class RuboCop::Cop::Security::Open

Checks for the use of ‘Kernel#open` and `URI.open` with dynamic data.

‘Kernel#open` and `URI.open` enable not only file access but also process invocation by prefixing a pipe symbol (e.g., `open(“| ls”)`). So, it may lead to a serious security risk by using variable input to the argument of `Kernel#open` and `URI.open`. It would be better to use `File.open`, `IO.popen` or `URI.parse#open` explicitly.

NOTE: ‘open` and `URI.open` with literal strings are not flagged by this cop.

@safety

This cop could register false positives if `open` is redefined
in a class and then used without a receiver in that class.

@example

# bad
open(something)
open("| #{something}")
open("| foo")
URI.open(something)

# good
File.open(something)
IO.popen(something)
URI.parse(something).open

# good (literal strings)
open("foo.text")
URI.open("http://example.com")

Constants

MSG
RESTRICT_ON_SEND

Public Instance Methods

on_send(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 46
def on_send(node)
  open?(node) do |receiver, code|
    return if safe?(code)

    message = format(MSG, receiver: receiver ? "#{receiver.source}." : 'Kernel#')
    add_offense(node.loc.selector, message: message)
  end
end

Private Instance Methods

composite_string?(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 75
def composite_string?(node)
  interpolated_string?(node) || concatenated_string?(node)
end
concatenated_string?(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 83
def concatenated_string?(node)
  node.send_type? && node.method?(:+) && node.receiver.str_type?
end
interpolated_string?(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 79
def interpolated_string?(node)
  node.dstr_type?
end
safe?(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 57
def safe?(node)
  if simple_string?(node)
    safe_argument?(node.str_content)
  elsif composite_string?(node)
    safe?(node.children.first)
  else
    false
  end
end
safe_argument?(argument) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 67
def safe_argument?(argument)
  !argument.empty? && !argument.start_with?('|')
end
simple_string?(node) click to toggle source
# File lib/rubocop/cop/security/open.rb, line 71
def simple_string?(node)
  node.str_type?
end