Audit: Calls to methods in
IO class must be avoided RB-A1012File.read is safer than IO.read.35 # Domains should now be added
36 get :export, params: { format: :csv }
37 expect(response).to have_http_status(200)
38 expect(response.body).to eq(IO.read(File.join(file_fixture_path, 'domain_blocks.csv')))39 end
40
41 it 'blocks imported domains with only domains csv' doFile.read is safer than IO.read.16
17 get :export, params: { format: :csv }
18 expect(response).to have_http_status(200)
19 expect(response.body).to eq(IO.read(File.join(file_fixture_path, 'domain_blocks.csv')))20 end
21 end
22File.read is safer than IO.read.30 # Domains should now be added
31 get :export, params: { format: :csv }
32 expect(response).to have_http_status(200)
33 expect(response.body).to eq(IO.read(File.join(file_fixture_path, 'domain_allows.csv')))34 end
35
36 it 'displays error on no file selected' doFile.read is safer than IO.read.14
15 get :export, params: { format: :csv }
16 expect(response).to have_http_status(200)
17 expect(response.body).to eq(IO.read(File.join(file_fixture_path, 'domain_allows.csv')))18 end
19 end
20
Description
Calls to methods in the IO class must be avoided unless a command needs to be invoked intentionally.
If the argument starts with a pipe character ('|') and the receiver is the IO class, a subprocess is created in the same way as Kernel#open, and its output is returned. Kernel#open may allow unintentional command injection, which is the reason these IO methods are a security risk. Consider using File.read to protect yourself against the unintended subprocess invocation.
Bad practice
IO.read(path)
IO.read('path')
Recommended
File.read(path)
File.read('path')
IO.read('| command') # Allow intentional command invocation.
References
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')