/
open_spec.rb
75 lines (61 loc) · 2.02 KB
/
open_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# frozen_string_literal: true
RSpec.describe RuboCop::Cop::Security::Open do
subject(:cop) { described_class.new }
it 'registers an offense for open' do
expect_offense(<<~RUBY)
open(something)
^^^^ The use of `Kernel#open` is a serious security risk.
RUBY
end
it 'registers an offense for open with mode argument' do
expect_offense(<<~RUBY)
open(something, "r")
^^^^ The use of `Kernel#open` is a serious security risk.
RUBY
end
it 'registers an offense for open with dynamic string that is not prefixed' do
expect_offense(<<~'RUBY')
open("#{foo}.txt")
^^^^ The use of `Kernel#open` is a serious security risk.
RUBY
end
it 'registers an offense for open with string that starts with a pipe' do
expect_offense(<<~'RUBY')
open("| #{foo}")
^^^^ The use of `Kernel#open` is a serious security risk.
RUBY
end
it 'registers an offense for `URI.open` with string that starts with a pipe' do
expect_offense(<<~'RUBY')
URI.open("| #{foo}")
^^^^ The use of `URI.open` is a serious security risk.
RUBY
end
it 'registers an offense for `::URI.open` with string that starts with a pipe' do
expect_offense(<<~'RUBY')
::URI.open("| #{foo}")
^^^^ The use of `::URI.open` is a serious security risk.
RUBY
end
it 'accepts open as variable' do
expect_no_offenses('open = something')
end
it 'accepts File.open as method' do
expect_no_offenses('File.open(something)')
end
it 'accepts open on a literal string' do
expect_no_offenses('open("foo.txt")')
end
it 'accepts open with no arguments' do
expect_no_offenses('open')
end
it 'accepts open with string that has a prefixed interpolation' do
expect_no_offenses('open "prefix_#{foo}"')
end
it 'accepts open with prefix string literal plus something' do
expect_no_offenses('open "prefix" + foo')
end
it 'accepts open with a string that interpolates a literal' do
expect_no_offenses('open "foo#{2}.txt"')
end
end