Disable development NoEvalCop for load-time eval calls

rmosolgo · rmosolgo · commit d85e69690fa4 · 2025-03-03T12:39:08.000-05:00
diff --git a/cop/development/no_eval_cop.rb b/cop/development/no_eval_cop.rb
@@ -4,7 +4,7 @@
 module Cop
   module Development
     class NoEvalCop < RuboCop::Cop::Base
-      MSG_TEMPLATE = "Don't use `%{eval_method_name}` which accept strings and may result in unexpected code being generated. Use `%{exec_method_name}` instead, and pass a block."
+      MSG_TEMPLATE = "Don't use `%{eval_method_name}` which accepts strings and may result evaluating unexpected code. Use `%{exec_method_name}` instead, and pass a block."
 
       def on_send(node)
         case node.method_name
diff --git a/lib/graphql/analysis/analyzer.rb b/lib/graphql/analysis/analyzer.rb
@@ -42,6 +42,7 @@ def result
         raise GraphQL::RequiredImplementationMissingError
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
       class << self
         private
 
@@ -72,7 +73,7 @@ def on_leave_#{member_name}(node, parent, visitor)
       build_visitor_hooks :variable_definition
       build_visitor_hooks :variable_identifier
       build_visitor_hooks :abstract_node
-
+      # rubocop:enable Development/NoEvalCop
       protected
 
       # @return [GraphQL::Query, GraphQL::Execution::Multiplex] Whatever this analyzer is analyzing
diff --git a/lib/graphql/analysis/visitor.rb b/lib/graphql/analysis/visitor.rb
@@ -64,6 +64,7 @@ def response_path
         @response_path.dup
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
       # Visitor Hooks
       [
         :operation_definition, :fragment_definition,
@@ -92,6 +93,7 @@ def call_on_leave_#{node_type}(node, parent)
 
         RUBY
       end
+      # rubocop:enable Development/NoEvalCop
 
       def on_operation_definition(node, parent)
         object_type = @schema.root_type_for_operation(node.operation_type)
diff --git a/lib/graphql/language/nodes.rb b/lib/graphql/language/nodes.rb
@@ -141,6 +141,8 @@ def merge!(new_options)
         end
 
         class << self
+          # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
+
           # Add a default `#visit_method` and `#children_method_name` using the class name
           def inherited(child_class)
             super
@@ -341,6 +343,8 @@ def marshal_load(values)
                   @line, @col, @filename #{marshalling_method_names.map { |n| ", @#{n}"}.join} = values
                 end
               RUBY
+
+              # rubocop:enable Development/NoEvalCop
             end
           end
         end
diff --git a/lib/graphql/language/static_visitor.rb b/lib/graphql/language/static_visitor.rb
@@ -21,6 +21,7 @@ def visit
           @document
         end
       end
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
 
       # We don't use `alias` here because it breaks `super`
       def self.make_visit_methods(ast_node_class)
@@ -55,6 +56,48 @@ def #{node_method}(node, parent)
         RUBY
       end
 
