rubocop-gitlab-security 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/lib/rubocop/cop/gitlab-security/public_send.rb +20 -0
  4. data/lib/rubocop/gitlab-security/version.rb +1 -1
  5. data/rubocop-gitlab-security.gemspec +1 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2c65bedf0e3528bc2dc5170eb1dbf121e9c699bf
4
- data.tar.gz: 83066a7d3c32e86a9fc1af8d6eb08f0419b5c445
3
+ metadata.gz: 0df0bdbc8d95c279e3efb8eafbebada37c239175
4
+ data.tar.gz: 84457ddbb4749bcedf241ce8b4eb634ce6473e7f
5
5
  SHA512:
6
- metadata.gz: 84d7f7cac070f0544e069c38cc78538d127f3887a34ccbded7b3110e5b63cdfcddaed5b3324f460ed792f1fea383b0126c5358517b1890cd4c21b28ce8fda177
7
- data.tar.gz: 5f17b1cede77035a9baf73e8d4b38e12fa1175e810b863f9e294e1ae6837a3a3435d5766d38aafecbc1d602653c9b7cd3132446925218a8e7e9f127965ba1e84
6
+ metadata.gz: b98c83920653896642ed811ef53c9962e0b43e6f1b6c1c656ba95c437f9f19c5030315ff3ae23833385020350c20960891a9b0cc6b780ecf00e3814d75961d15
7
+ data.tar.gz: 47255a332d585b3bfa5f063e252c9c6a80acb8319378e9d4d74e28dc8d839d2a6f3d0bc0a81ff2bf0e57a25122b9b67e68861f12dd9562ba74f4641ba41b35cc
data/README.md CHANGED
@@ -79,7 +79,7 @@ cop. For example:
79
79
  ```yaml
80
80
  GitlabSecurity/PublicSend:
81
81
  Exclude:
82
- - app/my_file.rb
82
+ - 'spec/**/*'
83
83
  ```
84
84
 
85
85
  ## Contributing
data/lib/rubocop/cop/gitlab-security/public_send.rb CHANGED
@@ -1,6 +1,26 @@
1
1
  module RuboCop
2
2
  module Cop
3
3
  module GitlabSecurity
4
+ # Check for use of the dangerous public_send() and send() methods.
5
+ #
6
+ # If passed untrusted input these methods can be used to execute arbitrary methods on behalf
7
+ # of an attacker.
8
+ #
9
+ # @example
10
+ #
11
+ # # bad
12
+ # myobj.public_send("#{params[:foo]}")
13
+ #
14
+ # # good
15
+ # case params[:foo].to_s
16
+ # when 'choice1'
17
+ # items.choice1
18
+ # when 'choice2'
19
+ # items.choice2
20
+ # when 'choice3'
21
+ # items.choice3
22
+ # end
23
+ #
4
24
  class PublicSend < RuboCop::Cop::Cop
5
25
  MSG = 'Avoid using `send`'
6
26
 
data/lib/rubocop/gitlab-security/version.rb CHANGED
@@ -4,7 +4,7 @@ module RuboCop
4
4
  module GitlabSecurity
5
5
  # Version information for the GitlabSecurity Rubocop plugin.
6
6
  module Version
7
- STRING = '0.0.1'.freeze
7
+ STRING = '0.0.2'.freeze
8
8
  end
9
9
  end
10
10
  end
data/rubocop-gitlab-security.gemspec CHANGED
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
30
30
  ]
31
31
  spec.extra_rdoc_files = ['MIT-LICENSE.md', 'README.md']
32
32
 
33
- spec.add_runtime_dependency 'rubocop', '>= 0.49.0'
33
+ spec.add_runtime_dependency 'rubocop', '>= 0.47.1'
34
34
 
35
35
  spec.add_development_dependency 'rake'
36
36
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubocop-gitlab-security
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Neel
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-12 00:00:00.000000000 Z
11
+ date: 2017-06-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rubocop
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.49.0
19
+ version: 0.47.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 0.49.0
26
+ version: 0.47.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement