mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
18 lines
406 B
Ruby
18 lines
406 B
Ruby
class UsersController < ActionController::Base
|
|
def create
|
|
file = params[:file]
|
|
open(file) # BAD
|
|
IO.read(file) # BAD
|
|
|
|
File.open(file).read # GOOD
|
|
|
|
if file == "some/const/path.txt"
|
|
open(file) # GOOD - file path is sanitised by guard
|
|
end
|
|
|
|
if %w(some/const/1.txt some/const/2.txt).include? file
|
|
IO.read(file) # GOOD - file path is sanitised by guard
|
|
end
|
|
end
|
|
end
|