+      [
+        Language::Nodes::Argument,
+        Language::Nodes::Directive,
+        Language::Nodes::DirectiveDefinition,
+        Language::Nodes::DirectiveLocation,
+        Language::Nodes::Document,
+        Language::Nodes::Enum,
+        Language::Nodes::EnumTypeDefinition,
+        Language::Nodes::EnumTypeExtension,
+        Language::Nodes::EnumValueDefinition,
+        Language::Nodes::Field,
+        Language::Nodes::FieldDefinition,
+        Language::Nodes::FragmentDefinition,
+        Language::Nodes::FragmentSpread,
+        Language::Nodes::InlineFragment,
+        Language::Nodes::InputObject,
+        Language::Nodes::InputObjectTypeDefinition,
+        Language::Nodes::InputObjectTypeExtension,
+        Language::Nodes::InputValueDefinition,
+        Language::Nodes::InterfaceTypeDefinition,
+        Language::Nodes::InterfaceTypeExtension,
+        Language::Nodes::ListType,
+        Language::Nodes::NonNullType,
+        Language::Nodes::NullValue,
+        Language::Nodes::ObjectTypeDefinition,
+        Language::Nodes::ObjectTypeExtension,
+        Language::Nodes::OperationDefinition,
+        Language::Nodes::ScalarTypeDefinition,
+        Language::Nodes::ScalarTypeExtension,
+        Language::Nodes::SchemaDefinition,
+        Language::Nodes::SchemaExtension,
+        Language::Nodes::TypeName,
+        Language::Nodes::UnionTypeDefinition,
+        Language::Nodes::UnionTypeExtension,
+        Language::Nodes::VariableDefinition,
+        Language::Nodes::VariableIdentifier,
+      ].each do |ast_node_class|
+        make_visit_methods(ast_node_class)
+      end
+
+      # rubocop:disable Development/NoEvalCop
+
       def on_document_children(document_node)
         document_node.children.each do |child_node|
           visit_method = child_node.visit_method
@@ -122,46 +165,6 @@ def on_argument_children(new_node)
           end
         end
       end
-
-      [
-        Language::Nodes::Argument,
-        Language::Nodes::Directive,
-        Language::Nodes::DirectiveDefinition,
-        Language::Nodes::DirectiveLocation,
-        Language::Nodes::Document,
-        Language::Nodes::Enum,
-        Language::Nodes::EnumTypeDefinition,
-        Language::Nodes::EnumTypeExtension,
-        Language::Nodes::EnumValueDefinition,
-        Language::Nodes::Field,
-        Language::Nodes::FieldDefinition,
-        Language::Nodes::FragmentDefinition,
-        Language::Nodes::FragmentSpread,
-        Language::Nodes::InlineFragment,
-        Language::Nodes::InputObject,
-        Language::Nodes::InputObjectTypeDefinition,
-        Language::Nodes::InputObjectTypeExtension,
-        Language::Nodes::InputValueDefinition,
-        Language::Nodes::InterfaceTypeDefinition,
-        Language::Nodes::InterfaceTypeExtension,
-        Language::Nodes::ListType,
-        Language::Nodes::NonNullType,
-        Language::Nodes::NullValue,
-        Language::Nodes::ObjectTypeDefinition,
-        Language::Nodes::ObjectTypeExtension,
-        Language::Nodes::OperationDefinition,
-        Language::Nodes::ScalarTypeDefinition,
-        Language::Nodes::ScalarTypeExtension,
-        Language::Nodes::SchemaDefinition,
-        Language::Nodes::SchemaExtension,
-        Language::Nodes::TypeName,
-        Language::Nodes::UnionTypeDefinition,
-        Language::Nodes::UnionTypeExtension,
-        Language::Nodes::VariableDefinition,
-        Language::Nodes::VariableIdentifier,
-      ].each do |ast_node_class|
-        make_visit_methods(ast_node_class)
-      end
     end
   end
 end
diff --git a/lib/graphql/language/visitor.rb b/lib/graphql/language/visitor.rb
@@ -60,6 +60,7 @@ def visit
           @document
         end
       end
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
 
       # We don't use `alias` here because it breaks `super`
       def self.make_visit_methods(ast_node_class)
@@ -116,6 +117,48 @@ def #{node_method}_with_modifications(node, parent)
         RUBY
       end
 
