Whitelist or fix additional `Gitlab/PublicSend` cop violations

An upcoming update to rubocop-gitlab-security added additional violations.

Whitelist or fix additional `Gitlab/PublicSend` cop violations
An upcoming update to rubocop-gitlab-security added additional violations.
260c8da0 · Robert Speicher · a64760d6 · 260c8da0 · 260c8da0 · 260c8da0
Commit 260c8da0 authored Aug 10, 2017 by Robert Speicher
61 changed files
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1174,29 +1174,33 @@ RSpec/VerifiedDoubles:
 GitlabSecurity/DeepMunge:
  Enabled: true
  Exclude:
-    - 'spec/**/*'
    - 'lib/**/*.rake'
+    - 'spec/**/*'

 GitlabSecurity/PublicSend:
  Enabled: true
  Exclude:
-    - 'spec/**/*'
+    - 'config/**/*'
+    - 'db/**/*'
+    - 'features/**/*'
    - 'lib/**/*.rake'
+    - 'qa/**/*'
+    - 'spec/**/*'

 GitlabSecurity/RedirectToParamsUpdate:
  Enabled: true
  Exclude:
-    - 'spec/**/*'
    - 'lib/**/*.rake'
+    - 'spec/**/*'

 GitlabSecurity/SqlInjection:
  Enabled: true
  Exclude:
-    - 'spec/**/*'
    - 'lib/**/*.rake'
+    - 'spec/**/*'

 GitlabSecurity/SystemCommandInjection:
  Enabled: true
  Exclude:
-    - 'spec/**/*'
    - 'lib/**/*.rake'
+    - 'spec/**/*'
--- a/app/controllers/concerns/issuable_actions.rb
+++ b/app/controllers/concerns/issuable_actions.rb
@@ -10,7 +10,7 @@ module IssuableActions
  def destroy
    issuable.destroy
    destroy_method = "destroy_#{issuable.class.name.underscore}".to_sym
-    TodoService.new.public_send(destroy_method, issuable, current_user)
+    TodoService.new.public_send(destroy_method, issuable, current_user) # rubocop:disable GitlabSecurity/PublicSend

    name = issuable.human_class_name
    flash[:notice] = "The #{name} was successfully deleted."

--- a/app/controllers/import/github_controller.rb
+++ b/app/controllers/import/github_controller.rb
@@ -64,7 +64,7 @@ class Import::GithubController < Import::BaseController
  end

  def import_enabled?
-    __send__("#{provider}_import_enabled?")
+    __send__("#{provider}_import_enabled?") # rubocop:disable GitlabSecurity/PublicSend
  end

  def new_import_url

--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -89,7 +89,7 @@ class UploadsController < ApplicationController

      @uploader.retrieve_from_store!(params[:filename])
    else
-      @uploader = @model.send(upload_mount)
+      @uploader = @model.public_send(upload_mount) # rubocop:disable GitlabSecurity/PublicSend

      redirect_to @uploader.url unless @uploader.file_storage?
    end

--- a/app/helpers/commits_helper.rb
+++ b/app/helpers/commits_helper.rb
@@ -128,10 +128,10 @@ module CommitsHelper
  #  avatar: true will prepend the avatar image
  #  size:   size of the avatar image in px
  def commit_person_link(commit, options = {})
-    user = commit.send(options[:source])
+    user = commit.public_send(options[:source]) # rubocop:disable GitlabSecurity/PublicSend

-    source_name = clean(commit.send "#{options[:source]}_name".to_sym)
-    source_email = clean(commit.send "#{options[:source]}_email".to_sym)
+    source_name  = clean(commit.public_send(:"#{options[:source]}_name"))  # rubocop:disable GitlabSecurity/PublicSend
+    source_email = clean(commit.public_send(:"#{options[:source]}_email")) # rubocop:disable GitlabSecurity/PublicSend

    person_name = user.try(:name) || source_name


--- a/app/helpers/import_helper.rb
+++ b/app/helpers/import_helper.rb
@@ -5,7 +5,7 @@ module ImportHelper
  end

  def provider_project_link(provider, path_with_namespace)
-    url = __send__("#{provider}_project_url", path_with_namespace)
+    url = __send__("#{provider}_project_url", path_with_namespace) # rubocop:disable GitlabSecurity/PublicSend

    link_to path_with_namespace, url, target: '_blank', rel: 'noopener noreferrer'
  end

