From d78513cb6ccfe10976cc433e2b421c30d06d19be Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Tue, 21 Feb 2017 18:42:22 -0600
Subject: [PATCH] Enable Security/JSONLoad
---
.rubocop.yml | 3 +++
.rubocop_todo.yml | 12 ------------
...1019190736_migrate_sidekiq_queues_from_default.rb | 2 +-
...1024042317_migrate_mailroom_queue_from_default.rb | 2 +-
...61124141322_migrate_process_commit_worker_jobs.rb | 4 ++--
.../migrate_process_commit_worker_jobs_spec.rb | 4 ++--
spec/models/project_services/irker_service_spec.rb | 2 +-
spec/support/stub_gitlab_calls.rb | 2 +-
8 files changed, 11 insertions(+), 20 deletions(-)
diff --git a/.rubocop.yml b/.rubocop.yml
index e0d65533bb5..f48ad41243f 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -944,6 +944,9 @@ Rails/TimeZone:
Rails/Validation:
Enabled: true
+Security/JSONLoad:
+ Enabled: true
+
Style/AlignParameters:
Enabled: false
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 37d05ac4509..ec9bd29f4ca 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -38,18 +38,6 @@ RSpec/SingleArgumentMessageChain:
Exclude:
- 'spec/requests/api/internal_spec.rb'
-# Offense count: 8
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect.
-Security/JSONLoad:
- Exclude:
- - 'db/migrate/20161019190736_migrate_sidekiq_queues_from_default.rb'
- - 'db/migrate/20161024042317_migrate_mailroom_queue_from_default.rb'
- - 'db/migrate/20161124141322_migrate_process_commit_worker_jobs.rb'
- - 'spec/migrations/migrate_process_commit_worker_jobs_spec.rb'
- - 'spec/models/project_services/irker_service_spec.rb'
- - 'spec/support/stub_gitlab_calls.rb'
-
# Offense count: 55
# Cop supports --auto-correct.
# Configuration parameters: EnforcedStyle, SupportedStyles.
diff --git a/db/migrate/20161019190736_migrate_sidekiq_queues_from_default.rb b/db/migrate/20161019190736_migrate_sidekiq_queues_from_default.rb
index 9730ebb8f8a..3a7acc84028 100644
--- a/db/migrate/20161019190736_migrate_sidekiq_queues_from_default.rb
+++ b/db/migrate/20161019190736_migrate_sidekiq_queues_from_default.rb
@@ -93,7 +93,7 @@ class MigrateSidekiqQueuesFromDefault < ActiveRecord::Migration
def migrate_from_queue(redis, queue, job_mapping)
while job = redis.lpop("queue:#{queue}")
- payload = JSON.load(job)
+ payload = JSON.parse(job)
new_queue = job_mapping[payload['class']]
# If we have no target queue to migrate to we're probably dealing with
diff --git a/db/migrate/20161024042317_migrate_mailroom_queue_from_default.rb b/db/migrate/20161024042317_migrate_mailroom_queue_from_default.rb
index 4167ccae39b..91d078f6293 100644
--- a/db/migrate/20161024042317_migrate_mailroom_queue_from_default.rb
+++ b/db/migrate/20161024042317_migrate_mailroom_queue_from_default.rb
@@ -47,7 +47,7 @@ class MigrateMailroomQueueFromDefault < ActiveRecord::Migration
def migrate_from_queue(redis, queue, job_mapping)
while job = redis.lpop("queue:#{queue}")
- payload = JSON.load(job)
+ payload = JSON.parse(job)
new_queue = job_mapping[payload['class']]
# If we have no target queue to migrate to we're probably dealing with
diff --git a/db/migrate/20161124141322_migrate_process_commit_worker_jobs.rb b/db/migrate/20161124141322_migrate_process_commit_worker_jobs.rb
index 633f57ef600..35697aab207 100644
--- a/db/migrate/20161124141322_migrate_process_commit_worker_jobs.rb
+++ b/db/migrate/20161124141322_migrate_process_commit_worker_jobs.rb
@@ -34,7 +34,7 @@ class MigrateProcessCommitWorkerJobs < ActiveRecord::Migration
new_jobs = []
while job = redis.lpop('queue:process_commit')
- payload = JSON.load(job)
+ payload = JSON.parse(job)
project = Project.find_including_path(payload['args'][0])
next unless project
@@ -75,7 +75,7 @@ class MigrateProcessCommitWorkerJobs < ActiveRecord::Migration
new_jobs = []
while job = redis.lpop('queue:process_commit')
- payload = JSON.load(job)
+ payload = JSON.parse(job)
payload['args'][2] = payload['args'][2]['id']
diff --git a/spec/migrations/migrate_process_commit_worker_jobs_spec.rb b/spec/migrations/migrate_process_commit_worker_jobs_spec.rb
index 6a93deb5412..b6d678bac18 100644
--- a/spec/migrations/migrate_process_commit_worker_jobs_spec.rb
+++ b/spec/migrations/migrate_process_commit_worker_jobs_spec.rb
@@ -62,7 +62,7 @@ describe MigrateProcessCommitWorkerJobs do
end
def pop_job
- JSON.load(Sidekiq.redis { |r| r.lpop('queue:process_commit') })
+ JSON.parse(Sidekiq.redis { |r| r.lpop('queue:process_commit') })
end
before do
@@ -198,7 +198,7 @@ describe MigrateProcessCommitWorkerJobs do
let(:job) do
migration.down
- JSON.load(Sidekiq.redis { |r| r.lpop('queue:process_commit') })
+ JSON.parse(Sidekiq.redis { |r| r.lpop('queue:process_commit') })
end
it 'includes the project ID' do
diff --git a/spec/models/project_services/irker_service_spec.rb b/spec/models/project_services/irker_service_spec.rb
index b9fb6f3f6f4..dd5400f937b 100644
--- a/spec/models/project_services/irker_service_spec.rb
+++ b/spec/models/project_services/irker_service_spec.rb
@@ -59,7 +59,7 @@ describe IrkerService, models: true do
conn = @irker_server.accept
conn.readlines.each do |line|
- msg = JSON.load(line.chomp("\n"))
+ msg = JSON.parse(line.chomp("\n"))
expect(msg.keys).to match_array(['to', 'privmsg'])
expect(msg['to']).to match_array(["irc://chat.freenode.net/#commits",
"irc://test.net/#test"])
diff --git a/spec/support/stub_gitlab_calls.rb b/spec/support/stub_gitlab_calls.rb
index 93f96cacc00..a01ef576234 100644
--- a/spec/support/stub_gitlab_calls.rb
+++ b/spec/support/stub_gitlab_calls.rb
@@ -35,7 +35,7 @@ module StubGitlabCalls
{ "tags" => tags }
)
allow_any_instance_of(ContainerRegistry::Client).to receive(:repository_manifest).and_return(
- JSON.load(File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'))
+ JSON.parse(File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'))
)
allow_any_instance_of(ContainerRegistry::Client).to receive(:blob).and_return(
File.read(Rails.root + 'spec/fixtures/container_registry/config_blob.json')
--
GitLab