Security-MarshalLoad.md

Pattern: Use of Marshal.*

Issue: -

Description

This rule checks for the use of Marshal class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Examples

# bad
Marshal.load("{}")
Marshal.restore("{}")

# good
Marshal.dump("{}")

# okish - deep copy hack
Marshal.load(Marshal.dump({}))

Further Reading

• Documentation for Ruby - Marshal.load
• RuboCop - Security/MarshalLoad