--- a/app/helpers/issuables_helper.rb
+++ b/app/helpers/issuables_helper.rb
@@ -174,7 +174,14 @@ module IssuablesHelper
  end

  def assigned_issuables_count(issuable_type)
-    current_user.public_send("assigned_open_#{issuable_type}_count")
+    case issuable_type
+    when :issues
+      current_user.assigned_open_issues_count
+    when :merge_requests
+      current_user.assigned_open_merge_requests_count
+    else
+      raise ArgumentError, "invalid issuable `#{issuable_type}`"
+    end
  end

  def issuable_filter_params
@@ -298,10 +305,6 @@ module IssuablesHelper
    cookies[:collapsed_gutter] == 'true'
  end

-  def base_issuable_scope(issuable)
-    issuable.project.send(issuable.class.table_name).send(issuable_state_scope(issuable))
-  end
-
  def issuable_state_scope(issuable)
    if issuable.respond_to?(:merged?) && issuable.merged?
      :merged

--- a/app/helpers/milestones_helper.rb
+++ b/app/helpers/milestones_helper.rb
@@ -32,7 +32,18 @@ module MilestonesHelper
  end

  def milestone_issues_by_label_count(milestone, label, state:)
-    milestone.issues.with_label(label.title).send(state).size
+    issues = milestone.issues.with_label(label.title)
+    issues =
+      case state
+      when :opened
+        issues.opened
+      when :closed
+        issues.closed
+      else
+        raise ArgumentError, "invalid milestone state `#{state}`"
+      end
+
+    issues.size
  end

  # Returns count of milestones for different states

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -149,15 +149,16 @@ module ProjectsHelper
    # Don't show option "everyone with access" if project is private
    options = project_feature_options

+    level = @project.project_feature.public_send(field) # rubocop:disable GitlabSecurity/PublicSend
+
    if @project.private?
-      level = @project.project_feature.send(field)
      disabled_option = ProjectFeature::ENABLED
      highest_available_option = ProjectFeature::PRIVATE if level == disabled_option
    end

    options = options_for_select(
      options.invert,
-      selected: highest_available_option || @project.project_feature.public_send(field),
+      selected: highest_available_option || level,
      disabled: disabled_option
    )

@@ -486,7 +487,7 @@ module ProjectsHelper
  end

  def filename_path(project, filename)
-    if project && blob = project.repository.send(filename)
+    if project && blob = project.repository.public_send(filename) # rubocop:disable GitlabSecurity/PublicSend
      project_blob_path(
        project,
        tree_join(project.default_branch, blob.name)

--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -200,7 +200,7 @@ class Commit
  end

  def method_missing(m, *args, &block)
-    @raw.send(m, *args, &block)
+    @raw.__send__(m, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
  end

  def respond_to_missing?(method, include_private = false)

--- a/app/models/concerns/cache_markdown_field.rb
+++ b/app/models/concerns/cache_markdown_field.rb
@@ -78,7 +78,7 @@ module CacheMarkdownField
  def cached_html_up_to_date?(markdown_field)
    html_field = cached_markdown_fields.html_field(markdown_field)

-    cached = cached_html_for(markdown_field).present? && __send__(markdown_field).present?
+    cached = cached_html_for(markdown_field).present? && __send__(markdown_field).present? # rubocop:disable GitlabSecurity/PublicSend
    return false unless cached

    markdown_changed = attribute_changed?(markdown_field) || false
@@ -93,14 +93,14 @@ module CacheMarkdownField
  end

  def attribute_invalidated?(attr)
-    __send__("#{attr}_invalidated?")
+    __send__("#{attr}_invalidated?") # rubocop:disable GitlabSecurity/PublicSend
  end

  def cached_html_for(markdown_field)
    raise ArgumentError.new("Unknown field: #{field}") unless
      cached_markdown_fields.markdown_fields.include?(markdown_field)

-    __send__(cached_markdown_fields.html_field(markdown_field))
+    __send__(cached_markdown_fields.html_field(markdown_field)) # rubocop:disable GitlabSecurity/PublicSend
  end

  included do

--- a/app/models/concerns/internal_id.rb
+++ b/app/models/concerns/internal_id.rb
@@ -9,7 +9,7 @@ module InternalId
  def set_iid
    if iid.blank?
      parent = project || group
-      records = parent.send(self.class.name.tableize)
+      records = parent.public_send(self.class.name.tableize) # rubocop:disable GitlabSecurity/PublicSend
      records = records.with_deleted if self.paranoid?
      max_iid = records.maximum(:iid)


