class RuboCop::Cop::Security::IoMethods
IO.read(‘| command’) # Allow intentional command invocation.
File.read(‘path’)
File.read(path)
# good
IO.read(‘path’)
IO.read(path)
# bad
@example
the first argument is a command that is not a file path.
This cop is unsafe because false positive will occur if the variable passed as
@safety
Consider to use ‘File.read` to disable the behavior of subprocess invocation.
`IO` methods are a security risk.
`Kernel#open` may allow unintentional command injection, which is the reason these
a subprocess is created in the same way as `Kernel#open`, and its output is returned.
If argument starts with a pipe character (`’|‘`) and the receiver is the `IO` class,
`IO.foreach`, and `IO.readlines`.
Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`,
def on_send(node)
def on_send(node) return unless (receiver = node.receiver) && receiver.source == 'IO' argument = node.first_argument return if argument.respond_to?(:value) && argument.value.strip.start_with?('|') add_offense(node, message: format(MSG, method_name: node.method_name)) do |corrector| corrector.replace(receiver, 'File') end end