Sha256: 2b5a53189f05b7e94adeb47c005557c8a814ed4b9fee54006cbc4abf076af8c5

Contents?: true

Size: 1.09 KB

Versions: 14

Compression:

Stored size: 1.09 KB

Contents

# frozen_string_literal: true

module CustomCops
  class DontPrintAllEnv < RuboCop::Cop::Base
    #  This cop checks if someone accidentally print all environment variables
    #  because some of them may contain secrets.
    #
    # @example
    #   # bad
    #   puts ENV.to_h
    #   puts `env`
    #   puts ENVIRON.to_h
    #
    #   # good
    #   puts ENV['SOME_KEY']
    #   puts ENVIRON['SOME_KEY']
    MSG = 'Printing all Environment Variables is extremely risky ' \
          'If this code has been run, then it is likely that secrets have been ' \
          'exposed in plaintext. Please alert `#infosec` about this so it can be ' \
          'investigated immediately.' \

    def_node_matcher :convert_env_to_hash_or_array?, <<~PATTERN
      (send (const nil? {:ENVIRON :ENV}) {:to_h :to_a :to_hash})
    PATTERN

    def_node_matcher :print_all_env_shell?, <<~PATTERN
      (send nil? {:puts :p :print} (xstr(str "env")))
    PATTERN

    def on_send(node)
      return unless convert_env_to_hash_or_array?(node) || print_all_env_shell?(node)

      add_offense(node.loc.selector)
    end
  end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version Path
simplycop-2.13.2 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.13.1 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.13.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.12.1 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.12.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.11.1 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.11.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.10.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.9.1 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.9.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.8.0 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.7.2 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.7.1 lib/simplycop/custom_cops/dont_print_all_env.rb
simplycop-2.7.0 lib/simplycop/custom_cops/dont_print_all_env.rb