--- a/app/models/concerns/mentionable.rb
+++ b/app/models/concerns/mentionable.rb
@@ -56,7 +56,7 @@ module Mentionable
    end

    self.class.mentionable_attrs.each do |attr, options|
-      text    = __send__(attr)
+      text    = __send__(attr) # rubocop:disable GitlabSecurity/PublicSend
      options = options.merge(
        cache_key: [self, attr],
        author: author,
@@ -100,7 +100,7 @@ module Mentionable
                        end

    self.class.mentionable_attrs.any? do |attr, _|
-      __send__(attr) =~ reference_pattern
+      __send__(attr) =~ reference_pattern # rubocop:disable GitlabSecurity/PublicSend
    end
  end


--- a/app/models/concerns/participable.rb
+++ b/app/models/concerns/participable.rb
@@ -82,7 +82,7 @@ module Participable
          if attr.respond_to?(:call)
            source.instance_exec(current_user, ext, &attr)
          else
-            process << source.__send__(attr)
+            process << source.__send__(attr) # rubocop:disable GitlabSecurity/PublicSend
          end
        end
      when Enumerable, ActiveRecord::Relation

--- a/app/models/concerns/project_features_compatibility.rb
+++ b/app/models/concerns/project_features_compatibility.rb
@@ -32,6 +32,6 @@ module ProjectFeaturesCompatibility
    build_project_feature unless project_feature

    access_level = Gitlab::Utils.to_boolean(value) ? ProjectFeature::ENABLED : ProjectFeature::DISABLED
-    project_feature.send(:write_attribute, field, access_level)
+    project_feature.__send__(:write_attribute, field, access_level) # rubocop:disable GitlabSecurity/PublicSend
  end
 end
--- a/app/models/network/commit.rb
+++ b/app/models/network/commit.rb
@@ -12,7 +12,7 @@ module Network
    end

    def method_missing(m, *args, &block)
-      @commit.send(m, *args, &block)
+      @commit.__send__(m, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
    end

    def space

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -921,14 +921,14 @@ class Project < ActiveRecord::Base
  end

  def execute_hooks(data, hooks_scope = :push_hooks)
-    hooks.send(hooks_scope).each do |hook|
+    hooks.public_send(hooks_scope).each do |hook| # rubocop:disable GitlabSecurity/PublicSend
      hook.async_execute(data, hooks_scope.to_s)
    end
  end

  def execute_services(data, hooks_scope = :push_hooks)
    # Call only service hooks that are active for this scope
-    services.send(hooks_scope).each do |service|
+    services.public_send(hooks_scope).each do |service| # rubocop:disable GitlabSecurity/PublicSend
      service.async_execute(data)
    end
  end

--- a/app/models/project_services/chat_notification_service.rb
+++ b/app/models/project_services/chat_notification_service.rb
@@ -115,7 +115,7 @@ class ChatNotificationService < Service

  def get_channel_field(event)
    field_name = event_channel_name(event)
-    self.public_send(field_name)
+    self.public_send(field_name) # rubocop:disable GitlabSecurity/PublicSend
  end

  def build_event_channels

--- a/app/models/project_services/hipchat_service.rb
+++ b/app/models/project_services/hipchat_service.rb
@@ -53,7 +53,7 @@ class HipchatService < Service
    return unless supported_events.include?(data[:object_kind])
    message = create_message(data)
    return unless message.present?
-    gate[room].send('GitLab', message, message_options(data))
+    gate[room].send('GitLab', message, message_options(data)) # rubocop:disable GitlabSecurity/PublicSend
  end

  def test(data)

