Merge pull request #8394 from koic/use_cop_base_api_for_security_depa…

…rtment

Use `Cop::Base` API for `Security` department

lib/rubocop/cop/security/eval.rb

@@ -11,7 +11,7 @@ module Security
       #
       #   eval(something)
       #   binding.eval(something)
-      class Eval < Cop
+      class Eval < Base
         MSG = 'The use of `eval` is a serious security risk.'
 
         def_node_matcher :eval?, <<~PATTERN
@@ -22,7 +22,7 @@ def on_send(node)
           eval?(node) do |code|
             return if code.dstr_type? && code.recursive_literal?
 
-            add_offense(node, location: :selector)
+            add_offense(node.loc.selector)
           end
         end
       end

lib/rubocop/cop/security/json_load.rb

@@ -22,7 +22,9 @@ module Security
       #   # good
       #   JSON.parse("{}")
       #
-      class JSONLoad < Cop
+      class JSONLoad < Base
+        extend AutoCorrector
+
         MSG = 'Prefer `JSON.parse` over `JSON.%<method>s`.'
 
         def_node_matcher :json_load, <<~PATTERN
@@ -31,15 +33,11 @@ class JSONLoad < Cop
 
         def on_send(node)
           json_load(node) do |method|
-            add_offense(node,
-                        location: :selector,
-                        message: format(MSG, method: method))
+            add_offense(node.loc.selector, message: format(MSG, method: method)) do |corrector|
+              corrector.replace(node.loc.selector, 'parse')
+            end
           end
         end
-
-        def autocorrect(node)
-          ->(corrector) { corrector.replace(node.loc.selector, 'parse') }
-        end
       end
     end
   end

lib/rubocop/cop/security/marshal_load.rb

@@ -18,7 +18,7 @@ module Security
       #   # okish - deep copy hack
       #   Marshal.load(Marshal.dump({}))
       #
-      class MarshalLoad < Cop
+      class MarshalLoad < Base
         MSG = 'Avoid using `Marshal.%<method>s`.'
 
         def_node_matcher :marshal_load, <<~PATTERN
@@ -28,9 +28,7 @@ class MarshalLoad < Cop
 
         def on_send(node)
           marshal_load(node) do |method|
-            add_offense(node,
-                        location: :selector,
-                        message: format(MSG, method: method))
+            add_offense(node.loc.selector, message: format(MSG, method: method))
           end
         end
       end

lib/rubocop/cop/security/open.rb

@@ -19,7 +19,7 @@ module Security
       #   File.open(something)
       #   IO.popen(something)
       #   URI.parse(something).open
-      class Open < Cop
+      class Open < Base
         MSG = 'The use of `Kernel#open` is a serious security risk.'
 
         def_node_matcher :open?, <<~PATTERN
@@ -30,7 +30,7 @@ def on_send(node)
           open?(node) do |code|
             return if safe?(code)
 
-            add_offense(node, location: :selector)
+            add_offense(node.loc.selector)
           end
         end
 

lib/rubocop/cop/security/yaml_load.rb

@@ -15,7 +15,9 @@ module Security
       #   YAML.safe_load("--- foo")
       #   YAML.dump("foo")
       #
-      class YAMLLoad < Cop
+      class YAMLLoad < Base
+        extend AutoCorrector
+
         MSG = 'Prefer using `YAML.safe_load` over `YAML.load`.'
 
         def_node_matcher :yaml_load, <<~PATTERN
@@ -24,13 +26,11 @@ class YAMLLoad < Cop
 
         def on_send(node)
           yaml_load(node) do
-            add_offense(node, location: :selector)
+            add_offense(node.loc.selector) do |corrector|
+              corrector.replace(node.loc.selector, 'safe_load')
+            end
           end
         end
-
-        def autocorrect(node)
-          ->(corrector) { corrector.replace(node.loc.selector, 'safe_load') }
-        end
       end
     end
   end