Create ForbidKernelOpen cop
What does this MR do?
This is a side step for https://gitlab.com/gitlab-org/gitlab/issues/17848 and all the reasoning of this MR is based on Avoid user input at the start of path strings.
By default, Rubocop has the Security/Open
cop enabled. This cop will raise an offense when:
# Bad
open(foo)
open("|foo #{bar}")
But will allow:
# Good
open("foo")
open("|foo")
open("foo #{bar}")
Kernel.open("foo")
Kernel.open("|foo")
Kernel.open("foo#{bar}")
Kernel.open("|foo #{bar}")
Kernel.open(foo)
The options allowed are still prone to generate a security vulnerability since, for example, a developer could end up writing something like open("/tmp/#{user_input}"
which can end in open("/tmp/../etc/password")
or Kernel.open(user_input)
can end up in Kernel.open("|ls")
.
In the cop we're adding here, we forbid completely any use of Kernel#open
.
False positives
Like Security/Open
this cop also adds the same false positive in the scenario:
class Test
def execute
uri = "http://gitlab.com"
open(uri)
end
def open(uri)
...
end
end
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
-
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Closes #33688