Lint for wildcard dependencies in Cargo.toml

ordovicia · ordovicia · commit 0263ddde92d8 · 2018-10-24T15:00:28.000+09:00
diff --git a/clippy_lints/src/lib.rs b/clippy_lints/src/lib.rs
@@ -200,6 +200,7 @@ pub mod unused_label;
 pub mod unwrap;
 pub mod use_self;
 pub mod vec;
+pub mod wildcard_dependencies;
 pub mod write;
 pub mod zero_div_zero;
 // end lints modules, do not remove this comment, it’s used in `update_lints`
@@ -438,6 +439,7 @@ pub fn register_plugins(reg: &mut rustc_plugin::Registry<'_>, conf: &Conf) {
     reg.register_late_lint_pass(box question_mark::Pass);
     reg.register_late_lint_pass(box suspicious_trait_impl::SuspiciousImpl);
     reg.register_early_lint_pass(box multiple_crate_versions::Pass);
+    reg.register_early_lint_pass(box wildcard_dependencies::Pass);
     reg.register_late_lint_pass(box map_unit_fn::Pass);
     reg.register_late_lint_pass(box infallible_destructuring_match::Pass);
     reg.register_late_lint_pass(box inherent_impl::Pass::default());
@@ -967,6 +969,7 @@ pub fn register_plugins(reg: &mut rustc_plugin::Registry<'_>, conf: &Conf) {
 
     reg.register_lint_group("clippy::cargo", Some("clippy_cargo"), vec![
         multiple_crate_versions::MULTIPLE_CRATE_VERSIONS,
+        wildcard_dependencies::WILDCARD_DEPENDENCIES,
     ]);
 
     reg.register_lint_group("clippy::nursery", Some("clippy_nursery"), vec![
diff --git a/clippy_lints/src/wildcard_dependencies.rs b/clippy_lints/src/wildcard_dependencies.rs
@@ -0,0 +1,70 @@
+// Copyright 2014-2018 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+use crate::rustc::lint::{EarlyContext, EarlyLintPass, LintArray, LintPass};
+use crate::rustc::{declare_tool_lint, lint_array};
+use crate::syntax::ast::*;
+use crate::utils::span_lint;
+
+use cargo_metadata;
+use lazy_static::lazy_static;
+use semver;
+
+/// **What it does:** Checks to see if wildcard dependencies are being used.
+///
+/// **Why is this bad?** [As the edition guide sais](https://rust-lang-nursery.github.io/edition-guide/rust-2018/cargo-and-crates-io/crates-io-disallows-wildcard-dependencies.html),
+/// it is highly unlikely that you work with any possible version of your dependency,
+/// and wildcard dependencies would cause unnecessary breakage in the ecosystem.
+///
+/// **Known problems:** None.
+///
+/// **Example:**
+/// ```toml
+/// [dependencies]
+/// regex = "*"
+/// ```
+declare_clippy_lint! {
+    pub WILDCARD_DEPENDENCIES,
+    cargo,
+    "wildcard dependencies being used"
+}
+
+pub struct Pass;
+
+impl LintPass for Pass {
+    fn get_lints(&self) -> LintArray {
+        lint_array!(WILDCARD_DEPENDENCIES)
+    }
+}
+
+impl EarlyLintPass for Pass {
+    fn check_crate(&mut self, cx: &EarlyContext<'_>, krate: &Crate) {
+        let metadata = if let Ok(metadata) = cargo_metadata::metadata(None) {
+            metadata
+        } else {
+            span_lint(cx, WILDCARD_DEPENDENCIES, krate.span, "could not read cargo metadata");
+            return;
+        };
+
+        lazy_static! {
+            static ref WILDCARD_VERSION_REQ: semver::VersionReq = semver::VersionReq::parse("*").unwrap();
+        }
+
+        for dep in &metadata.packages[0].dependencies {
+            if dep.req == *WILDCARD_VERSION_REQ {
+                span_lint(
+                    cx,
+                    WILDCARD_DEPENDENCIES,
+                    krate.span,
+                    &format!("wildcard dependency for `{}`", dep.name),
+                );
+            }
+        }
+    }
+}
