From 8c9692b500cc060070963d0990a93198d21704b3 Mon Sep 17 00:00:00 2001 From: Koichi ITO Date: Sat, 9 Oct 2021 03:13:11 +0900 Subject: [PATCH] Unmark `AutoCorrect: false` from `Security/JSONLoad` This `AutoCorrect: false` looks like it was set when there was no way to safe autocorrect by `SafeAutocorrect: false`. https://github.com/rubocop/rubocop/pull/3584 Test code for `Security/JSONLoad`'s autocorrection exists. So it can be enabled by default. However, it is still unsafe because `SafeAutocorrect: false`. --- .../change_unmark_autocorrect_false_from_security_json_load.md | 1 + config/default.yml | 3 +-- lib/rubocop/cop/security/json_load.rb | 2 +- spec/rubocop/cli/options_spec.rb | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 changelog/change_unmark_autocorrect_false_from_security_json_load.md diff --git a/changelog/change_unmark_autocorrect_false_from_security_json_load.md b/changelog/change_unmark_autocorrect_false_from_security_json_load.md new file mode 100644 index 00000000000..1f81630abf7 --- /dev/null +++ b/changelog/change_unmark_autocorrect_false_from_security_json_load.md @@ -0,0 +1 @@ +* [#10176](https://github.com/rubocop/rubocop/pull/10176): Unmark `AutoCorrect: false` from `Security/JSONLoad`. ([@koic][]) diff --git a/config/default.yml b/config/default.yml index b9c4e8b55cb..0bb056b7a79 100644 --- a/config/default.yml +++ b/config/default.yml @@ -2754,10 +2754,9 @@ Security/JSONLoad: Reference: 'https://ruby-doc.org/stdlib-2.7.0/libdoc/json/rdoc/JSON.html#method-i-load' Enabled: true VersionAdded: '0.43' - VersionChanged: '0.44' + VersionChanged: '<>' # Autocorrect here will change to a method that may cause crashes depending # on the value of the argument. - AutoCorrect: false SafeAutoCorrect: false Security/MarshalLoad: diff --git a/lib/rubocop/cop/security/json_load.rb b/lib/rubocop/cop/security/json_load.rb index afc859d97fc..2ef42bf70c6 100644 --- a/lib/rubocop/cop/security/json_load.rb +++ b/lib/rubocop/cop/security/json_load.rb @@ -7,7 +7,7 @@ module Security # security issues. # # @safety - # Autocorrect is disabled by default because it's potentially dangerous. + # This cop's autocorrection is unsafe because it's potentially dangerous. # If using a stream, like `JSON.load(open('file'))`, it will need to call # `#read` manually, like `JSON.parse(open('file').read)`. # If reading single values (rather than proper JSON objects), like diff --git a/spec/rubocop/cli/options_spec.rb b/spec/rubocop/cli/options_spec.rb index 1ed2a3fa7b0..b2b94ac7743 100644 --- a/spec/rubocop/cli/options_spec.rb +++ b/spec/rubocop/cli/options_spec.rb @@ -1005,7 +1005,8 @@ def on_send(node) expect(cli.run(['--format', 'emacs', '--display-style-guide', 'example1.rb'])).to eq(1) - output = "#{file}:1:6: C: Security/JSONLoad: Prefer `JSON.parse` over `JSON.load`. (#{url})" + output = "#{file}:1:6: C: [Correctable] Security/JSONLoad: " \ + "Prefer `JSON.parse` over `JSON.load`. (#{url})" expect($stdout.string.lines.to_a[-1]).to eq([output, ''].join("\n")) end