class RubbyCop::Cop::Security::YAMLLoad

This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

@example

# bad
YAML.load("--- foo")

# good
YAML.safe_load("--- foo")
YAML.dump("foo")

Constants

MSG

Public Instance Methods

autocorrect(node) click to toggle source
# File lib/rubbycop/cop/security/yaml_load.rb, line 31
def autocorrect(node)
  ->(corrector) { corrector.replace(node.loc.selector, 'safe_load') }
end
on_send(node) click to toggle source
# File lib/rubbycop/cop/security/yaml_load.rb, line 25
def on_send(node)
  yaml_load(node) do
    add_offense(node, :selector)
  end
end