class RubbyCop::Cop::Security::MarshalLoad
This cop checks for the use of Marshal class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
@example
# bad Marshal.load("{}") Marshal.restore("{}") # good Marshal.dump("{}") # okish - deep copy hack Marshal.load(Marshal.dump({}))
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubbycop/cop/security/marshal_load.rb, line 29 def on_send(node) marshal_load(node) do |method| add_offense(node, :selector, format(MSG, method)) end end