Merge pull request #1624 from koic/fix_false_positives_for_rails_strong_parameters_expect_with_key_check_methods

[Fix #1622] Fix false positives in `Rails/StrongParametersExpect`

Author: koic

changelog/fix_false_positives_for_rails_strong_parameters_expect_with_key_check_methods.md

@@ -0,0 +1 @@
+* [#1622](https://github.com/rubocop/rubocop-rails/issues/1622): Fix false positives in `Rails/StrongParametersExpect` when using key-check methods such as `key?`, `has_key?`, `include?`, and `member?` on `params[:key]`. ([@koic][])

lib/rubocop/cop/rails/strong_parameters_expect.rb

@@ -8,8 +8,8 @@ module Rails
       # In the following cases, `params[:key]` is treated as a key that is expected to be passed from the HTTP client,
       # and the cop detects it using the `expect` method.
       #
-      # - Method calls on `params[:key]` without comparison methods or methods that are safe to call
-      #   on `nil` (such as `to_i`, `to_s`, or `is_a?`)
+      # - Method calls on `params[:key]` without comparison methods, methods that are safe to call
+      #   on `nil` (such as `to_i`, `to_s`, or `is_a?`), or key-check methods such as `key?`
       # - Passing `params[:key]` as an argument to finder methods that raise on missing records
       # - Strong parameter methods using `require` or `permit`
       #
@@ -56,6 +56,7 @@ class StrongParametersExpect < Base
         RESTRICT_ON_SEND = %i[[] require permit].freeze
         PRESENCE_CHECK_METHODS = %i[nil? blank? present? presence].freeze
         NIL_SAFE_METHODS = %i[instance_of? is_a? kind_of? to_a to_f to_h to_i to_s].freeze
+        KEY_CHECK_METHODS = %i[key? has_key? include? member?].freeze
         RAISING_FINDER_METHODS = %i[find find_by! find_sole_by].freeze
 
         minimum_target_rails_version 8.0
@@ -137,7 +138,9 @@ def offensive_bracket_access?(node)
 
             method_name = parent.method_name
 
-            !PRESENCE_CHECK_METHODS.include?(method_name) && !NIL_SAFE_METHODS.include?(method_name)
+            !PRESENCE_CHECK_METHODS.include?(method_name) &&
+              !NIL_SAFE_METHODS.include?(method_name) &&
+              !KEY_CHECK_METHODS.include?(method_name)
           else
             raising_finder_method?(parent)
           end

spec/rubocop/cop/rails/strong_parameters_expect_spec.rb

@@ -73,6 +73,30 @@
       RUBY
     end
 
+    it 'does not register an offense when using `params[:key].key?(:inner)`' do
+      expect_no_offenses(<<~RUBY)
+        params[:key].key?(:inner)
+      RUBY
+    end
+
+    it 'does not register an offense when using `params[:key].has_key?(:inner)`' do
+      expect_no_offenses(<<~RUBY)
+        params[:key].has_key?(:inner)
+      RUBY
+    end
+
+    it 'does not register an offense when using `params[:key].include?(:inner)`' do
+      expect_no_offenses(<<~RUBY)
+        params[:key].include?(:inner)
+      RUBY
+    end
+
+    it 'does not register an offense when using `params[:key].member?(:inner)`' do
+      expect_no_offenses(<<~RUBY)
+        params[:key].member?(:inner)
+      RUBY
+    end
+
     it "does not register an offense when using `params[:key] == 'value'`" do
       expect_no_offenses(<<~RUBY)
         params[:key] == 'value'