/
open.rb
74 lines (63 loc) · 2.03 KB
/
open.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# frozen_string_literal: true
module RuboCop
module Cop
module Security
# This cop checks for the use of `Kernel#open` and `URI.open`.
#
# `Kernel#open` and `URI.open` enable not only file access but also process
# invocation by prefixing a pipe symbol (e.g., `open("| ls")`).
# So, it may lead to a serious security risk by using variable input to
# the argument of `Kernel#open` and `URI.open`. It would be better to use
# `File.open`, `IO.popen` or `URI.parse#open` explicitly.
#
# @example
# # bad
# open(something)
# URI.open(something)
#
# # good
# File.open(something)
# IO.popen(something)
# URI.parse(something).open
class Open < Base
MSG = 'The use of `%<receiver>sopen` is a serious security risk.'
RESTRICT_ON_SEND = %i[open].freeze
def_node_matcher :open?, <<~PATTERN
(send ${nil? (const {nil? cbase} :URI)} :open $!str ...)
PATTERN
def on_send(node)
open?(node) do |receiver, code|
return if safe?(code)
message = format(MSG, receiver: receiver ? "#{receiver.source}." : 'Kernel#')
add_offense(node.loc.selector, message: message)
end
end
private
def safe?(node)
if simple_string?(node)
safe_argument?(node.str_content)
elsif composite_string?(node)
safe?(node.children.first)
else
false
end
end
def safe_argument?(argument)
!argument.empty? && !argument.start_with?('|')
end
def simple_string?(node)
node.str_type?
end
def composite_string?(node)
interpolated_string?(node) || concatenated_string?(node)
end
def interpolated_string?(node)
node.dstr_type?
end
def concatenated_string?(node)
node.send_type? && node.method?(:+) && node.receiver.str_type?
end
end
end
end
end