lib/VolumeManager/MiqLvm.rb from ManageIQ/manageiq-smartstate

lib/VolumeManager/MiqLvm.rb

Summary

Maintainability

0 mins

Test Coverage

18%

`File.read` is safer than `IO.read`.
Open

  md = IO.read("lvmt2_metadata")

Found in lib/VolumeManager/MiqLvm.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Checks for the first argument to IO.read, IO.binread, IO.write, IO.binwrite, IO.foreach, and IO.readlines.

If argument starts with a pipe character ('|') and the receiver is the IO class, a subprocess is created in the same way as Kernel#open, and its output is returned. Kernel#open may allow unintentional command injection, which is the reason these IO methods are a security risk. Consider to use File.read to disable the behavior of subprocess invocation.

Safety:

This cop is unsafe because false positive will occur if the variable passed as the first argument is a command that is not a file path.

Example:

# bad
IO.read(path)
IO.read('path')

# good
File.read(path)
File.read('path')
IO.read('| command') # Allow intentional command invocation.

ManageIQ/manageiq-smartstate

Summary

Maintainability

Test Coverage

`File.read` is safer than `IO.read`.
Open

Safety:

Example:

There are no issues that match your filters.

Category

Status

ManageIQ/manageiq-smartstate

Summary

Maintainability

Test Coverage

File.read is safer than IO.read. Open

Safety:

Example:

There are no issues that match your filters.

Category

Status

`File.read` is safer than `IO.read`.
Open