lib/extensions/descendant_loader.rb from ManageIQ/manageiq

lib/extensions/descendant_loader.rb

Summary

Maintainability

0 mins

Test Coverage

83%

Use `filter_map` instead.
Open

      classes.map do |(scopes, (_, name, sklass))|
        next unless sklass

        scope_names = scopes.map { |s| flatten_name(s) }
        search_combos = name_combinations(scope_names)

Found in lib/extensions/descendant_loader.rb by rubocop

Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Prefer using `YAML.safe_load` over `YAML.load`.
Open

        YAML.load(f.read)

Found in lib/extensions/descendant_loader.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

ManageIQ/manageiq

Summary

Maintainability

Test Coverage

Use `filter_map` instead.
Open

Prefer using `YAML.safe_load` over `YAML.load`.
Open

Safety:

Example:

There are no issues that match your filters.

Category

Status

ManageIQ/manageiq

Summary

Maintainability

Test Coverage

Use filter_map instead. Open

Prefer using YAML.safe_load over YAML.load. Open

Safety:

Example:

There are no issues that match your filters.

Category

Status

Use `filter_map` instead.
Open

Prefer using `YAML.safe_load` over `YAML.load`.
Open