class RuboCop::Cop::Security::JSONLoad

JSON.parse(“{}”)
# no offense
JSON.restore(“{}”)
JSON.load(“{}”)
# always offense
@example
Other similar issues may apply.
option, like ‘JSON.parse(’false’, quirks_mode: true)‘.
`JSON.load(’false’)‘, it will need to pass the `quirks_mode: true`
If reading single values (rather than proper JSON objects), like
`#read` manually, like `JSON.parse(open(’file’).read)‘.
If using a stream, like `JSON.load(open(’file’))‘, it will need to call
Autocorrect is disabled by default because it’s potentially dangerous.
security issues.
This cop checks for the use of JSON class methods which have potential

def autocorrect(node)

def autocorrect(node)
  ->(corrector) { corrector.replace(node.loc.selector, 'parse') }
end

def on_send(node)

def on_send(node)
  json_load(node) do |method|
    add_offense(node, :selector, format(MSG, method))
  end
end

Namespace

RuboCop::Cop::Security

Parent class

RuboCop::Cop::Security::Cop

Instance Methods

Defined in

lib/rubocop/cop/security/json_load.rb

Modules

Classes