class Railroader::CheckEvaluation

This check looks for calls to eval, instance_eval, etc. which include user input.

Public Instance Methods

process_result(result) click to toggle source

Warns if eval includes user input

# File lib/railroader/checks/check_evaluation.rb, line 22
def process_result result
  return unless original? result

  if input = include_user_input?(result[:call].arglist)
    warn :result => result,
      :warning_type => "Dangerous Eval",
      :warning_code => :code_eval,
      :message => "User input in eval",
      :code => result[:call],
      :user_input => input,
      :confidence => :high
  end
end
run_check() click to toggle source

Process calls

# File lib/railroader/checks/check_evaluation.rb, line 11
def run_check
  Railroader.debug "Finding eval-like calls"
  calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]

  Railroader.debug "Processing eval-like calls"
  calls.each do |call|
    process_result call
  end
end