v1_parser: use URI#open instead of URI.open #4854

Watson1978 · 2025-03-06T04:39:35Z

Which issue(s) this PR fixes:
Fixes #

What this PR does / why we need it:
By CodeQL documentation, it is safer to avoid using URI.open.
This is a false positive, so there is no impact on Fluentd.
(Because URI.parse checks the uri in advance.)

This is similar with #4848

Docs Changes:

Release Note:

daipom

Thanks.

It appears to me that v1parser can recognize Windows absolute paths (C:/foo).
Can't we just use u.open?

Watson1978 · 2025-03-06T09:20:51Z

Thanks.

        if u.scheme == 'file' || (!u.scheme.nil? && u.scheme.length == 1) || u.path == uri.tr(' ', '+') # file path
          # When the Windows absolute path then u.scheme.length == 1

Indeed, seems it recognize Windows path.
I will fix the patch

Signed-off-by: Shizuo Fujita <fujita@clear-code.com>

daipom

Thanks!

**Which issue(s) this PR fixes**: Fixes # **What this PR does / why we need it**: By [CodeQL documentation](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/), it is safer to avoid using `URI.open`. This is similar with fluent#4848 **Docs Changes**: **Release Note**: Signed-off-by: Shizuo Fujita <fujita@clear-code.com> Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>

…4921) **Which issue(s) this PR fixes**: Backport #4854 Fixes # **What this PR does / why we need it**: By [CodeQL documentation](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/), it is safer to avoid using `URI.open`. This is similar with #4848 **Docs Changes**: **Release Note**: Signed-off-by: Shizuo Fujita <fujita@clear-code.com> Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com> Co-authored-by: Shizuo Fujita <fujita@clear-code.com>

Watson1978 added the backport to LTS We will backport this fix to the LTS branch label Mar 6, 2025

Watson1978 added this to the v1.19.0 milestone Mar 6, 2025

Watson1978 marked this pull request as ready for review March 6, 2025 05:25

Watson1978 requested a review from daipom March 6, 2025 05:25

Watson1978 force-pushed the codeql/v1_parser branch 3 times, most recently from 04a12fb to 0254d7e Compare March 6, 2025 07:57

daipom reviewed Mar 6, 2025

View reviewed changes

v1_parser: use URI#open instead of URI.open

d6aa891

Signed-off-by: Shizuo Fujita <fujita@clear-code.com>

Watson1978 force-pushed the codeql/v1_parser branch from 0254d7e to d6aa891 Compare March 6, 2025 09:22

daipom approved these changes Mar 6, 2025

View reviewed changes

daipom merged commit ccf5768 into master Mar 6, 2025
13 checks passed

daipom deleted the codeql/v1_parser branch March 6, 2025 09:56

kenhys mentioned this pull request Apr 23, 2025

Backport(v1.16): v1_parser: use URI#open instead of URI.open (#4854) kenhys/fluentd#12

Closed

kenhys mentioned this pull request Apr 23, 2025

Backport(v1.16): v1_parser: use URI#open instead of URI.open (#4854) #4921

Merged

kenhys added the backported "backport to LTS" is done label Apr 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v1_parser: use URI#open instead of URI.open #4854

v1_parser: use URI#open instead of URI.open #4854

Uh oh!

Watson1978 commented Mar 6, 2025 •

edited by daipom

Loading

Uh oh!

daipom left a comment

Uh oh!

Watson1978 commented Mar 6, 2025

Uh oh!

daipom left a comment

Uh oh!

Uh oh!

Uh oh!

v1_parser: use URI#open instead of URI.open #4854

v1_parser: use URI#open instead of URI.open #4854

Uh oh!

Conversation

Watson1978 commented Mar 6, 2025 • edited by daipom Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

daipom left a comment

Choose a reason for hiding this comment

Uh oh!

Watson1978 commented Mar 6, 2025

Uh oh!

daipom left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Watson1978 commented Mar 6, 2025 •

edited by daipom

Loading