class RuboCop::Cop::Security::Open

URI.parse(something).open
IO.popen(something)
File.open(something)
# good
URI.open(something)
open(something)
# bad
@example
in a class and then used without a receiver in that class.
This cop could register false positives if ‘open` is redefined
@safety
`File.open`, `IO.popen` or `URI.parse#open` explicitly.
the argument of `Kernel#open` and `URI.open`. It would be better to use
So, it may lead to a serious security risk by using variable input to
invocation by prefixing a pipe symbol (e.g., `open(“| ls”)`).
`Kernel#open` and `URI.open` enable not only file access but also process
This cop checks for the use of `Kernel#open` and `URI.open`.

def composite_string?(node)

def composite_string?(node)
  interpolated_string?(node) || concatenated_string?(node)
end

def concatenated_string?(node)

def concatenated_string?(node)
  node.send_type? && node.method?(:+) && node.receiver.str_type?
end

def interpolated_string?(node)

def interpolated_string?(node)
  node.dstr_type?
end

def on_send(node)

def on_send(node)
  open?(node) do |receiver, code|
    return if safe?(code)
    message = format(MSG, receiver: receiver ? "#{receiver.source}." : 'Kernel#')
    add_offense(node.loc.selector, message: message)
  end
end

def safe?(node)

def safe?(node)
  if simple_string?(node)
    safe_argument?(node.str_content)
  elsif composite_string?(node)
    safe?(node.children.first)
  else
    false
  end
end

def safe_argument?(argument)

def safe_argument?(argument)
  !argument.empty? && !argument.start_with?('|')
end

def simple_string?(node)

def simple_string?(node)
  node.str_type?
end

Namespace

RuboCop::Cop::Security

Parent class

RuboCop::Cop::Security::Base

Instance Methods

Defined in

lib/rubocop/cop/security/open.rb

Modules

Classes