+      [
+        Language::Nodes::Argument,
+        Language::Nodes::Directive,
+        Language::Nodes::DirectiveDefinition,
+        Language::Nodes::DirectiveLocation,
+        Language::Nodes::Document,
+        Language::Nodes::Enum,
+        Language::Nodes::EnumTypeDefinition,
+        Language::Nodes::EnumTypeExtension,
+        Language::Nodes::EnumValueDefinition,
+        Language::Nodes::Field,
+        Language::Nodes::FieldDefinition,
+        Language::Nodes::FragmentDefinition,
+        Language::Nodes::FragmentSpread,
+        Language::Nodes::InlineFragment,
+        Language::Nodes::InputObject,
+        Language::Nodes::InputObjectTypeDefinition,
+        Language::Nodes::InputObjectTypeExtension,
+        Language::Nodes::InputValueDefinition,
+        Language::Nodes::InterfaceTypeDefinition,
+        Language::Nodes::InterfaceTypeExtension,
+        Language::Nodes::ListType,
+        Language::Nodes::NonNullType,
+        Language::Nodes::NullValue,
+        Language::Nodes::ObjectTypeDefinition,
+        Language::Nodes::ObjectTypeExtension,
+        Language::Nodes::OperationDefinition,
+        Language::Nodes::ScalarTypeDefinition,
+        Language::Nodes::ScalarTypeExtension,
+        Language::Nodes::SchemaDefinition,
+        Language::Nodes::SchemaExtension,
+        Language::Nodes::TypeName,
+        Language::Nodes::UnionTypeDefinition,
+        Language::Nodes::UnionTypeExtension,
+        Language::Nodes::VariableDefinition,
+        Language::Nodes::VariableIdentifier,
+      ].each do |ast_node_class|
+        make_visit_methods(ast_node_class)
+      end
+
+      # rubocop:enable Development/NoEvalCop
+
       def on_document_children(document_node)
         new_node = document_node
         document_node.children.each do |child_node|
@@ -216,46 +259,6 @@ def on_argument_children(new_node)
         new_node
       end
 
-      [
-        Language::Nodes::Argument,
-        Language::Nodes::Directive,
-        Language::Nodes::DirectiveDefinition,
-        Language::Nodes::DirectiveLocation,
-        Language::Nodes::Document,
-        Language::Nodes::Enum,
-        Language::Nodes::EnumTypeDefinition,
-        Language::Nodes::EnumTypeExtension,
-        Language::Nodes::EnumValueDefinition,
-        Language::Nodes::Field,
-        Language::Nodes::FieldDefinition,
-        Language::Nodes::FragmentDefinition,
-        Language::Nodes::FragmentSpread,
-        Language::Nodes::InlineFragment,
-        Language::Nodes::InputObject,
-        Language::Nodes::InputObjectTypeDefinition,
-        Language::Nodes::InputObjectTypeExtension,
-        Language::Nodes::InputValueDefinition,
-        Language::Nodes::InterfaceTypeDefinition,
-        Language::Nodes::InterfaceTypeExtension,
-        Language::Nodes::ListType,
-        Language::Nodes::NonNullType,
-        Language::Nodes::NullValue,
-        Language::Nodes::ObjectTypeDefinition,
-        Language::Nodes::ObjectTypeExtension,
-        Language::Nodes::OperationDefinition,
-        Language::Nodes::ScalarTypeDefinition,
-        Language::Nodes::ScalarTypeExtension,
-        Language::Nodes::SchemaDefinition,
-        Language::Nodes::SchemaExtension,
-        Language::Nodes::TypeName,
-        Language::Nodes::UnionTypeDefinition,
-        Language::Nodes::UnionTypeExtension,
-        Language::Nodes::VariableDefinition,
-        Language::Nodes::VariableIdentifier,
-      ].each do |ast_node_class|
-        make_visit_methods(ast_node_class)
-      end
-
       private
 
       def apply_modifications(node, parent, new_node_and_new_parent)
diff --git a/lib/graphql/schema/build_from_definition.rb b/lib/graphql/schema/build_from_definition.rb
@@ -467,17 +467,18 @@ def build_fields(owner, field_definitions, type_resolver, default_resolve:)
 
             # Don't do this for interfaces
             if default_resolve
-              owner.class_eval <<-RUBY, __FILE__, __LINE__
-                # frozen_string_literal: true
-                def #{resolve_method_name}(**args)
-                  field_instance = self.class.get_field("#{field_definition.name}")
-                  context.schema.definition_default_resolve.call(self.class, field_instance, object, args, context)
-                end
-              RUBY
+              define_field_resolve_method(owner, resolve_method_name, field_definition.name)
             end
           end
         end
 
+        def define_field_resolve_method(owner, method_name, field_name)
+          owner.define_method(method_name) { |**args|
+            field_instance = self.class.get_field(field_name)
+            context.schema.definition_default_resolve.call(self.class, field_instance, object, args, context)
+          }
+        end
+
         def build_resolve_type(lookup_hash, directives, missing_type_handler)
           resolve_type_proc = nil
           resolve_type_proc = ->(ast_node) {
diff --git a/lib/graphql/schema/enum.rb b/lib/graphql/schema/enum.rb
@@ -256,7 +256,7 @@ def generate_value_method(value, configured_value_method)
             return
           end
 
