Class: RuboCop::Cop::GitlabSecurity::PublicSend
- Inherits:
-
Cop
- Object
- Cop
- RuboCop::Cop::GitlabSecurity::PublicSend
- Defined in:
- lib/rubocop/cop/gitlab-security/public_send.rb
Overview
Checks for the use of ‘public_send`, `send`, and `__send__` methods.
If passed untrusted input these methods can be used to execute arbitrary methods on behalf of an attacker.
Constant Summary collapse
- MSG =
'Avoid using `%s`.'.freeze
Instance Method Summary collapse
Instance Method Details
#on_send(node) ⇒ Object
30 31 32 33 34 35 36 |
# File 'lib/rubocop/cop/gitlab-security/public_send.rb', line 30 def on_send(node) send?(node) do |match| next unless node.arguments? add_offense(node, location: :selector, message: format(MSG, match)) end end |