From 088d388e6d4dda42d9278e6da96ac3183ff09dcd Mon Sep 17 00:00:00 2001
From: Geremia Taglialatela <tagliala.dev@gmail.com>
Date: Tue, 23 May 2023 00:07:36 +0200
Subject: Enable Security cops

Also fixes a Security/Open offense that couldn't be exploited, because
the only invocation of `get_mime_type_from_uri` was validating the
input with a `URI::DEFAULT_PARSER` regexp
---
 test/util/tc_mime_type_utils.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'test')

diff --git a/test/util/tc_mime_type_utils.rb b/test/util/tc_mime_type_utils.rb
index 568aa61d..fc7d9d79 100644
--- a/test/util/tc_mime_type_utils.rb
+++ b/test/util/tc_mime_type_utils.rb
@@ -17,4 +17,8 @@ class TestMimeTypeUtils < Test::Unit::TestCase
     assert_equal('image/jpeg', Axlsx::MimeTypeUtils::get_mime_type(@test_img))
     assert_equal('image/png', Axlsx::MimeTypeUtils::get_mime_type_from_uri(@test_img_url))
   end
+
+  def test_escape_uri
+    assert_raise(URI::InvalidURIError) { Axlsx::MimeTypeUtils::get_mime_type_from_uri('| ls') }
+  end
 end
-- 
cgit v1.2.3