Merge pull request #79 from dlindahl/chore/fix-unsafe-offenses-in-pro…

…duction-code Chore/fix unsafe offenses in production code
dlindahl · Jan 9, 2024 · ac91c0a · ac91c0a
2 parents 62f8e0a + 240ab1e
commit ac91c0a
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 57 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -22,3 +22,6 @@ RSpec/FilePath:
 RSpec/SpecFilePathFormat:
   CustomTransform:
     OmniAuth: omniauth
+
+Style/NumericPredicate:
+  Enabled: false
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
diff --git a/lib/omniauth-cas.rb b/lib/omniauth-cas.rb
@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'omniauth/cas'
diff --git a/lib/omniauth/cas.rb b/lib/omniauth/cas.rb
@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'omniauth/cas/version'
 require 'omniauth/strategies/cas'
diff --git a/lib/omniauth/cas/version.rb b/lib/omniauth/cas/version.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OmniAuth
   module Cas
     VERSION = '3.0.0'

diff --git a/lib/omniauth/strategies/cas.rb b/lib/omniauth/strategies/cas.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'omniauth'
 require 'addressable/uri'
 
@@ -48,7 +50,7 @@ class InvalidCASTicket < StandardError; end
       option :phone_key, 'phone'
 
       # As required by https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
-      AuthHashSchemaKeys = %w[name email nickname first_name last_name location image phone]
+      AUTH_HASH_SCHEMA_KEYS = %w[name email nickname first_name last_name location image phone].freeze
       info do
         prune!({
                  name: raw_info[options[:name_key].to_s],
@@ -64,7 +66,7 @@ class InvalidCASTicket < StandardError; end
 
       extra do
         prune!(
-          raw_info.delete_if { |k, _v| AuthHashSchemaKeys.include?(k) }
+          raw_info.delete_if { |k, _v| AUTH_HASH_SCHEMA_KEYS.include?(k) }
         )
       end
 
@@ -104,7 +106,7 @@ def request_phase
       end
 
       def on_sso_path?
-        request.post? && request.params.has_key?('logoutRequest')
+        request.post? && request.params.key?('logoutRequest')
       end
 
       def single_sign_out_phase
@@ -177,7 +179,7 @@ def login_url(service)
       #
       # @return [String] the new joined URL.
       def append_params(base, params)
-        params = params.each { |_k, v| v = Rack::Utils.escape(v) }
+        params = params.each_value { |v| Rack::Utils.escape(v) }
         Addressable::URI.parse(base).tap do |base_uri|
           base_uri.query_values = (base_uri.query_values || {}).merge(params)
         end.to_s

diff --git a/lib/omniauth/strategies/cas/logout_request.rb b/lib/omniauth/strategies/cas/logout_request.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OmniAuth
   module Strategies
     class CAS

diff --git a/lib/omniauth/strategies/cas/service_ticket_validator.rb b/lib/omniauth/strategies/cas/service_ticket_validator.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'net/http'
 require 'net/https'
 require 'nokogiri'
@@ -6,7 +8,7 @@ module OmniAuth
   module Strategies
     class CAS
       class ServiceTicketValidator
-        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }
+        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }.freeze
 
         attr_reader :success_body