Merge pull request #252 from tagliala/security/enable-security-cops

Enable Security cops

3 files changed, 8 insertions, 1 deletions

diff --git a/.rubocop.yml b/.rubocop.yml
index 7d315f1b..22e574bc 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -34,6 +34,9 @@ Minitest:
 Performance:
   Enabled: true
 
+Security:
+  Enabled: true
+
 Style:
   Enabled: true
 
diff --git a/lib/axlsx/util/mime_type_utils.rb b/lib/axlsx/util/mime_type_utils.rb
index c2e6909f..fbe39448 100644
--- a/lib/axlsx/util/mime_type_utils.rb
+++ b/lib/axlsx/util/mime_type_utils.rb
@@ -16,7 +16,7 @@ module Axlsx
     # @param [String] v URI
     # @return [String] File mime type
     def self.get_mime_type_from_uri(v)
-      Marcel::MimeType.for(URI.open(v))
+      Marcel::MimeType.for(URI.parse(v).open)
     end
   end
 end
diff --git a/test/util/tc_mime_type_utils.rb b/test/util/tc_mime_type_utils.rb
index 568aa61d..fc7d9d79 100644
--- a/test/util/tc_mime_type_utils.rb
+++ b/test/util/tc_mime_type_utils.rb
@@ -17,4 +17,8 @@ class TestMimeTypeUtils < Test::Unit::TestCase
     assert_equal('image/jpeg', Axlsx::MimeTypeUtils::get_mime_type(@test_img))
     assert_equal('image/png', Axlsx::MimeTypeUtils::get_mime_type_from_uri(@test_img_url))
   end
+
+  def test_escape_uri
+    assert_raise(URI::InvalidURIError) { Axlsx::MimeTypeUtils::get_mime_type_from_uri('| ls') }
+  end
 end