--- a/app/models/protectable_dropdown.rb
+++ b/app/models/protectable_dropdown.rb
 class ProtectableDropdown
+  REF_TYPES = %i[branches tags].freeze
+
  def initialize(project, ref_type)
+    raise ArgumentError, "invalid ref type `#{ref_type}`" unless ref_type.in?(REF_TYPES)
+
    @project = project
    @ref_type = ref_type
  end
@@ -16,7 +20,7 @@ class ProtectableDropdown
  private

  def refs
-    @project.repository.public_send(@ref_type)
+    @project.repository.public_send(@ref_type) # rubocop:disable GitlabSecurity/PublicSend
  end

  def ref_names
@@ -24,7 +28,7 @@ class ProtectableDropdown
  end

  def protections
-    @project.public_send("protected_#{@ref_type}")
+    @project.public_send("protected_#{@ref_type}") # rubocop:disable GitlabSecurity/PublicSend
  end

  def non_wildcard_protected_ref_names

--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -48,7 +48,9 @@ class Repository
    alias_method(original, name)

    define_method(name) do
-      cache_method_output(name, fallback: fallback, memoize_only: memoize_only) { __send__(original) }
+      cache_method_output(name, fallback: fallback, memoize_only: memoize_only) do
+        __send__(original) # rubocop:disable GitlabSecurity/PublicSend
+      end
    end
  end

@@ -439,9 +441,9 @@ class Repository
  def method_missing(m, *args, &block)
    if m == :lookup && !block_given?
      lookup_cache[m] ||= {}
-      lookup_cache[m][args.join(":")] ||= raw_repository.send(m, *args, &block)
+      lookup_cache[m][args.join(":")] ||= raw_repository.__send__(m, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
    else
-      raw_repository.send(m, *args, &block)
+      raw_repository.__send__(m, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
    end
  end

@@ -772,7 +774,7 @@ class Repository
      end

      actions.each do |options|
-        index.public_send(options.delete(:action), options)
+        index.public_send(options.delete(:action), options) # rubocop:disable GitlabSecurity/PublicSend
      end

      options = {

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1070,7 +1070,7 @@ class User < ActiveRecord::Base
  # Added according to https://github.com/plataformatec/devise/blob/7df57d5081f9884849ca15e4fde179ef164a575f/README.md#activejob-integration
  def send_devise_notification(notification, *args)
    return true unless can?(:receive_notifications)
-    devise_mailer.send(notification, self, *args).deliver_later
+    devise_mailer.__send__(notification, self, *args).deliver_later # rubocop:disable GitlabSecurity/PublicSend
  end

  # This works around a bug in Devise 4.2.0 that erroneously causes a user to

--- a/app/services/akismet_service.rb
+++ b/app/services/akismet_service.rb
@@ -58,7 +58,7 @@ class AkismetService
    }

    begin
-      akismet_client.public_send(type, options[:ip_address], options[:user_agent], params)
+      akismet_client.public_send(type, options[:ip_address], options[:user_agent], params) # rubocop:disable GitlabSecurity/PublicSend
      true
    rescue => e
      Rails.logger.error("Unable to connect to Akismet: #{e}, skipping!")

--- a/app/services/ci/retry_build_service.rb
+++ b/app/services/ci/retry_build_service.rb
@@ -23,7 +23,7 @@ module Ci
      end

      attributes = CLONE_ACCESSORS.map do |attribute|
-        [attribute, build.send(attribute)]
+        [attribute, build.public_send(attribute)] # rubocop:disable GitlabSecurity/PublicSend
      end

      attributes.push([:user, current_user])

--- a/app/services/commits/change_service.rb
+++ b/app/services/commits/change_service.rb
@@ -11,6 +11,7 @@ module Commits
    def commit_change(action)
      raise NotImplementedError unless repository.respond_to?(action)

+      # rubocop:disable GitlabSecurity/PublicSend
      repository.public_send(
        action,
        current_user,

--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -338,7 +338,7 @@ class IssuableBaseService < BaseService

  def invalidate_cache_counts(issuable, users: [], skip_project_cache: false)
    users.each do |user|
-      user.public_send("invalidate_#{issuable.model_name.singular}_cache_counts")
+      user.public_send("invalidate_#{issuable.model_name.singular}_cache_counts") # rubocop:disable GitlabSecurity/PublicSend
    end

    unless skip_project_cache

--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@@ -31,7 +31,7 @@ module Members
        source.members.find_by(condition) ||
          source.requesters.find_by!(condition)
      else
-        source.public_send(scope).find_by!(condition)
+        source.public_send(scope).find_by!(condition) # rubocop:disable GitlabSecurity/PublicSend
      end
    end


