2020-11-24 15:15:51 +05:30
# frozen_string_literal: true
module RuboCop
module Cop
module Gitlab
# This cop checks for `UploadedFile.from_params` usage.
2022-05-07 20:08:51 +05:30
# See https://docs.gitlab.com/ee/development/uploads/working_with_uploads.html
2020-11-24 15:15:51 +05:30
#
# @example
#
# # bad
# class MyAwfulApi < Grape::API::Instance
# params do
# optional 'file.path', type: String
# optional 'file.name', type: String
# optional 'file.type', type: String
# optional 'file.size', type: Integer
# optional 'file.md5', type: String
# optional 'file.sha1', type: String
# optional 'file.sha256', type: String
# end
# put '/files' do
# uploaded_file = UploadedFile.from_params(params, :file, FileUploader.workhorse_local_upload_path)
# end
# end
#
# # good
# class MyMuchBetterApi < Grape::API::Instance
# params do
# requires :file, type: ::API::Validations::Types::WorkhorseFile
# end
# put '/files' do
# uploaded_file = declared_params[:file]
# end
# end
2022-10-11 01:57:18 +05:30
class AvoidUploadedFileFromParams < RuboCop :: Cop :: Base
2022-05-07 20:08:51 +05:30
MSG = 'Use the `UploadedFile` set by `multipart.rb` instead of calling `UploadedFile.from_params` directly. See https://docs.gitlab.com/ee/development/uploads/working_with_uploads.html'
2020-11-24 15:15:51 +05:30
def_node_matcher :calling_uploaded_file_from_params? , << ~ PATTERN
( send ( const nil ? :UploadedFile ) :from_params ... )
PATTERN
def on_send ( node )
return unless calling_uploaded_file_from_params? ( node )
2022-10-11 01:57:18 +05:30
add_offense ( node )
2020-11-24 15:15:51 +05:30
end
end
end
end
end