Add new Security/Open cop
#5319
Conversation
mame
force-pushed
the
add_new_security_open_cop
branch
from
200f1d6
to
bd9fb67
Compare
CHANGELOG.md
Outdated
| @@ -2,6 +2,10 @@ | |||
|
|
|||
| ## master (unreleased) | |||
|
|
|||
| ### New features | |||
|
|
|||
| * [#5319](https://github.com/bbatsov/rubocop/pull/5319): Add new `Security/Open` cop. ([@mame][]) | |||
There was a problem hiding this comment.
Can you add [@mame]: https://github.com/mame to bottom of the file?
There was a problem hiding this comment.
git push --force done!
mame
force-pushed
the
add_new_security_open_cop
branch
from
bd9fb67
to
b8c2413
Compare
lib/rubocop/cop/security/open.rb
Outdated
|
|
||
| def on_send(node) | ||
| open?(node) do |code| | ||
| return if code.str_type? || safe?(code) |
There was a problem hiding this comment.
Probably code.str_type? is unnecessary because open? pattern already checks the argument type ($!str).
There was a problem hiding this comment.
Indeed! Fixed and pushed.
lib/rubocop/cop/security/open.rb
Outdated
| # | ||
| # # bad | ||
| # | ||
| # open(something) |
There was a problem hiding this comment.
I think the comment also needs a good example(s). And don't forget to execute rake generate_cops_documentation to re-generate the documentation (The task is included in rake default/parallel).
# bad
open(something)
# good
File.open(something)There was a problem hiding this comment.
I added File.open and IO.popen as good examples. Thanks!
mame
force-pushed
the
add_new_security_open_cop
branch
2 times, most recently
from
2037b61
to
3829ec5
Compare
|
Rebased. |
|
Thank you. Sorry probably merging the pull-request will be delayed. Because we prior bug fix release over new feature. |
|
No problem! Thank you for your work. |
|
Well, I just cut 0.52.1, so this just needs to be rebased and can be merged. |
| module RuboCop | ||
| module Cop | ||
| module Security | ||
| # This cop checks for the use of `Kernel#open`. |
There was a problem hiding this comment.
I'd add more explanations here, as to why this is a security risk. After all this comment is going to become the cop's description in the manual.
lib/rubocop/cop/security/open.rb
Outdated
| # @example | ||
| # | ||
| # # bad | ||
| # |
There was a problem hiding this comment.
I'd remove this blank line.
lib/rubocop/cop/security/open.rb
Outdated
| # open(something) | ||
| # | ||
| # # good | ||
| # |
lib/rubocop/cop/security/open.rb
Outdated
| # File.open(something) | ||
| # IO.popen(something) | ||
| class Open < Cop | ||
| MSG = 'The use of `open` is a serious security risk.'.freeze |
|
Btw, some of the tests are bit strange - e.g. we don't really need a test for You should probably add a test for calling open with more than one param, though. |
mame
force-pushed
the
add_new_security_open_cop
branch
from
3829ec5
to
556ddeb
Compare
|
Thank you for the reviewing my PR!
FYI, I wrote this code by copying and modifying |
CHANGELOG.md
Outdated
| @@ -12,6 +12,7 @@ | |||
| * [#3394](https://github.com/bbatsov/rubocop/issues/3394): Remove `Style/TrailingCommmaInLiteral` in favor of two new cops. ([@garettarrowood][]) | |||
|
|
|||
| ## 0.52.1 (2017-12-27) | |||
| * [#5319](https://github.com/bbatsov/rubocop/pull/5319): Add new `Security/Open` cop. ([@mame][]) | |||
There was a problem hiding this comment.
This should be under New Feature higher up in the file.
There was a problem hiding this comment.
Sorry! I left it to git merge. Fixed.
I guess I didn't pay it much attention or something. It should be improved. :-) |
`Kernel#open` is considered harmful for production use. Some programs use `Kernel#open` with untrusted input, but it allows command injection by prefixing a pipe (`|`). [An actual vulnerability](https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/) is found, and deprecating `open("|...")` is [proposed in bugs.ruby-lang.org](https://bugs.ruby-lang.org/issues/14239). I'm unsure if the deprecation is really good, but at least it would be a good idea for Rubocop to prevent such a bad usage of `Kernel#open`. ```console % cat /tmp/test.rb open(something) ``` ```console % bundle exec bin/rubocop /tmp/test.rb Inspecting 1 file C Offenses: /tmp/test.rb:3:1: C: Security/Open: The use of open is a serious security risk. open(something) ^^^^ 1 file inspected, 1 offense detected ```
mame
force-pushed
the
add_new_security_open_cop
branch
from
556ddeb
to
f398a97
Compare
|
The overloading of |
|
And thinking of the false positives we're going to get on this cop down the road I'm reminded that eventually we need to add some cop to discourage naming methods like something in |
|
Thank you for the merge! Honestly, I like the current behavior of |
I think this is the deceptive part of Ruby. It is beginner-friendly and expert-friendly (not a paradox) at the same time. It gives you a lot of freedom, and with that near infinite opportunities to do harm to yourself. 😅
This is what keeps me interested in RuboCop. In the end, the answer to every problem is "better people." Let's keep thinking about ways to improve the educational aspect. 🙂 |
Kernel#openis considered harmful for production use. Some programs useKernel#openwith untrusted input, but it allows command injection by prefixing a pipe (|). An actual vulnerability is found, and deprecatingopen("|...")is proposed in bugs.ruby-lang.org. I'm unsure if the deprecation is really good, but at least it would be a good idea for Rubocop to prevent such a bad usage ofKernel#open.Before submitting the PR make sure the following are checked:
[Fix #issue-number](if the related issue exists).master(if not - rebase it).and description in grammatically correct, complete sentences.
rake defaultorrake parallel. It executes all tests and RuboCop for itself, and generates the documentation.