diff --git a/.circleci/config.yml b/.circleci/config.yml index ccd163b61..74fcb9fd5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -68,7 +68,7 @@ jobs: command: bundle exec rubocop - run: name: Run brakeman - command: bundle exec brakeman -z + command: bundle exec brakeman - run: name: Run haml-lint command: bundle exec haml-lint app/views/ diff --git a/.haml-lint.yml b/.haml-lint.yml index 0927e9027..e3d566f90 100644 --- a/.haml-lint.yml +++ b/.haml-lint.yml @@ -43,6 +43,10 @@ linters: character: space # or tab width: 2 # ignored if character == tab + # TODO: enable once we got rid of the legacy UIs + InlineStyles: + enabled: false + InstanceVariables: enabled: false file_types: partials @@ -117,3 +121,8 @@ linters: # locally from time to time UnnecessaryStringOutput: enabled: false + + # Disabled because too agress ive, but to enable + # locally from time to time + ViewLength: + enabled: false diff --git a/Gemfile.lock b/Gemfile.lock index df20eaa38..3f3f2bc11 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -92,6 +92,7 @@ GEM rubyzip (~> 1.0.0) bcrypt (3.1.11) bindata (2.3.4) + bindex (0.5.0) bootstrap-datepicker-rails (1.6.4.1) railties (>= 3.0) bootstrap-sass (3.3.7) @@ -102,7 +103,7 @@ GEM bourbon (4.3.4) sass (~> 3.4) thor (~> 0.19) - brakeman (3.7.0) + brakeman (4.1.1) browser (2.3.0) builder (3.2.3) byebug (9.0.6) @@ -146,7 +147,6 @@ GEM database_cleaner (1.5.3) datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) - debug_inspector (0.0.2) deep_cloneable (2.2.2) activerecord (>= 3.1.0, < 5.2.0) delayed_cron_job (0.7.2) @@ -321,8 +321,8 @@ GEM font-awesome-rails (4.7.0.1) railties (>= 3.2, < 5.1) formatador (0.2.5) - globalid (0.3.7) - activesupport (>= 4.1.0) + globalid (0.4.1) + activesupport (>= 4.2.0) guard (2.14.0) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) @@ -352,11 +352,11 @@ GEM haml (>= 4.0.6, < 5.0) html2haml (>= 1.0.1) railties (>= 4.0.1) - haml_lint (0.24.0) + haml_lint (0.27.0) haml (>= 4.0, < 5.1) rainbow rake (>= 10, < 13) - rubocop (>= 0.47.0) + rubocop (>= 0.50.0) sysexits (~> 1.1) hashdiff (0.3.1) hashie (3.4.6) @@ -413,8 +413,8 @@ GEM crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.10) - mail (2.6.4) - mime-types (>= 1.16, < 4) + mail (2.7.0) + mini_mime (>= 0.1.1) mailjet (1.4.10) activesupport (>= 3.1.0) rack (>= 1.4.0) @@ -425,6 +425,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mimemagic (0.3.2) + mini_mime (1.0.0) mini_portile2 (2.3.0) minitest (5.11.1) momentjs-rails (2.17.1) @@ -604,7 +605,11 @@ GEM rubyzip (1.0.0) safe_yaml (1.0.4) sanitize-url (0.1.4) - sass (3.4.22) + sass (3.5.5) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) sass-rails (5.0.6) railties (>= 4.0.0, < 6) sass (~> 3.1) @@ -614,9 +619,9 @@ GEM scenic (1.3.0) activerecord (>= 4.0.0) railties (>= 4.0.0) - scss_lint (0.53.0) + scss_lint (0.56.0) rake (>= 0.9, < 13) - sass (~> 3.4.20) + sass (~> 3.5.3) sdoc (0.4.2) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) @@ -656,10 +661,10 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.0) + sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -702,10 +707,10 @@ GEM activemodel (>= 3.0.0) addressable vcr (3.0.3) - web-console (3.4.0) + web-console (3.5.1) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) webfinger (1.0.2) activesupport @@ -717,11 +722,11 @@ GEM hashdiff websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) xml-simple (1.1.5) xpath (2.1.0) nokogiri (~> 1.3) - xray-rails (0.2.0) + xray-rails (0.3.1) rails (>= 3.1.0) PLATFORMS diff --git a/README.md b/README.md index 1e50be21a..72098fa29 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Pour exécuter les tests de l'application, plusieurs possibilités : ## Linting - Faire tourner RuboCop : `bundle exec rubocop` -- Faire tourner Brakeman : `bundle exec brakeman -z` +- Faire tourner Brakeman : `bundle exec brakeman` - Linter les fichiers HAML : `bundle exec haml-lint app/views/` - Linter les fichiers SCSS : `bundle exec scss-lint app/assets/stylesheets/` diff --git a/app/views/dossiers/_infos_dossier.html.haml b/app/views/dossiers/_infos_dossier.html.haml index 73ec2bb2b..f1c09ddf9 100644 --- a/app/views/dossiers/_infos_dossier.html.haml +++ b/app/views/dossiers/_infos_dossier.html.haml @@ -43,7 +43,7 @@ - if dossier = link_to("Dossier #{dossier.id}", dossier.decorate.url(gestionnaire_signed_in?), target: '_blank') %br - = dossier.text_summary + = sanitize(dossier.text_summary) - else Pas de dossier associé - else diff --git a/app/views/new_gestionnaire/dossiers/_champs.html.haml b/app/views/new_gestionnaire/dossiers/_champs.html.haml index 1354f4624..45609eaa2 100644 --- a/app/views/new_gestionnaire/dossiers/_champs.html.haml +++ b/app/views/new_gestionnaire/dossiers/_champs.html.haml @@ -27,7 +27,7 @@ - else Dossier nº #{dossier.id} %br - = dossier.text_summary + = sanitize(dossier.text_summary) - else Pas de dossier associé - else