Skip to content

Create ForbidKernelOpen cop

What does this MR do?

This is a side step for https://gitlab.com/gitlab-org/gitlab/issues/17848 and all the reasoning of this MR is based on Avoid user input at the start of path strings.

By default, Rubocop has the Security/Open cop enabled. This cop will raise an offense when:

# Bad
open(foo)
open("|foo #{bar}")

But will allow:

# Good
open("foo")
open("|foo")
open("foo #{bar}")
Kernel.open("foo")
Kernel.open("|foo")
Kernel.open("foo#{bar}")
Kernel.open("|foo #{bar}")
Kernel.open(foo)

The options allowed are still prone to generate a security vulnerability since, for example, a developer could end up writing something like open("/tmp/#{user_input}" which can end in open("/tmp/../etc/password") or Kernel.open(user_input) can end up in Kernel.open("|ls").

In the cop we're adding here, we forbid completely any use of Kernel#open.

False positives

Like Security/Open this cop also adds the same false positive in the scenario:

class Test
  def execute
    uri = "http://gitlab.com"

    open(uri)
  end

  def open(uri)
    ...
  end
end

Does this MR meet the acceptance criteria?

Conformity

Closes #33688

Edited by Francisco Javier López (ex-Gitlab)

Merge request reports