Russell Mirabelli rmirabelli

## YYYY_considered_harmful.yml
custom_rules:
  YYYY_considered_harmful: # rule identifier
    name: "YYYY considered harmful" # rule name. optional.
    regex: "(YYYY)" # matching pattern
    message: "YYYY means week-year; you probably want yyyy" # violation message. optional.
    severity: error # violation severity. optional.

## apple_signing.txt
How Apple's app distribution works for iOS:

I'm an iOS architect at a good-sized agency with well over 100 iOS apps developed for our customers and released to the app store. We've got 4 hall of fame awards (none of which I directly worked on), and have a staff of 30 or so iOS developers in addition to other disciplines. I help lead the Dallas/Fort Worth iOS developer meet-up.

I only say these things so you understand that I've been working directly with these issues for a few years.

When a developer wants to put an app on an iOS device, that app needs to be _signed_ with a developer certificate. There are four general release categories of developer certificates: Developer, Ad-hoc, App Store, and Enterprise.

Developer certificates are to be used by the developer for debugging on a single device during application development. This isn't useful for much other than that single purpose. As I'm creating a new build every 5 minutes, Apple doesn't review these.

## .swiftlint.yml
# Turn off default SwiftLint rules
disabled_rules:
  - trailing_whitespace # Disables SwiftLint complaining about whitespace characters on empty lines
  - todo # Disables auto-warning of TODO statements

# Turn on extra SwiftLint rules
opt_in_rules:
  - array_init
  - attributes
  - closure_end_indentation

## swiftlint_unicode_exclusion.yaml
# Warns for presence of unicode characters, due to possible RTL security
# issues, as a quick-and-dirty protection against https://trojansource.codes
# Exceptions are from usage in a test control group.
# This has been tested against a reasonable set of verifyable exploits.
#
# Yes, this is a huge hammer instead of a scalpel.
#
# Yes, this means no more emoji for variable names. You shouldn't have
# been doing that anyhow.
Unicode_considered_harmful:

## delegateBasedConcurrencySample.swift
protocol DataFetcherDelegate {
    func fetchCompletedSuccessfully(_ things: [Thing]) -> Void
    func fetchCompletedUnsuccessfully(_ err:Error) -> Void
}

class Client {
    private let fetcher = DataFetcher()

    // ...

## completionAsynchronousSample.swift
func useAsynchronousFetch() -> Void {
    fetchData(value: 23) { result in
        switch result {
            case .success(let data):
                transformData(data) { result in
                    switch result {
                        case .success(let viewModel):
                            displayModel(viewModel)
                        case .failure(let error):
                            displayError(error)

## pub_sub_sample.swift
let sub = NotificationCenter.default
    .publisher(for: NSControl.textDidChangeNotification, object: filterField)
    .map( { ($0.object as! NSTextField).stringValue } )
    .filter( { $0.unicodeScalars.allSatisfy({CharacterSet.alphanumerics.contains($0)}) } )
    .debounce(for: .milliseconds(500), scheduler: RunLoop.main)
    .receive(on: RunLoop.main)
    .assign(to:\MyViewModel.filterString, on: myViewModel)

## asyncawaitsample.swift
import Foundation
import UIKit

enum PostError: Error {
    case badURL
    case badResponse
    case noData
    case decodingError
}

## asynctests.swift
import XCTest
@testable import AsyncAwaitModule

class AsyncAwaitModuleTests: XCTestCase {

    // note the complexity in this unit test

    func testClosure() throws {
        let expectation = expectation(description: "posts fetch")
        PostsService().fetchPosts { result in

## AzureAppConfiguration.js
// Set the Date header to our Date as a UTC String.
const dateStr = new Date().toUTCString();
pm.request.headers.upsert({key:'Date', value: dateStr});

