lib/db/MiqBdb/MiqBdb.rb
Class MiqBdb has 22 methods (exceeds 20 allowed). Consider refactoring. Open
Open
class MiqBdb
attr_reader :db, :header
def initialize(fileName = nil, fs = nil)
@fs = fs unless fs.nil?- Create a ticketCreate a ticket
The use of Kernel#open is a serious security risk. Open
Open
open(fileName) unless fileName.nil?- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for the use of Kernel#open and URI.open with dynamic
data.
Kernel#open and URI.open enable not only file access but also process
invocation by prefixing a pipe symbol (e.g., open("| ls")).
So, it may lead to a serious security risk by using variable input to
the argument of Kernel#open and URI.open. It would be better to use
File.open, IO.popen or URI.parse#open explicitly.
NOTE: open and URI.open with literal strings are not flagged by this
cop.
Safety:
This cop could register false positives if open is redefined
in a class and then used without a receiver in that class.
Example:
# bad
open(something)
open("| #{something}")
URI.open(something)
# good
File.open(something)
IO.popen(something)
URI.parse(something).open
# good (literal strings)
open("foo.text")
open("| foo")
URI.open("http://example.com")