From dc87f9d69a65cc64aa49defb0fedfe94f96b59b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Wed, 10 Nov 2021 23:25:48 +0100 Subject: [PATCH] Add Security/Open rubocop rule The `open` method can be used to open files or URLs and it's deprecated in Ruby 2.7. In this case, it's clear we're dealing with a URL, so we can use `URI.parse`. The code was a bit strange, since it returned a value and had a side effect: opening the URL. I'm not sure about the intention of the code; my best guess is we wanted to test the URL exists and was accessible before returning it (and, if that's the case, IMHO the code should be a bit more explicit in order to show the intention behind it), but it could also be an unintended side effect which was there by accident. Now the URL is no longer opened; if the URL isn't accessible, we'll find out when trying to connect to it with the Savon client. --- .rubocop.yml | 3 +++ lib/sms_api.rb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.rubocop.yml b/.rubocop.yml index 483b38bbe..147fbb070 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -446,6 +446,9 @@ Security/Eval: Security/JSONLoad: Enabled: true +Security/Open: + Enabled: true + Security/YAMLLoad: Enabled: true diff --git a/lib/sms_api.rb b/lib/sms_api.rb index 64a25e7e0..e3187b710 100644 --- a/lib/sms_api.rb +++ b/lib/sms_api.rb @@ -9,7 +9,7 @@ class SMSApi def url return "" unless end_point_available? - open(Rails.application.secrets.sms_end_point).base_uri.to_s + URI.parse(Rails.application.secrets.sms_end_point).to_s end def authorization