class RuboCop::Cop::Security::YAMLLoad
YAML.dump(“foo”)
YAML.safe_load(“— foo”)
# good
YAML.load(“— foo”)
# bad
@example
loading from an untrusted source.
potential security issues leading to remote code execution when
This cop checks for the use of YAML class methods which have
def on_send(node)
def on_send(node) yaml_load(node) do add_offense(node.loc.selector) do |corrector| corrector.replace(node.loc.selector, 'safe_load') end end end