Permalink
Browse files

Ignore `Process.pid` in system calls

  • Loading branch information...
presidentbeef committed Apr 25, 2018
1 parent 97f268f commit f9195312931caa49e369730a0798dad750150f76
Showing with 7 additions and 1 deletion.
  1. +2 −1 lib/brakeman/checks/check_execute.rb
  2. +5 −0 test/apps/rails5.2/lib/shell.rb
@@ -15,7 +15,8 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
SAFE_VALUES = [s(:const, :RAILS_ROOT),
s(:call, s(:const, :Rails), :root),
s(:call, s(:const, :Rails), :env)]
s(:call, s(:const, :Rails), :env),
s(:call, s(:const, :Process), :pid)]
SHELL_ESCAPES = [:escape, :shellescape, :join]
@@ -12,4 +12,9 @@ def run(ip)
def backticks_target(path)
`echo #{path}`.chomp
end
def process_pid
# should not warn
`something #{Process.pid}`
end
end

0 comments on commit f919531

Please sign in to comment.