Class: RuboCop::Cop::Airbnb::UnsafeYamlMarshal

Inherits:
Base
  • Object
show all
Defined in:
lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb

Overview

Disallow use of YAML/Marshal methods that can trigger RCE on untrusted input

Constant Summary collapse

MSG = 
'Using unsafe YAML parsing methods on untrusted input can lead ' \
'to remote code execution. Use `safe_load`, `parse`, `parse_file`, or ' \
'`parse_stream` instead'.freeze

Instance Method Summary collapse

Instance Method Details

#check_marshal(node, receiver, method_name, *_args) ⇒ Object 



35
36
37
38
39
40
41
42
43
 
# File 'lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb', line 35

def check_marshal(node, receiver, method_name, *_args)
  return unless receiver.const_name == 'Marshal'
  return unless method_name == :load

  message = 'Using `Marshal.load` on untrusted input can lead to remote code execution. ' \
    'Restructure your code to not use Marshal'

  add_offense(node, message: message)
end

#check_yaml(node, receiver, method_name, *_args) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
 
# File 'lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb', line 24

def check_yaml(node, receiver, method_name, *_args)
  return unless ['YAML', 'Psych'].include?(receiver.const_name)
  return unless [:load, :load_documents, :load_file, :load_stream].include?(method_name)

  message = "Using `#{receiver.const_name}.#{method_name}` on untrusted input can lead " \
    "to remote code execution. Use `safe_load`, `parse`, `parse_file`, or " \
    "`parse_stream` instead"

  add_offense(node, message: message)
end

#on_send(node) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb', line 10

def on_send(node)
  receiver, method_name, *_args = *node

  return if receiver.nil?
  return unless receiver.const_type?

  check_yaml(node, receiver, method_name, *_args)
  check_marshal(node, receiver, method_name, *_args)
rescue => e
  puts e
  puts e.backtrace
  raise
end