--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
+# rubocop:disable GitlabSecurity/PublicSend
+
 # NotificationService class
 #
 # Used for notifying users with emails about different events

--- a/app/services/system_hooks_service.rb
+++ b/app/services/system_hooks_service.rb
@@ -4,7 +4,7 @@ class SystemHooksService
  end

  def execute_hooks(data, hooks_scope = :all)
-    SystemHook.public_send(hooks_scope).find_each do |hook|
+    SystemHook.public_send(hooks_scope).find_each do |hook| # rubocop:disable GitlabSecurity/PublicSend
      hook.async_execute(data, 'system_hooks')
    end
  end

--- a/app/services/test_hooks/base_service.rb
+++ b/app/services/test_hooks/base_service.rb
@@ -18,7 +18,7 @@ module TestHooks
      end

      error_message = catch(:validation_error) do
-        sample_data = self.__send__(trigger_data_method)
+        sample_data = self.__send__(trigger_data_method) # rubocop:disable GitlabSecurity/PublicSend

        return hook.execute(sample_data, trigger)
      end

--- a/app/workers/gitlab_shell_worker.rb
+++ b/app/workers/gitlab_shell_worker.rb
@@ -4,6 +4,6 @@ class GitlabShellWorker
  include DedicatedSidekiqQueue

  def perform(action, *arg)
-    gitlab_shell.send(action, *arg)
+    gitlab_shell.__send__(action, *arg) # rubocop:disable GitlabSecurity/PublicSend
  end
 end
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
+# rubocop:disable GitlabSecurity/PublicSend
+
 require_dependency Rails.root.join('lib/gitlab') # Load Gitlab as soon as possible

 class Settings < Settingslogic

--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -122,7 +122,7 @@ module API
        error_classes = [MissingTokenError, TokenNotFoundError,
                         ExpiredError, RevokedError, InsufficientScopeError]

-        base.send :rescue_from, *error_classes, oauth2_bearer_token_error_handler
+        base.__send__(:rescue_from, *error_classes, oauth2_bearer_token_error_handler) # rubocop:disable GitlabSecurity/PublicSend
      end

      def oauth2_bearer_token_error_handler

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -541,8 +541,9 @@ module API
        target_url    = "namespace_project_#{target_type}_url"
        target_anchor = "note_#{todo.note_id}" if todo.note_id?

-        Gitlab::Routing.url_helpers.public_send(target_url,
-          todo.project.namespace, todo.project, todo.target, anchor: target_anchor)
+        Gitlab::Routing
+          .url_helpers
+          .public_send(target_url, todo.project.namespace, todo.project, todo.target, anchor: target_anchor) # rubocop:disable GitlabSecurity/PublicSend
      end

      expose :body

--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -153,7 +153,7 @@ module API
          render_api_error!('Scope contains invalid value', 400)
        end

-        runners.send(scope)
+        runners.public_send(scope) # rubocop:disable GitlabSecurity/PublicSend
      end

      def get_runner(id)

--- a/lib/api/v3/notes.rb
+++ b/lib/api/v3/notes.rb
@@ -22,7 +22,7 @@ module API
            use :pagination
          end
          get ":id/#{noteables_str}/:noteable_id/notes" do
-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend

            if can?(current_user, noteable_read_ability_name(noteable), noteable)
              # We exclude notes that are cross-references and that cannot be viewed
@@ -50,7 +50,7 @@ module API
            requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
          end
          get ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend
            note = noteable.notes.find(params[:note_id])
            can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user)

@@ -76,7 +76,7 @@ module API
              noteable_id: params[:noteable_id]
            }

-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend

            if can?(current_user, noteable_read_ability_name(noteable), noteable)
              if params[:created_at] && (current_user.admin? || user_project.owner == current_user)

--- a/lib/banzai/filter/external_issue_reference_filter.rb
+++ b/lib/banzai/filter/external_issue_reference_filter.rb
@@ -95,10 +95,10 @@ module Banzai
      private

      def external_issues_cached(attribute)
-        return project.public_send(attribute) unless RequestStore.active?
+        return project.public_send(attribute) unless RequestStore.active? # rubocop:disable GitlabSecurity/PublicSend

        cached_attributes = RequestStore[:banzai_external_issues_tracker_attributes] ||= Hash.new { |h, k| h[k] = {} }
-        cached_attributes[project.id][attribute] = project.public_send(attribute) if cached_attributes[project.id][attribute].nil?
+        cached_attributes[project.id][attribute] = project.public_send(attribute) if cached_attributes[project.id][attribute].nil? # rubocop:disable GitlabSecurity/PublicSend
        cached_attributes[project.id][attribute]
      end
    end

