Opening a non-static file, may result in user-data controlling the program. This leaves the program vulnerable to running and processing malicious commands/data.
1filename = "testfile"
2# Compliant: File being opened is static.
3open(filename) do |f|
4 print f.gets
5end
1
2# Noncompliant: User-input directly controls which file is opened.
3cmd = open("|%s" % params[:file)
4print cmd.gets
5cmd.close