Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Don't allow __send__ or public_send. Closes #1.

  • Loading branch information...
commit 4d76f0c16aa096f061c3c33a77f7f9630d0ee21e 1 parent 3659fbd
@omghax omghax authored
Showing with 4 additions and 0 deletions.
  1. +2 −0  lib/ruby_cop/policy.rb
  2. +2 −0  spec/policy_spec.rb
View
2  lib/ruby_cop/policy.rb
@@ -62,6 +62,7 @@ def visit_Block(node)
end
CALL_BLACKLIST = %w[
+ __send__
abort
alias_method
at_exit
@@ -86,6 +87,7 @@ def visit_Block(node)
method
module_eval
open
+ public_send
readline
readlines
redo
View
2  spec/policy_spec.rb
@@ -85,6 +85,7 @@
it { should allow('"abc".intern') }
it { should allow('"abc".to_sym') }
+ it { should_not allow('__send__(:eval, "`ls`")') }
it { should_not allow('abort("fail")') }
it { should_not allow('alias :foo :bar') }
it { should_not allow('alias foo bar') }
@@ -119,6 +120,7 @@
it { should_not allow('method(:eval)') }
it { should_not allow('module_eval("`ls`")') }
it { should_not allow('open("/etc/passwd")') }
+ it { should_not allow('public_send(:eval, "`ls`")') }
it { should_not allow('readline') }
it { should_not allow('readline()') }
it { should_not allow('readlines') }
Please sign in to comment.
Something went wrong with that request. Please try again.