--- a/lib/banzai/object_renderer.rb
+++ b/lib/banzai/object_renderer.rb
@@ -37,7 +37,7 @@ module Banzai

      objects.each_with_index do |object, index|
        redacted_data = redacted[index]
-        object.__send__("redacted_#{attribute}_html=", redacted_data[:document].to_html.html_safe)
+        object.__send__("redacted_#{attribute}_html=", redacted_data[:document].to_html.html_safe) # rubocop:disable GitlabSecurity/PublicSend
        object.user_visible_reference_count = redacted_data[:visible_reference_count]
      end
    end

--- a/lib/banzai/pipeline/base_pipeline.rb
+++ b/lib/banzai/pipeline/base_pipeline.rb
@@ -18,7 +18,7 @@ module Banzai
          define_method(meth) do |text, context|
            context = transform_context(context)

-            html_pipeline.send(meth, text, context)
+            html_pipeline.__send__(meth, text, context) # rubocop:disable GitlabSecurity/PublicSend
          end
        end
      end

--- a/lib/banzai/renderer.rb
+++ b/lib/banzai/renderer.rb
@@ -43,7 +43,7 @@ module Banzai

    # Same as +render_field+, but without consulting or updating the cache field
    def self.cacheless_render_field(object, field, options = {})
-      text = object.__send__(field)
+      text = object.__send__(field) # rubocop:disable GitlabSecurity/PublicSend
      context = object.banzai_render_context(field).merge(options)

      cacheless_render(text, context)
@@ -156,7 +156,7 @@ module Banzai
    # method.
    def self.full_cache_multi_key(cache_key, pipeline_name)
      return unless cache_key
-      Rails.cache.send(:expanded_key, full_cache_key(cache_key, pipeline_name))
+      Rails.cache.__send__(:expanded_key, full_cache_key(cache_key, pipeline_name)) # rubocop:disable GitlabSecurity/PublicSend
    end

    # GitLab EE needs to disable updates on GET requests in Geo

--- a/lib/bitbucket/collection.rb
+++ b/lib/bitbucket/collection.rb
@@ -13,7 +13,7 @@ module Bitbucket
    def method_missing(method, *args)
      return super unless self.respond_to?(method)

-      self.send(method, *args) do |item|
+      self.__send__(method, *args) do |item| # rubocop:disable GitlabSecurity/PublicSend
        block_given? ? yield(item) : item
      end
    end

--- a/lib/ci/ansi2html.rb
+++ b/lib/ci/ansi2html.rb
@@ -208,7 +208,7 @@ module Ci
        return unless command = stack.shift()

        if self.respond_to?("on_#{command}", true)
-          self.send("on_#{command}", stack)
+          self.__send__("on_#{command}", stack) # rubocop:disable GitlabSecurity/PublicSend
        end

        evaluate_command_stack(stack)

--- a/lib/declarative_policy/base.rb
+++ b/lib/declarative_policy/base.rb
@@ -109,7 +109,7 @@ module DeclarativePolicy
        name = name.to_sym

        if delegation_block.nil?
-          delegation_block = proc { @subject.__send__(name) }
+          delegation_block = proc { @subject.__send__(name) } # rubocop:disable GitlabSecurity/PublicSend
        end

        own_delegations[name] = delegation_block

--- a/lib/declarative_policy/dsl.rb
+++ b/lib/declarative_policy/dsl.rb
@@ -93,7 +93,7 @@ module DeclarativePolicy
    def method_missing(m, *a, &b)
      return super unless @context_class.respond_to?(m)

-      @context_class.__send__(m, *a, &b)
+      @context_class.__send__(m, *a, &b) # rubocop:disable GitlabSecurity/PublicSend
    end

    def respond_to_missing?(m)

