lib/tasks_private/clean_yaml_files.rake
Remove redundant sort. Open
Open
Dir.glob(yaml_files).sort.each do |f|- Read upRead up
- Exclude checks
Sort globbed results by default in Ruby 3.0.
This cop checks for redundant sort method to Dir.glob and Dir[].
Safety:
This cop is unsafe, in case of having a file and a directory with
identical names, since directory will be loaded before the file, which
will break exe/files.rb that rely on exe.rb file.
Example:
# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end
Dir['./lib/**/*.rb'].sort.each do |file|
end
# good
Dir.glob('./lib/**/*.rb').each do |file|
end
Dir['./lib/**/*.rb'].each do |file|
endPrefer using YAML.safe_load over YAML.load. Open
Open
yaml_content = YAML.load(content).to_yaml- Read upRead up
- Exclude checks
Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.
Safety:
The behavior of the code might change depending on what was
in the YAML payload, since YAML.safe_load is more restrictive.
Example:
# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default
# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo]) # Ruby 2.5 (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.1+ (Psych 4)
YAML.dump(foo)