Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0ee884ed
Commit
0ee884ed
authored
Mar 31, 2021
by
Shubham Kumar
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Resolves rubocop offense Security/YAMLLoad
Fixes auto correct rubocop offenses
parent
32e3873b
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
16 additions
and
16 deletions
+16
-16
.rubocop_todo.yml
.rubocop_todo.yml
+3
-8
changelogs/unreleased/pl-rubocop-todo-yaml-load.yml
changelogs/unreleased/pl-rubocop-todo-yaml-load.yml
+5
-0
lib/gitlab/redis/wrapper.rb
lib/gitlab/redis/wrapper.rb
+1
-1
lib/system_check/incoming_email/imap_authentication_check.rb
lib/system_check/incoming_email/imap_authentication_check.rb
+1
-1
spec/config/mail_room_spec.rb
spec/config/mail_room_spec.rb
+1
-1
spec/initializers/secret_token_spec.rb
spec/initializers/secret_token_spec.rb
+2
-2
spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
+3
-3
No files found.
.rubocop_todo.yml
View file @
0ee884ed
...
...
@@ -638,15 +638,10 @@ Rails/WhereEquals:
Rails/WhereExists
:
Enabled
:
false
# Offense count:
8
# Offense count:
21
# Cop supports --auto-correct.
Security/YAMLLoad
:
Exclude
:
-
'
lib/gitlab/redis/wrapper.rb'
-
'
lib/system_check/incoming_email/imap_authentication_check.rb'
-
'
spec/config/mail_room_spec.rb'
-
'
spec/initializers/secret_token_spec.rb'
-
'
spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb'
Rails/WhereNot
:
Enabled
:
false
# Offense count: 240
# Cop supports --auto-correct.
...
...
changelogs/unreleased/pl-rubocop-todo-yaml-load.yml
0 → 100644
View file @
0ee884ed
---
title
:
Resolves offenses Security/YAMLLoad
merge_request
:
author
:
Shubham Kumar (@imskr)
type
:
fixed
lib/gitlab/redis/wrapper.rb
View file @
0ee884ed
...
...
@@ -142,7 +142,7 @@ module Gitlab
def
fetch_config
return
false
unless
self
.
class
.
_raw_config
yaml
=
YAML
.
load
(
self
.
class
.
_raw_config
)
yaml
=
YAML
.
safe_
load
(
self
.
class
.
_raw_config
)
# If the file has content but it's invalid YAML, `load` returns false
if
yaml
...
...
lib/system_check/incoming_email/imap_authentication_check.rb
View file @
0ee884ed
...
...
@@ -52,7 +52,7 @@ module SystemCheck
def
load_config
erb
=
ERB
.
new
(
File
.
read
(
mail_room_config_path
))
erb
.
filename
=
mail_room_config_path
config_file
=
YAML
.
load
(
erb
.
result
)
config_file
=
YAML
.
safe_
load
(
erb
.
result
)
config_file
[
:mailboxes
]
end
...
...
spec/config/mail_room_spec.rb
View file @
0ee884ed
...
...
@@ -21,7 +21,7 @@ RSpec.describe 'mail_room.yml' do
status
=
result
.
status
raise
"Error interpreting
#{
mailroom_config_path
}
:
#{
output
}
"
unless
status
==
0
YAML
.
load
(
output
)
YAML
.
safe_
load
(
output
)
end
before
do
...
...
spec/initializers/secret_token_spec.rb
View file @
0ee884ed
...
...
@@ -84,7 +84,7 @@ RSpec.describe 'create_tokens' do
it
'writes the secrets to secrets.yml'
do
expect
(
File
).
to
receive
(
:write
).
with
(
'config/secrets.yml'
,
any_args
)
do
|
filename
,
contents
,
options
|
new_secrets
=
YAML
.
load
(
contents
)[
Rails
.
env
]
new_secrets
=
YAML
.
safe_
load
(
contents
)[
Rails
.
env
]
expect
(
new_secrets
[
'secret_key_base'
]).
to
eq
(
secrets
.
secret_key_base
)
expect
(
new_secrets
[
'otp_key_base'
]).
to
eq
(
secrets
.
otp_key_base
)
...
...
@@ -179,7 +179,7 @@ RSpec.describe 'create_tokens' do
it
'uses the file secret'
do
expect
(
File
).
to
receive
(
:write
)
do
|
filename
,
contents
,
options
|
new_secrets
=
YAML
.
load
(
contents
)[
Rails
.
env
]
new_secrets
=
YAML
.
safe_
load
(
contents
)[
Rails
.
env
]
expect
(
new_secrets
[
'secret_key_base'
]).
to
eq
(
'file_key'
)
expect
(
new_secrets
[
'otp_key_base'
]).
to
eq
(
'file_key'
)
...
...
spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
View file @
0ee884ed
...
...
@@ -35,7 +35,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
end
before
do
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
load
(
sample_yaml
)
}
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
safe_
load
(
sample_yaml
)
}
end
it
'parses to two metric groups with 2 and 1 metric respectively'
do
...
...
@@ -71,7 +71,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
shared_examples
'required field'
do
|
field_name
|
context
"when
#{
field_name
}
is nil"
do
before
do
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
load
(
field_missing
)
}
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
safe_
load
(
field_missing
)
}
end
it
'throws parsing error'
do
...
...
@@ -81,7 +81,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
context
"when
#{
field_name
}
are not specified"
do
before
do
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
load
(
field_nil
)
}
allow
(
described_class
).
to
receive
(
:load_yaml_file
)
{
YAML
.
safe_
load
(
field_nil
)
}
end
it
'throws parsing error'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment