Contents

module RuboCop
  module Cop
    module Paraxial
      class Constantize < Base
        MSG = '`constantize` methods cause remote code execution if called on user input.'

        def on_send(node)
          method_name = node.method_name
          return unless send_methods.include?(method_name)

          add_offense(node, message: format(MSG, method: method_name))
        end

        private

        def send_methods
          [:constantize, :safe_constantize, :const_get, :qualified_const_get]
        end

      end
    end
  end
end

Version data entries

23 entries across 23 versions & 1 rubygems

Version	Path
paraxial-1.4.5	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.4.4	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.4.3	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.4.2	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.4.1	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.4.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.3.1	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.3.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.2.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.1.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.0.2	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.0.1	lib/rubocop/cop/paraxial/constantize.rb
paraxial-1.0.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.9.1	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.9.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.8.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.7.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.6.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.5.0	lib/rubocop/cop/paraxial/constantize.rb
paraxial-0.4.0	lib/rubocop/cop/paraxial/constantize.rb