Detect references to ENV outside of config directories (#71)

This cop will report references to `ENV` in files outside of the config
directory.

The idea is that applications should extract variables from the ENV at
boot time, and fail if those variables are not valid.

Author: rzane

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    betterlint (1.18.0)
+    betterlint (1.19.0)
       rubocop (~> 1.71)
       rubocop-graphql (~> 1.5)
       rubocop-performance (~> 1.23)

README.md

@@ -130,6 +130,27 @@ end
 ```
 
 All three `params.permit` calls will be flagged.
+
+### Betterment/EnvironmentConfiguration
+
+This cop identifies references to `ENV` outside of the config directory.
+
+Environment variables should be parsed at boot time. If an environment variable is missing or invalid,
+the application should fail to boot.
+
+If there isn't a better place to assign your environment variable, Rails provides the `config.x` namespace
+for [custom configuration](https://guides.rubyonrails.org/configuring.html#custom-configuration):
+
+```ruby
+config.x.whatever = ENV.fetch('WHATEVER')
+```
+
+Here's how you'd reference this configuration parameter at runtime:
+
+```ruby
+Rails.configuration.x.whatever
+```
+
 ### Betterment/InternalsProtection
 
 This cop is not enabled by default, and must be enabled from your `.rubocop.yml` file:

betterlint.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |s|
   s.name = "betterlint"
-  s.version = "1.18.0"
+  s.version = "1.19.0"
   s.authors = ["Development"]
   s.email = ["[email protected]"]
   s.summary = "Betterment rubocop configuration"

config/default.yml

@@ -39,6 +39,13 @@ Betterment/DirectDelayedEnqueue:
 
 Betterment/DynamicParams:
   StyleGuide: '#bettermentdynamicparams'
+  
+Betterment/EnvironmentConfiguration:
+  StyleGuide: '#bettermentenvironmentconfiguration'
+  Exclude:
+    - config/**/*.rb
+    - spec/**/*.rb
+    - test/**/*.rb
 
 Betterment/HardcodedID:
   AutoCorrect: false

lib/rubocop/cop/betterment.rb

@@ -6,6 +6,7 @@
 require 'rubocop/cop/betterment/authorization_in_controller'
 require 'rubocop/cop/betterment/direct_delayed_enqueue'
 require 'rubocop/cop/betterment/dynamic_params'
+require 'rubocop/cop/betterment/environment_configuration'
 require 'rubocop/cop/betterment/fetch_boolean'
 require 'rubocop/cop/betterment/hardcoded_id'
 require 'rubocop/cop/betterment/implicit_redirect_type'

lib/rubocop/cop/betterment/environment_configuration.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Betterment
+      class EnvironmentConfiguration < Base
+        MSG =
+          "Environment variables should be parsed at boot time and assigned " \
+          "to `Rails.configuration` or some other configurable object."
+
+        # @!method env?(node)
+        def_node_matcher :env?, '(const nil? :ENV)'
+
+        def on_const(node)
+          add_offense(node) if env?(node)
+        end
+      end
+    end
+  end
+end

spec/rubocop/cop/betterment/environment_configuration_spec.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe RuboCop::Cop::Betterment::EnvironmentConfiguration, :config do
+  it 'does not allow access to the ENV' do
+    expect_offense(<<~RUBY)
+      ENV['RAILS_ENV']
+      ^^^ Environment variables should be parsed at boot time [...]
+
+      ENV['RAILS_ENV'] ||= 'test'
+      ^^^ Environment variables should be parsed at boot time [...]
+
+      ENV.fetch('FOO')
+      ^^^ Environment variables should be parsed at boot time [...]
+
+      ENV.fetch('FOO', nil)
+      ^^^ Environment variables should be parsed at boot time [...]
+    RUBY
+  end
+end