true
module RuboCop
module Cop
module Gitlab
# This cop checks for `UploadedFile.from_params` usage.
2022-05-07 20:08:51 +05:30
# See https://docs.gitlab.com/ee/development/uploads/working_with_uploads.html
2020-11-24 15:15:51 +05:30
#
# @example
#
# # bad
# class MyAwfulApi < Grape::API::Instance
# params do
# optional 'file.path', type: String
# optional 'file.name', type: String
# optional 'file.type', type: String
# optional 'file.size', type: Integer
# optional 'file.md5', type: String
# optional 'file.sha1', type: String
# optional 'file.sha256', type: String
# end
# put '/files' do
# uploaded_file = UploadedFile.from_params(params, :file, FileUploader.workhorse_local_upload_path)
# end
# end
#
# # good
# class MyMuchBetterApi < Grape::API::Instance
# params do
# requires :file, type: ::API::Validations::Types::WorkhorseFile
# end
# put '/files' do
# uploaded_file = declared_params[:file]
# end
# end
2022-10-11 01:57:18 +05:30
class AvoidUploadedFileFromParams < RuboCop::Cop::Base
2022-05-07 20:08:51 +05:30
MSG = 'Use the `UploadedFile` set by `multipart.rb` instead of calling `UploadedFile.from_params` directly. See https://docs.gitlab.com/ee/development/uploads/working_with_uploads.html'
2020-11-24 15:15:51 +05:30
def_node_matcher :calling_uploaded_file_from_params?, <<~PATTERN
(send (const nil? :UploadedFile) :from_params ...)
PATTERN
def on_send(node)
return unless calling_uploaded_file_from_params?(node)
2022-10-11 01:57:18 +05:30
add_offense(node)
2020-11-24 15:15:51 +05:30
end
end
end
end
end