Security-YAMLLoad.md

Pattern: Use of YAML.load

Issue: -

Description

This rule checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Examples

# bad
YAML.load("--- foo")

# good
YAML.safe_load("--- foo")
YAML.dump("foo")

Further Reading

• Documentation for Ruby - YAML
• RuboCop - Security/YAMLLoad