Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:ruby-security/avoid-syscall
Language: Ruby
Severity: Info
Category: Security
Description
The syscall function is a direct interface to the operating system’s system calls. This rule is important because using syscall can lead to non-portable and difficult to maintain code. Different operating systems have different system calls and different numbers assigned to them. Therefore, the code that uses syscall may behave differently on different systems, which can lead to unexpected results and bugs that are hard to track down.
Furthermore, syscall is considered to be a low-level interface, which should be avoided in high-level programming languages like Ruby. It bypasses the abstractions that Ruby provides, which can lead to less readable and more error-prone code.
Instead of using syscall, use the abstractions that Ruby provides. For example, if you want to write to a file, use Ruby’s File class, which provides a high-level, portable interface for file operations. This way, you can ensure that your code is portable and easier to maintain. For instance, you can replace the syscall function in the non-compliant code with File.write('filename', 'hello\n').
Non-Compliant Code Examples
# See https://ruby-doc.org/core-2.4.1/Kernel.htmlsyscall4,1,"hello\n",6# '4' is write(2) on our box
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- ruby-security # Rules to enforce Ruby security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