--- a/lib/file_size_validator.rb
+++ b/lib/file_size_validator.rb
@@ -44,13 +44,13 @@ class FileSizeValidator < ActiveModel::EachValidator
        when Integer
          check_value
        when Symbol
-          record.send(check_value)
+          record.public_send(check_value) # rubocop:disable GitlabSecurity/PublicSend
        end

      value ||= [] if key == :maximum

      value_size = value.size
-      next if value_size.send(validity_check, check_value)
+      next if value_size.public_send(validity_check, check_value) # rubocop:disable GitlabSecurity/PublicSend

      errors_options = options.except(*RESERVED_OPTIONS)
      errors_options[:file_size] = help.number_to_human_size check_value

--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -101,7 +101,7 @@ module Gitlab
        if Service.available_services_names.include?(underscored_service)
          # We treat underscored_service as a trusted input because it is included
          # in the Service.available_services_names whitelist.
-          service = project.public_send("#{underscored_service}_service")
+          service = project.public_send("#{underscored_service}_service") # rubocop:disable GitlabSecurity/PublicSend

          if service && service.activated? && service.valid_token?(password)
            Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities)
@@ -149,7 +149,7 @@ module Gitlab

      def abilities_for_scope(scopes)
        scopes.map do |scope|
-          self.public_send(:"#{scope}_scope_authentication_abilities")
+          self.public_send(:"#{scope}_scope_authentication_abilities") # rubocop:disable GitlabSecurity/PublicSend
        end.flatten.uniq
      end


--- a/lib/gitlab/cache/request_cache.rb
+++ b/lib/gitlab/cache/request_cache.rb
@@ -69,7 +69,7 @@ module Gitlab
                  instance_variable_set(ivar_name, {})
              end

-            key = __send__(cache_key_method_name, args)
+            key = __send__(cache_key_method_name, args) # rubocop:disable GitlabSecurity/PublicSend

            store.fetch(key) { store[key] = super(*args) }
          end

--- a/lib/gitlab/diff/line_mapper.rb
+++ b/lib/gitlab/diff/line_mapper.rb
@@ -38,7 +38,7 @@ module Gitlab
        # - The first diff line with a higher line number, if it falls between diff contexts
        # - The last known diff line, if it falls after the last diff context
        diff_line = diff_lines.find do |diff_line|
-          diff_from_line = diff_line.send(from)
+          diff_from_line = diff_line.public_send(from) # rubocop:disable GitlabSecurity/PublicSend
          diff_from_line && diff_from_line >= from_line
        end
        diff_line ||= diff_lines.last
@@ -47,8 +47,8 @@ module Gitlab
        # mapped line number is the same as the specified line number.
        return from_line unless diff_line

-        diff_from_line = diff_line.send(from)
-        diff_to_line = diff_line.send(to)
+        diff_from_line = diff_line.public_send(from) # rubocop:disable GitlabSecurity/PublicSend
+        diff_to_line = diff_line.public_send(to) # rubocop:disable GitlabSecurity/PublicSend

        # If the line was removed, there is no mapped line number.
        return unless diff_to_line

--- a/lib/gitlab/git/blob.rb
+++ b/lib/gitlab/git/blob.rb
@@ -173,7 +173,7 @@ module Gitlab

      def initialize(options)
        %w(id name path size data mode commit_id binary).each do |key|
-          self.send("#{key}=", options[key.to_sym])
+          self.__send__("#{key}=", options[key.to_sym]) # rubocop:disable GitlabSecurity/PublicSend
        end

        @loaded_all_data = false

--- a/lib/gitlab/git/tree.rb
+++ b/lib/gitlab/git/tree.rb
@@ -89,7 +89,7 @@ module Gitlab

      def initialize(options)
        %w(id root_id name path type mode commit_id).each do |key|
-          self.send("#{key}=", options[key.to_sym])
+          self.send("#{key}=", options[key.to_sym]) # rubocop:disable GitlabSecurity/PublicSend
        end
      end


--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -55,7 +55,7 @@ module Gitlab
    def self.call(storage, service, rpc, request)
      metadata = request_metadata(storage)
      metadata = yield(metadata) if block_given?
-      stub(service, storage).send(rpc, request, metadata)
+      stub(service, storage).__send__(rpc, request, metadata) # rubocop:disable GitlabSecurity/PublicSend
    end

    def self.request_metadata(storage)

--- a/lib/gitlab/github_import/base_formatter.rb
+++ b/lib/gitlab/github_import/base_formatter.rb
@@ -11,7 +11,9 @@ module Gitlab
      end

      def create!
-        project.public_send(project_association).find_or_create_by!(find_condition) do |record|
+        association = project.public_send(project_association) # rubocop:disable GitlabSecurity/PublicSend
+
+        association.find_or_create_by!(find_condition) do |record|
          record.attributes = attributes
        end
      end

--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@@ -120,7 +120,7 @@ module Gitlab
      def request(method, *args, &block)
        sleep rate_limit_sleep_time if rate_limit_exceed?

