Add Security/Open rubocop rule

The `open` method can be used to open files or URLs and it's deprecated in Ruby 2.7. In this case, it's clear we're dealing with a URL, so we can use `URI.parse`. The code was a bit strange, since it returned a value and had a side effect: opening the URL. I'm not sure about the intention of the code; my best guess is we wanted to test the URL exists and was accessible before returning it (and, if that's the case, IMHO the code should be a bit more explicit in order to show the intention behind it), but it could also be an unintended side effect which was there by accident. Now the URL is no longer opened; if the URL isn't accessible, we'll find out when trying to connect to it with the Savon client.
2021-11-10 23:25:48 +01:00
parent 5519518cfb
commit dc87f9d69a
2 changed files with 4 additions and 1 deletions
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -446,6 +446,9 @@ Security/Eval:
 Security/JSONLoad:
  Enabled: true

+Security/Open:
+  Enabled: true
+
 Security/YAMLLoad:
  Enabled: true

--- a/lib/sms_api.rb
+++ b/lib/sms_api.rb
@@ -9,7 +9,7 @@ class SMSApi
  def url
    return "" unless end_point_available?

-    open(Rails.application.secrets.sms_end_point).base_uri.to_s
+    URI.parse(Rails.application.secrets.sms_end_point).to_s
  end

  def authorization