// Hash the request body using SHA256 and encode it as Base64
const hashedBodyStr = CryptoJS.SHA256(pm.request.body.raw).toString(CryptoJS.enc.Base64)
// And add that to the header x-ms-content-sha256
pm.request.headers.upsert({
    key:'x-ms-content-sha256',
    value: hashedBodyStr
	custom_rules:
	YYYY_considered_harmful: # rule identifier
	name: "YYYY considered harmful" # rule name. optional.
	regex: "(YYYY)" # matching pattern
	message: "YYYY means week-year; you probably want yyyy" # violation message. optional.
	severity: error # violation severity. optional.
	How Apple's app distribution works for iOS:

	I'm an iOS architect at a good-sized agency with well over 100 iOS apps developed for our customers and released to the app store. We've got 4 hall of fame awards (none of which I directly worked on), and have a staff of 30 or so iOS developers in addition to other disciplines. I help lead the Dallas/Fort Worth iOS developer meet-up.

	I only say these things so you understand that I've been working directly with these issues for a few years.

	When a developer wants to put an app on an iOS device, that app needs to be _signed_ with a developer certificate. There are four general release categories of developer certificates: Developer, Ad-hoc, App Store, and Enterprise.

	Developer certificates are to be used by the developer for debugging on a single device during application development. This isn't useful for much other than that single purpose. As I'm creating a new build every 5 minutes, Apple doesn't review these.
	# Turn off default SwiftLint rules
	disabled_rules:
	- trailing_whitespace # Disables SwiftLint complaining about whitespace characters on empty lines
	- todo # Disables auto-warning of TODO statements

	# Turn on extra SwiftLint rules
	opt_in_rules:
	- array_init
	- attributes
	- closure_end_indentation
	# Warns for presence of unicode characters, due to possible RTL security
	# issues, as a quick-and-dirty protection against https://trojansource.codes
	# Exceptions are from usage in a test control group.
	# This has been tested against a reasonable set of verifyable exploits.
	#
	# Yes, this is a huge hammer instead of a scalpel.
	#
	# Yes, this means no more emoji for variable names. You shouldn't have
	# been doing that anyhow.
	Unicode_considered_harmful:
	protocol DataFetcherDelegate {
	func fetchCompletedSuccessfully(_ things: [Thing]) -> Void
	func fetchCompletedUnsuccessfully(_ err:Error) -> Void
	}

	class Client {
	private let fetcher = DataFetcher()

	// ...
	func useAsynchronousFetch() -> Void {
	fetchData(value: 23) { result in
	switch result {
	case .success(let data):
	transformData(data) { result in
	switch result {
	case .success(let viewModel):
	displayModel(viewModel)
	case .failure(let error):
	displayError(error)
	let sub = NotificationCenter.default
	.publisher(for: NSControl.textDidChangeNotification, object: filterField)
	.map( { ($0.object as! NSTextField).stringValue } )
	.filter( { $0.unicodeScalars.allSatisfy({CharacterSet.alphanumerics.contains($0)}) } )
	.debounce(for: .milliseconds(500), scheduler: RunLoop.main)
	.receive(on: RunLoop.main)
	.assign(to:\MyViewModel.filterString, on: myViewModel)
	import Foundation
	import UIKit

	enum PostError: Error {
	case badURL
	case badResponse
	case noData
	case decodingError
	}
	import XCTest
	@testable import AsyncAwaitModule

	class AsyncAwaitModuleTests: XCTestCase {

	// note the complexity in this unit test

	func testClosure() throws {
	let expectation = expectation(description: "posts fetch")
	PostsService().fetchPosts { result in
	// Set the Date header to our Date as a UTC String.
	const dateStr = new Date().toUTCString();
	pm.request.headers.upsert({key:'Date', value: dateStr});

	// Hash the request body using SHA256 and encode it as Base64
	const hashedBodyStr = CryptoJS.SHA256(pm.request.body.raw).toString(CryptoJS.enc.Base64)
	// And add that to the header x-ms-content-sha256
	pm.request.headers.upsert({
	key:'x-ms-content-sha256',
	value: hashedBodyStr