rubocop · koic · Oct 9, 2021 · Oct 8, 2021
diff --git a/changelog/change_unmark_autocorrect_false_from_security_json_load.md b/changelog/change_unmark_autocorrect_false_from_security_json_load.md
@@ -0,0 +1 @@
+* [#10176](https://github.com/rubocop/rubocop/pull/10176): Unmark `AutoCorrect: false` from `Security/JSONLoad`. ([@koic][])
diff --git a/config/default.yml b/config/default.yml
@@ -2754,10 +2754,9 @@ Security/JSONLoad:
   Reference: 'https://ruby-doc.org/stdlib-2.7.0/libdoc/json/rdoc/JSON.html#method-i-load'
   Enabled: true
   VersionAdded: '0.43'
-  VersionChanged: '0.44'
+  VersionChanged: '<<next>>'
   # Autocorrect here will change to a method that may cause crashes depending
   # on the value of the argument.
-  AutoCorrect: false
   SafeAutoCorrect: false
 
 Security/MarshalLoad:

diff --git a/lib/rubocop/cop/security/json_load.rb b/lib/rubocop/cop/security/json_load.rb
@@ -7,7 +7,7 @@ module Security
       # security issues.
       #
       # @safety
-      #   Autocorrect is disabled by default because it's potentially dangerous.
+      #   This cop's autocorrection is unsafe because it's potentially dangerous.
       #   If using a stream, like `JSON.load(open('file'))`, it will need to call
       #   `#read` manually, like `JSON.parse(open('file').read)`.
       #   If reading single values (rather than proper JSON objects), like

diff --git a/spec/rubocop/cli/options_spec.rb b/spec/rubocop/cli/options_spec.rb
@@ -1005,7 +1005,8 @@ def on_send(node)
 
       expect(cli.run(['--format', 'emacs', '--display-style-guide', 'example1.rb'])).to eq(1)
 
-      output = "#{file}:1:6: C: Security/JSONLoad: Prefer `JSON.parse` over `JSON.load`. (#{url})"
+      output = "#{file}:1:6: C: [Correctable] Security/JSONLoad: " \
+               "Prefer `JSON.parse` over `JSON.load`. (#{url})"
       expect($stdout.string.lines.to_a[-1]).to eq([output, ''].join("\n"))
     end