RubygemsResearch

Sha256: 21a4df1d95ea067761145ede6320b19e46eba8a64074478e7f3f05963d41b680

Contents?: true

Size: 692 Bytes

Versions: 2

Compression:

Stored size: 692 Bytes

# frozen_string_literal: true

module RuboCop
  module Cop
    module Security
      # This cop checks for the use of `Kernel#eval` and `Binding#eval`.
      #
      # @example
      #
      #   # bad
      #
      #   eval(something)
      #   binding.eval(something)
      class Eval < Cop
        MSG = 'The use of `eval` is a serious security risk.'.freeze

        def_node_matcher :eval?, <<-END
          (send {nil (send nil :binding)} :eval $!str ...)
        END

        def on_send(node)
          eval?(node) do |code|
            return if code.dstr_type? && code.recursive_literal?
            add_offense(node, :selector)
          end
        end
      end
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
rubocop-0.49.1	lib/rubocop/cop/security/eval.rb
rubocop-0.49.0	lib/rubocop/cop/security/eval.rb