class RubbyCop::Cop::Security::JSONLoad
This cop checks for the use of JSON class methods which have potential security issues.
Autocorrect is disabled by default because it's potentially dangerous. If using a stream, like `JSON.load(open('file'))`, it will need to call `#read` manually, like `JSON.parse(open('file').read)`. If reading single values (rather than proper JSON objects), like `JSON.load('false')`, it will need to pass the `quirks_mode: true` option, like `JSON.parse('false', quirks_mode: true)`. Other similar issues may apply.
@example
# always offense JSON.load("{}") JSON.restore("{}") # no offense JSON.parse("{}")
Constants
- MSG
Public Instance Methods
autocorrect(node)
click to toggle source
# File lib/rubbycop/cop/security/json_load.rb, line 38 def autocorrect(node) ->(corrector) { corrector.replace(node.loc.selector, 'parse') } end
on_send(node)
click to toggle source
# File lib/rubbycop/cop/security/json_load.rb, line 32 def on_send(node) json_load(node) do |method| add_offense(node, :selector, format(MSG, method)) end end