class RuboCop::Cop::Security::JSONLoad
Checks for the use of JSON class methods which have potential security issues.
@safety
This cop's autocorrection is unsafe because it's potentially dangerous. If using a stream, like `JSON.load(open('file'))`, it will need to call `#read` manually, like `JSON.parse(open('file').read)`. If reading single values (rather than proper JSON objects), like `JSON.load('false')`, it will need to pass the `quirks_mode: true` option, like `JSON.parse('false', quirks_mode: true)`. Other similar issues may apply.
@example
# bad JSON.load("{}") JSON.restore("{}") # good JSON.parse("{}")
Constants
- MSG
- RESTRICT_ON_SEND
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/security/json_load.rb, line 37 def on_send(node) json_load(node) do |method| add_offense(node.loc.selector, message: format(MSG, method: method)) do |corrector| corrector.replace(node.loc.selector, 'parse') end end end