class RuboCop::Cop::Security::MarshalLoad
Checks for the use of Marshal class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
@example
# bad Marshal.load("{}") Marshal.restore("{}") # good Marshal.dump("{}") # okish - deep copy hack Marshal.load(Marshal.dump({}))
Constants
- MSG
- RESTRICT_ON_SEND
Public Instance Methods
Source
# File lib/rubocop/cop/security/marshal_load.rb, line 31 def on_send(node) marshal_load(node) do |method| add_offense(node.loc.selector, message: format(MSG, method: method)) end end