class RuboCop::Cop::Security::YAMLLoad
YAML.dump(“foo”)
YAML.safe_load(“— foo”)
# good
YAML.load(“— foo”)
# bad
@example
loading from an untrusted source.
potential security issues leading to remote code execution when
This cop checks for the use of YAML class methods which have
def autocorrect(node)
def autocorrect(node) ->(corrector) { corrector.replace(node.loc.selector, 'safe_load') } end
def on_send(node)
def on_send(node) yaml_load(node) do add_offense(node, location: :selector) end end