Showing 3 of 3 total issues
Use newtype instead of data Open
Open
data Config = Config { _include_paths :: ![FilePath] } deriving (Generic, Show)
- Read upRead up
- Exclude checks
Found
data Config
= Config {_include_paths :: ![FilePath]}
deriving (Generic, Show)
Perhaps
newtype Config
= Config {_include_paths :: [FilePath]}
deriving (Generic, Show)
Use newtype instead of data Open
Open
data Content = Body T.Text deriving Show
- Read upRead up
- Exclude checks
Found
data Content
= Body T.Text
deriving Show
Perhaps
newtype Content
= Body T.Text
deriving Show
Applying this change:
- decreases laziness
Prefer using YAML.safe_load
over YAML.load
. Open
Open
old_env = YAML.load(File.read('env.yml'))
- Read upRead up
- Exclude checks
This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.
Example:
# bad
YAML.load("--- foo")
# good
YAML.safe_load("--- foo")
YAML.dump("foo")