blob: 7be1a784001b6bfe5a42d64b5cbc6b4f521560fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# frozen_string_literal: true
require 'fast_spec_helper'
require_relative '../../../rubocop/cop/file_decompression'
RSpec.describe RuboCop::Cop::FileDecompression do
subject(:cop) { described_class.new }
it 'does not flag when using a system command not related to file decompression' do
expect_no_offenses('system("ls")')
end
described_class::FORBIDDEN_COMMANDS.map { [_1, '^' * _1.length] }.each do |cmd, len|
it "flags the when using '#{cmd}' system command" do
expect_offense(<<~SOURCE)
system('#{cmd}')
^^^^^^^^#{len}^^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
expect_offense(<<~SOURCE)
exec('#{cmd}')
^^^^^^#{len}^^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
expect_offense(<<~SOURCE)
Kernel.spawn('#{cmd}')
^^^^^^^^^^^^^^#{len}^^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
expect_offense(<<~SOURCE)
IO.popen('#{cmd}')
^^^^^^^^^^#{len}^^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
end
it "flags the when using '#{cmd}' subshell command" do
expect_offense(<<~SOURCE)
`#{cmd}`
^#{len}^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
expect_offense(<<~SOURCE)
%x(#{cmd})
^^^#{len}^ While extracting files check for symlink to avoid arbitrary file reading[...]
SOURCE
end
end
end
|
