Merge pull request #10176 from koic/unmark_autocorrect_false_from_sec…

…urity_json_load

Unmark `AutoCorrect: false` from `Security/JSONLoad`

changelog/change_unmark_autocorrect_false_from_security_json_load.md

@@ -0,0 +1 @@
+* [#10176](https://github.com/rubocop/rubocop/pull/10176): Unmark `AutoCorrect: false` from `Security/JSONLoad`. ([@koic][])

config/default.yml

@@ -2754,10 +2754,9 @@ Security/JSONLoad:
   Reference: 'https://ruby-doc.org/stdlib-2.7.0/libdoc/json/rdoc/JSON.html#method-i-load'
   Enabled: true
   VersionAdded: '0.43'
-  VersionChanged: '0.44'
+  VersionChanged: '<<next>>'
   # Autocorrect here will change to a method that may cause crashes depending
   # on the value of the argument.
-  AutoCorrect: false
   SafeAutoCorrect: false
 
 Security/MarshalLoad:

lib/rubocop/cop/security/json_load.rb

@@ -7,7 +7,7 @@ module Security
       # security issues.
       #
       # @safety
-      #   Autocorrect is disabled by default because it's potentially dangerous.
+      #   This cop's autocorrection is unsafe because it's potentially dangerous.
       #   If using a stream, like `JSON.load(open('file'))`, it will need to call
       #   `#read` manually, like `JSON.parse(open('file').read)`.
       #   If reading single values (rather than proper JSON objects), like

spec/rubocop/cli/options_spec.rb

@@ -1005,7 +1005,8 @@ def on_send(node)
 
       expect(cli.run(['--format', 'emacs', '--display-style-guide', 'example1.rb'])).to eq(1)
 
-      output = "#{file}:1:6: C: Security/JSONLoad: Prefer `JSON.parse` over `JSON.load`. (#{url})"
+      output = "#{file}:1:6: C: [Correctable] Security/JSONLoad: " \
+               "Prefer `JSON.parse` over `JSON.load`. (#{url})"
       expect($stdout.string.lines.to_a[-1]).to eq([output, ''].join("\n"))
     end