Fix false negative when a safe accessor is used (!165) · Merge requests · GitLab.org / ruby / gems / gitlab-styles

Brian Williams requested to merge bwill/match-public-send-on-csend into master Feb 03, 2023

What does this MR do and why?

Describe in detail what your merge request does and why.

On gitlab-org/gitlab!109279 (comment 1265327585), I noticed that the GitlabSecurity/PublicSend wasn't catching a public_send usage. As it turns out, using a safe accessor produces a different AST:

irb(main):002:0> Parser::CurrentRuby.parse("thing&.public_send(:thing)")
=> 
s(:csend,
  s(:send, nil, :thing), :public_send,
  s(:sym, :thing))
irb(main):003:0> Parser::CurrentRuby.parse("thing.public_send(:thing)")
=> 
s(:send,
  s(:send, nil, :thing), :public_send,
  s(:sym, :thing))

This MR updates GitlabSecurity/PublicSend to flag when a safe accessor is used.

Fixes #54 (closed)

Edited Feb 04, 2023 by Peter Leitzen

Fix false negative when a safe accessor is used

What does this MR do and why?

Merge request reports