Permalink
Browse files

Don't allow __send__ or public_send. Closes #1.

  • Loading branch information...
1 parent 3659fbd commit 4d76f0c16aa096f061c3c33a77f7f9630d0ee21e @omghax omghax committed Jun 16, 2012
Showing with 4 additions and 0 deletions.
  1. +2 −0 lib/ruby_cop/policy.rb
  2. +2 −0 spec/policy_spec.rb
View
@@ -62,6 +62,7 @@ def visit_Block(node)
end
CALL_BLACKLIST = %w[
+ __send__
abort
alias_method
at_exit
@@ -86,6 +87,7 @@ def visit_Block(node)
method
module_eval
open
+ public_send
readline
readlines
redo
View
@@ -85,6 +85,7 @@
it { should allow('"abc".intern') }
it { should allow('"abc".to_sym') }
+ it { should_not allow('__send__(:eval, "`ls`")') }
it { should_not allow('abort("fail")') }
it { should_not allow('alias :foo :bar') }
it { should_not allow('alias foo bar') }
@@ -119,6 +120,7 @@
it { should_not allow('method(:eval)') }
it { should_not allow('module_eval("`ls`")') }
it { should_not allow('open("/etc/passwd")') }
+ it { should_not allow('public_send(:eval, "`ls`")') }
it { should_not allow('readline') }
it { should_not allow('readline()') }
it { should_not allow('readlines') }

0 comments on commit 4d76f0c

Please sign in to comment.