admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity
brew/Library/Homebrew/test/rubocops/io_read_spec.rb
Douglas Eichelberger 9075cbae62 brew style --fix
2023-04-21 09:58:50 -07:00

75 lines
2.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require "rubocops/io_read"
describe RuboCop::Cop::Homebrew::IORead do
subject(:cop) { described_class.new }
it "reports an offense when `IO.read` is used with a pipe character" do
expect_offense(<<~RUBY)
IO.read("|echo test")
^^^^^^^^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "does not report an offense when `IO.read` is used without a pipe character" do
expect_no_offenses(<<~RUBY)
IO.read("file.txt")
RUBY
end
it "reports an offense when `IO.read` is used with untrustworthy input" do
expect_offense(<<~RUBY)
input = "input value from an unknown source"
IO.read(input)
^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "reports an offense when `IO.read` is used with a dynamic string starting with a pipe character" do
expect_offense(<<~'RUBY')
input = "test"
IO.read("|echo #{input}")
^^^^^^^^^^^^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "reports an offense when `IO.read` is used with a dynamic string at the start" do
expect_offense(<<~'RUBY')
input = "|echo test"
IO.read("#{input}.txt")
^^^^^^^^^^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "does not report an offense when `IO.read` is used with a dynamic string safely" do
expect_no_offenses(<<~'RUBY')
input = "test"
IO.read("somefile#{input}.txt")
RUBY
end
it "reports an offense when `IO.read` is used with a concatenated string starting with a pipe character" do
expect_offense(<<~RUBY)
input = "|echo test"
IO.read("|echo " + input)
^^^^^^^^^^^^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "reports an offense when `IO.read` is used with a concatenated string starting with untrustworthy input" do
expect_offense(<<~RUBY)
input = "|echo test"
IO.read(input + ".txt")
^^^^^^^^^^^^^^^^^^^^^^^ Homebrew/IORead: The use of `IO.read` is a security risk.
RUBY
end
it "does not report an offense when `IO.read` is used with a concatenated string safely" do
expect_no_offenses(<<~RUBY)
input = "test"
IO.read("somefile" + input + ".txt")
RUBY
end
end
Reference in New Issue View Git Blame Copy Permalink