Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Style/CommandLiteral cop #51741

Closed
wants to merge 1 commit into from
Closed

Enable Style/CommandLiteral cop #51741

wants to merge 1 commit into from

Conversation

flavorjones
Copy link
Member

Motivation / Background

PR #49624 contained commit 0c76f17 which mistakenly used backticks instead of normal string quotes. This is easy to miss, but is a bug-without-test-failures at best and an opportunity for an attack vector at worst.

Forcing the use of %x() should make it more obvious visually where the command literals are.

See related #51739

Checklist

Before submitting the PR make sure the following are checked:

  • This Pull Request is related to one change. Unrelated changes should be opened in separate PRs.
  • Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
  • Tests are added or updated if you fix a bug or add a feature.
  • CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

@flavorjones flavorjones mentioned this pull request May 5, 2024
Merged
4 tasks
@flavorjones
Enable Style/CommandLiteral cop
6db0887 
PR rails#49624 contained commit 0c76f17 which mistakenly used backticks
instead of normal string quotes. This is easy to miss, but risks
introducing a security vulnerability into the codebase.

Forcing the use of `%x()` should make it more obvious visually where
the command literals are.

See related rails#51739
@flavorjones flavorjones force-pushed the flavorjones-rubocop-percent-x-command-literals branch from 9b952c8 to 6db0887 Compare May 6, 2024 16:33
akhilgkrishnan
akhilgkrishnan approved these changes May 9, 2024
View reviewed changes
Copy link
Member

@akhilgkrishnan akhilgkrishnan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @flavorjones for adding this

@rafaelfranca rafaelfranca requested a review from dhh May 13, 2024 18:24
@dhh
Copy link
Member

dhh commented May 13, 2024

I appreciate wanting to guard against something like this, but aesthetically, I find the move from backticks to %x() to be a big regression. And I don't think it's worth scarring on the first cut here. I can't recall a single instance of the same issue going back two decades. So I think we need to see it repeated at least once before we contemplate an uglier code base as a result.

@dhh dhh closed this May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akhilgkrishnan akhilgkrishnan akhilgkrishnan approved these changes

@rafaelfranca rafaelfranca Awaiting requested review from rafaelfranca rafaelfranca is a code owner

@dhh dhh Awaiting requested review from dhh

Assignees
No one assigned
Labels
activerecord docs railties
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@flavorjones @dhh @akhilgkrishnan