rubocop-gitlab-security 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/rubocop/cop/gitlab-security/public_send.rb +20 -0
- data/lib/rubocop/gitlab-security/version.rb +1 -1
- data/rubocop-gitlab-security.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0df0bdbc8d95c279e3efb8eafbebada37c239175
|
|
4
|
+
data.tar.gz: 84457ddbb4749bcedf241ce8b4eb634ce6473e7f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b98c83920653896642ed811ef53c9962e0b43e6f1b6c1c656ba95c437f9f19c5030315ff3ae23833385020350c20960891a9b0cc6b780ecf00e3814d75961d15
|
|
7
|
+
data.tar.gz: 47255a332d585b3bfa5f063e252c9c6a80acb8319378e9d4d74e28dc8d839d2a6f3d0bc0a81ff2bf0e57a25122b9b67e68861f12dd9562ba74f4641ba41b35cc
|
data/README.md
CHANGED
|
@@ -1,6 +1,26 @@
|
|
|
1
1
|
module RuboCop
|
|
2
2
|
module Cop
|
|
3
3
|
module GitlabSecurity
|
|
4
|
+
# Check for use of the dangerous public_send() and send() methods.
|
|
5
|
+
#
|
|
6
|
+
# If passed untrusted input these methods can be used to execute arbitrary methods on behalf
|
|
7
|
+
# of an attacker.
|
|
8
|
+
#
|
|
9
|
+
# @example
|
|
10
|
+
#
|
|
11
|
+
# # bad
|
|
12
|
+
# myobj.public_send("#{params[:foo]}")
|
|
13
|
+
#
|
|
14
|
+
# # good
|
|
15
|
+
# case params[:foo].to_s
|
|
16
|
+
# when 'choice1'
|
|
17
|
+
# items.choice1
|
|
18
|
+
# when 'choice2'
|
|
19
|
+
# items.choice2
|
|
20
|
+
# when 'choice3'
|
|
21
|
+
# items.choice3
|
|
22
|
+
# end
|
|
23
|
+
#
|
|
4
24
|
class PublicSend < RuboCop::Cop::Cop
|
|
5
25
|
MSG = 'Avoid using `send`'
|
|
6
26
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubocop-gitlab-security
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Neel
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-06-
|
|
11
|
+
date: 2017-06-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rubocop
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.47.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.47.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|