Added Cop to blacklist the use of serialize

This Cop blacklists the use of ActiveRecord's "serialize" method, except for cases where we already use this.

Added Cop to blacklist the use of serialize
This Cop blacklists the use of ActiveRecord's "serialize" method, except for cases where we already use this.
cd74c143 · Yorick Peterse · 3d160480 · cd74c143 · cd74c143 · cd74c143
Commit cd74c143 authored May 31, 2017 by Yorick Peterse
18 changed files
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -13,13 +13,13 @@ class ApplicationSetting < ActiveRecord::Base
                            [\r\n]          # any number of newline characters
                          }x

-  serialize :restricted_visibility_levels
-  serialize :import_sources
-  serialize :disabled_oauth_sign_in_sources, Array
-  serialize :domain_whitelist, Array
-  serialize :domain_blacklist, Array
-  serialize :repository_storages
-  serialize :sidekiq_throttling_queues, Array
+  serialize :restricted_visibility_levels # rubocop:disable Cop/ActiverecordSerialize
+  serialize :import_sources # rubocop:disable Cop/ActiverecordSerialize
+  serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiverecordSerialize
+  serialize :domain_whitelist, Array # rubocop:disable Cop/ActiverecordSerialize
+  serialize :domain_blacklist, Array # rubocop:disable Cop/ActiverecordSerialize
+  serialize :repository_storages # rubocop:disable Cop/ActiverecordSerialize
+  serialize :sidekiq_throttling_queues, Array # rubocop:disable Cop/ActiverecordSerialize

  cache_markdown_field :sign_in_text
  cache_markdown_field :help_page_text

--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
 class AuditEvent < ActiveRecord::Base
-  serialize :details, Hash
+  serialize :details, Hash # rubocop:disable Cop/ActiverecordSerialize

  belongs_to :user, foreign_key: :author_id


--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -19,8 +19,8 @@ module Ci
      )
    end

-    serialize :options
-    serialize :yaml_variables, Gitlab::Serializer::Ci::Variables
+    serialize :options # rubocop:disable Cop/ActiverecordSerialize
+    serialize :yaml_variables, Gitlab::Serializer::Ci::Variables # rubocop:disable Cop/ActiverecordSerialize

    delegate :name, to: :project, prefix: true


--- a/app/models/ci/trigger_request.rb
+++ b/app/models/ci/trigger_request.rb
@@ -6,7 +6,7 @@ module Ci
    belongs_to :pipeline, foreign_key: :commit_id
    has_many :builds

-    serialize :variables
+    serialize :variables # rubocop:disable Cop/ActiverecordSerialize

    def user_variables
      return [] unless variables

--- a/app/models/diff_note.rb
+++ b/app/models/diff_note.rb
@@ -6,9 +6,9 @@ class DiffNote < Note

  NOTEABLE_TYPES = %w(MergeRequest Commit).freeze

-  serialize :original_position, Gitlab::Diff::Position
-  serialize :position, Gitlab::Diff::Position
-  serialize :change_position, Gitlab::Diff::Position
+  serialize :original_position, Gitlab::Diff::Position # rubocop:disable Cop/ActiverecordSerialize
+  serialize :position, Gitlab::Diff::Position # rubocop:disable Cop/ActiverecordSerialize
+  serialize :change_position, Gitlab::Diff::Position # rubocop:disable Cop/ActiverecordSerialize

  validates :original_position, presence: true
  validates :position, presence: true

--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -26,7 +26,7 @@ class Event < ActiveRecord::Base
  belongs_to :target, polymorphic: true

  # For Hash only
-  serialize :data
+  serialize :data # rubocop:disable Cop/ActiverecordSerialize

  # Callbacks
  after_create :reset_project_activity

--- a/app/models/hooks/web_hook_log.rb
+++ b/app/models/hooks/web_hook_log.rb
 class WebHookLog < ActiveRecord::Base
  belongs_to :web_hook

-  serialize :request_headers, Hash
-  serialize :request_data, Hash
-  serialize :response_headers, Hash
+  serialize :request_headers, Hash # rubocop:disable Cop/ActiverecordSerialize
+  serialize :request_data, Hash # rubocop:disable Cop/ActiverecordSerialize
+  serialize :response_headers, Hash # rubocop:disable Cop/ActiverecordSerialize

  validates :web_hook, presence: true


--- a/app/models/legacy_diff_note.rb
+++ b/app/models/legacy_diff_note.rb
@@ -7,7 +7,7 @@
 class LegacyDiffNote < Note
  include NoteOnDiff

-  serialize :st_diff
+  serialize :st_diff # rubocop:disable Cop/ActiverecordSerialize

  validates :line_code, presence: true, line_code: true


--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -21,7 +21,7 @@ class MergeRequest < ActiveRecord::Base

  belongs_to :assignee, class_name: "User"

-  serialize :merge_params, Hash
+  serialize :merge_params, Hash # rubocop:disable Cop/ActiverecordSerialize

  after_create :ensure_merge_request_diff, unless: :importing?
  after_update :reload_diff_if_branch_changed

--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -11,8 +11,8 @@ class MergeRequestDiff < ActiveRecord::Base

  belongs_to :merge_request

-  serialize :st_commits
-  serialize :st_diffs
+  serialize :st_commits # rubocop:disable Cop/ActiverecordSerialize
+  serialize :st_diffs # rubocop:disable Cop/ActiverecordSerialize

  state_machine :state, initial: :empty do
    state :collected

--- a/app/models/personal_access_token.rb
+++ b/app/models/personal_access_token.rb
@@ -3,7 +3,7 @@ class PersonalAccessToken < ActiveRecord::Base
  include TokenAuthenticatable
  add_authentication_token_field :token

-  serialize :scopes, Array
+  serialize :scopes, Array # rubocop:disable Cop/ActiverecordSerialize

  belongs_to :user


--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -10,7 +10,7 @@ class ProjectImportData < ActiveRecord::Base
                 insecure_mode: true,
                 algorithm: 'aes-256-cbc'

-  serialize :data, JSON
+  serialize :data, JSON # rubocop:disable Cop/ActiverecordSerialize

  validates :project, presence: true


--- a/app/models/sent_notification.rb
+++ b/app/models/sent_notification.rb
 class SentNotification < ActiveRecord::Base
-  serialize :position, Gitlab::Diff::Position
+  serialize :position, Gitlab::Diff::Position # rubocop:disable Cop/ActiverecordSerialize

  belongs_to :project
  belongs_to :noteable, polymorphic: true

--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -2,7 +2,7 @@
 # and implement a set of methods
 class Service < ActiveRecord::Base
  include Sortable
-  serialize :properties, JSON
+  serialize :properties, JSON # rubocop:disable Cop/ActiverecordSerialize

  default_value_for :active, false
  default_value_for :push_events, true

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -40,7 +40,7 @@ class User < ActiveRecord::Base
         otp_secret_encryption_key: Gitlab::Application.secrets.otp_key_base

  devise :two_factor_backupable, otp_number_of_backup_codes: 10
-  serialize :otp_backup_codes, JSON
+  serialize :otp_backup_codes, JSON # rubocop:disable Cop/ActiverecordSerialize

  devise :lockable, :recoverable, :rememberable, :trackable,
    :validatable, :omniauthable, :confirmable, :registerable

--- a/rubocop/cop/activerecord_serialize.rb
+++ b/rubocop/cop/activerecord_serialize.rb
+module RuboCop
+  module Cop
+    # Cop that prevents the use of `serialize` in ActiveRecord models.
+    class ActiverecordSerialize < RuboCop::Cop::Cop
+      MSG = 'Do not store serialized data in the database, use separate columns and/or tables instead'.freeze
+
+      def on_send(node)
+        return unless in_models?(node)
+
+        add_offense(node, :selector) if node.children[1] == :serialize
+      end
+
+      def models_path
+        File.join(Dir.pwd, 'app', 'models')
+      end
+
+      def in_models?(node)
+        path = node.location.expression.source_buffer.name
+
+        path.start_with?(models_path)
+      end
+    end
+  end
+end
--- a/rubocop/rubocop.rb
+++ b/rubocop/rubocop.rb
 require_relative 'cop/custom_error_class'
 require_relative 'cop/gem_fetcher'
+require_relative 'cop/activerecord_serialize'
 require_relative 'cop/migration/add_column'
 require_relative 'cop/migration/add_column_with_default_to_large_table'
 require_relative 'cop/migration/add_concurrent_foreign_key'

--- a/spec/rubocop/cop/activerecord_serialize_spec.rb
+++ b/spec/rubocop/cop/activerecord_serialize_spec.rb
+require 'spec_helper'
+require 'rubocop'
+require 'rubocop/rspec/support'
+require_relative '../../../rubocop/cop/activerecord_serialize'
+
+describe RuboCop::Cop::ActiverecordSerialize do
+  include CopHelper
+
+  subject(:cop) { described_class.new }
+
+  context 'inside the app/models directory' do
+    it 'registers an offense when serialize is used' do
+      allow(cop).to receive(:in_models?).and_return(true)
+
+      inspect_source(cop, 'serialize :foo')
+
+      aggregate_failures do
+        expect(cop.offenses.size).to eq(1)
+        expect(cop.offenses.map(&:line)).to eq([1])
+      end
+    end
+  end
+
+  context 'outside the app/models directory' do
+    it 'does nothing' do
+      allow(cop).to receive(:in_models?).and_return(false)
+
+      inspect_source(cop, 'serialize :foo')
+
+      expect(cop.offenses).to be_empty
+    end
+  end
+end