-        data = api.send(method, *args)
+        data = api.__send__(method, *args) # rubocop:disable GitlabSecurity/PublicSend
        return data unless data.is_a?(Array)

        last_response = api.last_response

--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -289,7 +289,7 @@ module Gitlab

        opts.last[:page] = current_page(resource_type)

-        client.public_send(resource_type, *opts) do |resources|
+        client.public_send(resource_type, *opts) do |resources| # rubocop:disable GitlabSecurity/PublicSend
          yield resources
          increment_page(resource_type)
        end

--- a/lib/gitlab/lazy.rb
+++ b/lib/gitlab/lazy.rb
@@ -16,7 +16,7 @@ module Gitlab
    def method_missing(name, *args, &block)
      __evaluate__

-      @result.__send__(name, *args, &block)
+      @result.__send__(name, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
    end

    def respond_to_missing?(name, include_private = false)

--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
@@ -32,7 +32,7 @@ module Gitlab
      end

      def uid
-        entry.send(config.uid).first
+        entry.public_send(config.uid).first # rubocop:disable GitlabSecurity/PublicSend
      end

      def username
@@ -65,7 +65,7 @@ module Gitlab

        return nil unless selected_attr

-        entry.public_send(selected_attr)
+        entry.public_send(selected_attr) # rubocop:disable GitlabSecurity/PublicSend
      end
    end
  end

--- a/lib/gitlab/markdown/pipeline.rb
+++ b/lib/gitlab/markdown/pipeline.rb
@@ -23,7 +23,7 @@ module Gitlab
          define_method(meth) do |text, context|
            context = transform_context(context)

-            html_pipeline.send(meth, text, context)
+            html_pipeline.__send__(meth, text, context) # rubocop:disable GitlabSecurity/PublicSend
          end
        end
      end

--- a/lib/uploaded_file.rb
+++ b/lib/uploaded_file.rb
@@ -27,7 +27,7 @@ class UploadedFile
  alias_method :local_path, :path

  def method_missing(method_name, *args, &block) #:nodoc:
-    @tempfile.__send__(method_name, *args, &block)
+    @tempfile.__send__(method_name, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
  end

  def respond_to?(method_name, include_private = false) #:nodoc:

--- a/qa/qa/runtime/release.rb
+++ b/qa/qa/runtime/release.rb
@@ -21,7 +21,7 @@ module QA
      end

      def self.method_missing(name, *args)
-        self.new.strategy.public_send(name, *args)
+        self.new.strategy.public_send(name, *args) # rubocop:disable GitlabSecurity/PublicSend
      end
    end
  end

--- a/spec/lib/file_size_validator_spec.rb
+++ b/spec/lib/file_size_validator_spec.rb
@@ -24,13 +24,13 @@ describe FileSizeValidator do
  describe 'options uses a symbol' do
    let(:options) do
      {
-        maximum: :test,
+        maximum: :max_attachment_size,
        attributes: { attachment: attachment }
      }
    end

    before do
-      allow(note).to receive(:test) { 10 }
+      expect(note).to receive(:max_attachment_size) { 10 }
    end

    it 'attachment exceeds maximum limit' do

--- a/spec/models/protectable_dropdown_spec.rb
+++ b/spec/models/protectable_dropdown_spec.rb
@@ -4,6 +4,13 @@ describe ProtectableDropdown do
  let(:project) { create(:project, :repository) }
  let(:subject) { described_class.new(project, :branches) }

+  describe 'initialize' do
+    it 'raises ArgumentError for invalid ref type' do
+      expect { described_class.new(double, :foo) }
+        .to raise_error(ArgumentError, "invalid ref type `foo`")
+    end
+  end
+
  describe '#protectable_ref_names' do
    before do
      project.protected_branches.create(name: 'master')