card/lib/cardio/mod/load_strategy/set_binding_magic.rb
The use of eval is a serious security risk. Open
Open
eval "#{set_module}.module_eval ::File.read('#{abs_path}'), '#{abs_path}'",- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks for the use of Kernel#eval and Binding#eval.
Example:
# bad
eval(something)
binding.eval(something)Pass __FILE__ and __LINE__ to eval method, as they are used by backtraces. Open
Open
eval "#{set_module}.module_eval ::File.read('#{abs_path}'), '#{abs_path}'",
module_path_binding(set_module)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks eval method usage. eval can receive source location
metadata, that are filename and line number. The metadata is used by
backtraces. This cop recommends to pass the metadata to eval method.
Example:
# bad
eval <<-RUBY
def do_something
end
RUBY
# bad
C.class_eval <<-RUBY
def do_something
end
RUBY
# good
eval <<-RUBY, binding, __FILE__, __LINE__ + 1
def do_something
end
RUBY
# good
C.class_eval <<-RUBY, __FILE__, __LINE__ + 1
def do_something
end
RUBYPass __FILE__ and __LINE__ to eval method, as they are used by backtraces. Open
Open
eval(
"[ #{part} , #{part}.module_eval('binding') ]",
b
)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks eval method usage. eval can receive source location
metadata, that are filename and line number. The metadata is used by
backtraces. This cop recommends to pass the metadata to eval method.
Example:
# bad
eval <<-RUBY
def do_something
end
RUBY
# bad
C.class_eval <<-RUBY
def do_something
end
RUBY
# good
eval <<-RUBY, binding, __FILE__, __LINE__ + 1
def do_something
end
RUBY
# good
C.class_eval <<-RUBY, __FILE__, __LINE__ + 1
def do_something
end
RUBYThe use of eval is a serious security risk. Open
Open
eval(- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks for the use of Kernel#eval and Binding#eval.
Example:
# bad
eval(something)
binding.eval(something)