Add a query for uses of Kernel.open and IO.read

ql/test/query-tests/security/cwe-078/KernelOpen.expected

@@ -0,0 +1,11 @@
+edges
+| KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:4:10:4:13 | file |
+| KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:5:13:5:16 | file |
+nodes
+| KernelOpen.rb:3:12:3:17 | call to params :  | semmle.label | call to params :  |
+| KernelOpen.rb:4:10:4:13 | file | semmle.label | file |
+| KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
+subpaths
+#select
+| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a user-provided value. Replace it with File.open. |
+| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a user-provided value. Replace it with File.read. |

ql/test/query-tests/security/cwe-078/KernelOpen.qlref

@@ -0,0 +1 @@
+queries/security/cwe-078/KernelOpen.ql

ql/test/query-tests/security/cwe-078/KernelOpen.rb

@@ -0,0 +1,17 @@
+class UsersController < ActionController::Base
+  def create
+    file = params[:file]
+    open(file) # BAD
+    IO.read(file) # BAD
+
+    File.open(file).read # GOOD
+
+    if file == "some/const/path.txt"
+      open(file) # GOOD - file path is sanitised by guard
+    end
+
+    if %w(some/const/1.txt some/const/2.txt).include? file
+      IO.read(file) # GOOD - file path is sanitised by guard
+    end
+  end
+end