Contents

module RuboCop
  module Cop
    module Paraxial
      class System < Base
        MSG = '`system` causes remote code execution if called on user input.'

        # Restrict the cop to only the `puts` method
        RESTRICT_ON_SEND = %i[system].freeze

        # @!method puts_call?(node)
        def_node_matcher :system_call?, <<~PATTERN
          (send nil? :system ...)
        PATTERN

        def on_send(node)
          return unless in_app_directory?(node)
          system_call?(node) do
            add_offense(node.loc.selector, message: MSG)
          end
        end

        private

        def in_app_directory?(node)
          processed_source.file_path.start_with?(File.join(Dir.pwd, 'app'))
        end

      end
    end
  end
end

Version data entries

23 entries across 23 versions & 1 rubygems

Version	Path
paraxial-1.4.5	lib/rubocop/cop/paraxial/system.rb
paraxial-1.4.4	lib/rubocop/cop/paraxial/system.rb
paraxial-1.4.3	lib/rubocop/cop/paraxial/system.rb
paraxial-1.4.2	lib/rubocop/cop/paraxial/system.rb
paraxial-1.4.1	lib/rubocop/cop/paraxial/system.rb
paraxial-1.4.0	lib/rubocop/cop/paraxial/system.rb
paraxial-1.3.1	lib/rubocop/cop/paraxial/system.rb
paraxial-1.3.0	lib/rubocop/cop/paraxial/system.rb
paraxial-1.2.0	lib/rubocop/cop/paraxial/system.rb
paraxial-1.1.0	lib/rubocop/cop/paraxial/system.rb
paraxial-1.0.2	lib/rubocop/cop/paraxial/system.rb
paraxial-1.0.1	lib/rubocop/cop/paraxial/system.rb
paraxial-1.0.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.9.1	lib/rubocop/cop/paraxial/system.rb
paraxial-0.9.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.8.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.7.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.6.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.5.0	lib/rubocop/cop/paraxial/system.rb
paraxial-0.4.0	lib/rubocop/cop/paraxial/system.rb