class RuboCop::Cop::Bundler::InsecureProtocolSource

source ‘rubygems.org’
# bad
@example AllowHttpProtocol: false
source ‘rubygems.org’ # use only if HTTPS is unavailable
# good
@example AllowHttpProtocol: true (default)
source ‘rubygems.org’ # strongly recommended
# good
source :rubyforge
source :rubygems
source :gemcutter
# bad
@example
This option is ‘true` by default for safe autocorrection.
If you don’t allow ‘http://`, please set `false` to `AllowHttpProtocol`.
more secure.
However, you should strongly prefer `https://` where possible, as it is
internal gem server via an intranet, or where HTTPS is prohibited.
be necessary where HTTPS is not available. For example, where using an
This cop will not replace existing sources that use `http://`. This may
`’rubygems.org’‘.
When autocorrecting, this cop will replace symbol arguments with
`’rubygems.org’‘ if possible, or `’rubygems.org’‘ if not.
deprecated because they default to using HTTP requests. Instead, specify
Passing symbol arguments to `source` (e.g. `source :rubygems`) is

def allow_http_protocol?

def allow_http_protocol?
  cop_config.fetch('AllowHttpProtocol', true)
end

def on_send(node)

def on_send(node)
  insecure_protocol_source?(node) do |source_node|
    source = source_node.value
    use_http_protocol = source == 'http://rubygems.org'
    return if allow_http_protocol? && use_http_protocol
    message = if use_http_protocol
                MSG_HTTP_PROTOCOL
              else
                format(MSG, source: source)
              end
    add_offense(source_node, message: message) do |corrector|
      corrector.replace(source_node, "'https://rubygems.org'")
    end
  end
end

Instance Methods

Defined in

lib/rubocop/cop/bundler/insecure_protocol_source.rb

class RuboCop::Cop::Bundler::InsecureProtocolSource

def allow_http_protocol?

def on_send(node)

Namespace

Parent class

Included Modules

Extended Modules

Instance Methods

Defined in