-          instance_eval("def #{value_method_name}; #{value.graphql_name.inspect}; end;", __FILE__, __LINE__)
+          define_singleton_method(value_method_name) { value.graphql_name }
         end
       end
 
diff --git a/lib/graphql/schema/input_object.rb b/lib/graphql/schema/input_object.rb
@@ -59,7 +59,7 @@ def deconstruct_keys(keys = nil)
         else
           new_h = {}
           keys.each { |k| @ruby_style_hash.key?(k) && new_h[k] = @ruby_style_hash[k] }
-          new_h 
+          new_h
         end
       end
 
@@ -150,14 +150,8 @@ def argument(*args, **kwargs, &block)
             end
           end
           # Add a method access
-          method_name = argument_defn.keyword
           suppress_redefinition_warning do
-            class_eval <<-RUBY, __FILE__, __LINE__
-              def #{method_name}
-                self[#{method_name.inspect}]
-              end
-              alias_method #{method_name.inspect}, #{method_name.inspect}
-            RUBY
+            define_accessor_method(argument_defn.keyword)
           end
           argument_defn
         end
@@ -293,6 +287,11 @@ def suppress_redefinition_warning
         ensure
           $VERBOSE = verbose
         end
+
+        def define_accessor_method(method_name)
+          define_method(method_name) { self[method_name] }
+          alias_method(method_name, method_name)
+        end
       end
 
       private
diff --git a/lib/graphql/tracing/appoptics_trace.rb b/lib/graphql/tracing/appoptics_trace.rb
@@ -32,6 +32,8 @@ def self.version
         Gem::Version.new('1.0.0')
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
+
       [
         'lex',
         'parse',
@@ -59,6 +61,8 @@ def #{trace_method}(**data)
         RUBY
       end
 
+      # rubocop:enable Development/NoEvalCop
+
       def execute_field(query:, field:, ast_node:, arguments:, object:)
         return_type = field.type.unwrap
         trace_field = if return_type.kind.scalar? || return_type.kind.enum?
diff --git a/lib/graphql/tracing/appsignal_trace.rb b/lib/graphql/tracing/appsignal_trace.rb
@@ -21,6 +21,8 @@ def initialize(set_action_name: false, **rest)
         super
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
+
       {
         "lex" => "lex.graphql",
         "parse" => "parse.graphql",
@@ -51,6 +53,8 @@ def #{trace_method}(**data)
         RUBY
       end
 
+      # rubocop:enable Development/NoEvalCop
+
       def platform_execute_field(platform_key)
         Appsignal.instrument(platform_key) do
           yield
diff --git a/lib/graphql/tracing/data_dog_trace.rb b/lib/graphql/tracing/data_dog_trace.rb
@@ -27,6 +27,8 @@ def initialize(tracer: nil, analytics_enabled: false, analytics_sample_rate: 1.0
         super
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
+
       {
         'lex' => 'lex.graphql',
         'parse' => 'parse.graphql',
@@ -76,6 +78,8 @@ def #{trace_method}(**data)
         RUBY
       end
 
+      # rubocop:enable Development/NoEvalCop
+
       def execute_field_span(span_key, query, field, ast_node, arguments, object)
         return_type = field.type.unwrap
         trace_field = if return_type.kind.scalar? || return_type.kind.enum?
diff --git a/lib/graphql/tracing/notifications_trace.rb b/lib/graphql/tracing/notifications_trace.rb
diff --git a/lib/graphql/tracing/platform_trace.rb b/lib/graphql/tracing/platform_trace.rb
diff --git a/lib/graphql/tracing/prometheus_trace.rb b/lib/graphql/tracing/prometheus_trace.rb
diff --git a/lib/graphql/tracing/scout_trace.rb b/lib/graphql/tracing/scout_trace.rb
diff --git a/lib/graphql/tracing/sentry_trace.rb b/lib/graphql/tracing/sentry_trace.rb
diff --git a/lib/graphql/tracing/statsd_trace.rb b/lib/graphql/tracing/statsd_trace.rb
