Commit c765eb69 authored by Gabriel Mazetto's avatar Gabriel Mazetto

Merge branch 'pl-rubocop-todo-yaml-load' into 'master'

Resolves rubocop offense Security/YAMLLoad

See merge request gitlab-org/gitlab!58042
parents 5b13c393 c3ac6a89
......@@ -638,16 +638,6 @@ Rails/WhereEquals:
Rails/WhereExists:
Enabled: false
# Offense count: 8
# Cop supports --auto-correct.
Security/YAMLLoad:
Exclude:
- 'lib/gitlab/redis/wrapper.rb'
- 'lib/system_check/incoming_email/imap_authentication_check.rb'
- 'spec/config/mail_room_spec.rb'
- 'spec/initializers/secret_token_spec.rb'
- 'spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb'
# Offense count: 240
# Cop supports --auto-correct.
# Configuration parameters: EnforcedStyle.
......
---
title: Resolves offenses Security/YAMLLoad
merge_request: 58042
author: Shubham Kumar (@imskr)
type: fixed
......@@ -142,7 +142,7 @@ module Gitlab
def fetch_config
return false unless self.class._raw_config
yaml = YAML.load(self.class._raw_config)
yaml = YAML.safe_load(self.class._raw_config)
# If the file has content but it's invalid YAML, `load` returns false
if yaml
......
......@@ -52,7 +52,7 @@ module SystemCheck
def load_config
erb = ERB.new(File.read(mail_room_config_path))
erb.filename = mail_room_config_path
config_file = YAML.load(erb.result)
config_file = YAML.safe_load(erb.result)
config_file[:mailboxes]
end
......
......@@ -21,7 +21,7 @@ RSpec.describe 'mail_room.yml' do
status = result.status
raise "Error interpreting #{mailroom_config_path}: #{output}" unless status == 0
YAML.load(output)
YAML.safe_load(output, permitted_classes: [Symbol])
end
before do
......
......@@ -84,7 +84,7 @@ RSpec.describe 'create_tokens' do
it 'writes the secrets to secrets.yml' do
expect(File).to receive(:write).with('config/secrets.yml', any_args) do |filename, contents, options|
new_secrets = YAML.load(contents)[Rails.env]
new_secrets = YAML.safe_load(contents)[Rails.env]
expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base)
expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
......@@ -179,7 +179,7 @@ RSpec.describe 'create_tokens' do
it 'uses the file secret' do
expect(File).to receive(:write) do |filename, contents, options|
new_secrets = YAML.load(contents)[Rails.env]
new_secrets = YAML.safe_load(contents)[Rails.env]
expect(new_secrets['secret_key_base']).to eq('file_key')
expect(new_secrets['otp_key_base']).to eq('file_key')
......
......@@ -35,7 +35,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
end
before do
allow(described_class).to receive(:load_yaml_file) { YAML.load(sample_yaml) }
allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(sample_yaml) }
end
it 'parses to two metric groups with 2 and 1 metric respectively' do
......@@ -71,7 +71,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
shared_examples 'required field' do |field_name|
context "when #{field_name} is nil" do
before do
allow(described_class).to receive(:load_yaml_file) { YAML.load(field_missing) }
allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(field_missing) }
end
it 'throws parsing error' do
......@@ -81,7 +81,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
context "when #{field_name} are not specified" do
before do
allow(described_class).to receive(:load_yaml_file) { YAML.load(field_nil) }
allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(field_nil) }
end
it 'throws parsing error' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment