New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new Security/IoMethods
cop
#10102
Conversation
211382c
to
6112012
Compare
6112012
to
9ac620a
Compare
The cop name is a bit misleading, as it checks for some writes as well. I'm not sure if |
lib/rubocop/cop/security/io_read.rb
Outdated
# Checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`, | ||
# `IO.foreach`, and `IO.readlines`. | ||
# | ||
# If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably you should mention somewhere that Kernel#open
may allow unintentional command injection, which is the reason IO methods are a security risk.
@koic ping :-) |
eb1f041
to
de050bd
Compare
## Summary Follow up to rubocop#9695 (comment). This PR adds new `Security/IoMethods` cop. It checks for the first argument to `IO.read`, `IO.binread`, `IO.write`, `IO.binwrite`, `IO.foreach`, and `IO.readlines`. If argument starts with a pipe character (`'|'`) and the receiver is the `IO` class, a subprocess is created in the same way as `Kernel#open`, and its output is returned. Consider to use `File.read` to disable the behavior of subprocess invocation. This cop is unsafe because false positive will occur if the variable passed as the first argument is a command that is not a file path. ```ruby # bad IO.read(path) IO.read('path') # good File.read(path) File.read('path') IO.read('| command') # Allow intentional command invocation. ``` ## Other Information Below are links related to this cop. - rubygems/rubygems#4530 - ruby/ruby#4579
de050bd
to
a88c43c
Compare
Thanks! |
Thank you too! |
Summary
Follow up to #9695 (comment).
This PR adds new
Security/IoMethods
cop.It checks for the first argument to
IO.read
,IO.binread
,IO.write
,IO.binwrite
,IO.foreach
, andIO.readlines
.If argument starts with a pipe character (
'|'
) and the receiver is theIO
class, a subprocess is created in the same way asKernel#open
, and its output is returned.Consider to use
File.read
to disable the behavior of subprocess invocation.This cop is unsafe because false positive will occur if the variable passed as the first argument is a command that is not a file path.
Other Information
Below are links related to this cop.
File.read
singleton method ruby/ruby#4579Before submitting the PR make sure the following are checked:
[Fix #issue-number]
(if the related issue exists).master
(if not - rebase it).bundle exec rake default
. It executes all tests and runs RuboCop on its own code.{change_type}_{change_description}.md
if the new code introduces user-observable changes. See changelog entry format for details.