safe_yaml vs rubocop #2009

mfazekas · 2015-07-03T07:08:02Z

In my rails project when i do rake rubocop it fails with An error occurred while Style/WordArray cop was inspecting .... When i do plain rubocop -d it work fine.

Some debugging showed this: My rails project uses rails_admin which loads safe_yaml. It looks safe_yaml disables regex loading of !ruby/regexp from yaml by default.

require 'yaml'
require 'safe_yaml'
YAML.safe_load("foo: !ruby/regexp '/bar/'\n",[Regexp])

Seems to be caused by this commit
36b857f

The text was updated successfully, but these errors were encountered:

mfazekas · 2015-07-03T07:19:04Z

Questions:

is this is a bug in safe_yaml (1.0.4)?
do rubocop need to use safe_load, at all?
would it be better for rubocop rake task to invoke rubocop in a subprocess to avoid execution in various potentially conflicting gems autoloaded rails

My workaround is:

  desc 'run rubocop'
  RuboCop::RakeTask.new(:rubocop) do |task|
    SafeYAML.whitelist!(Regexp) if Object.const_defined?('SafeYAML')
  end

…ml-is-loaded [Fix #2009] Use SafeYAML.whitelist! to allow deserialize Regexp when SafeYAML is required

mfazekas mentioned this issue Jul 3, 2015

safe_yaml vs Psych safe_load dtao/safe_yaml#78

Open

bbatsov closed this as completed in 2c32a61 Aug 20, 2015

bbatsov added a commit that referenced this issue Aug 20, 2015

Merge pull request #2159 from eitoball/fix-config_loader-when-safe_ya…

d7c4de0

…ml-is-loaded [Fix #2009] Use SafeYAML.whitelist! to allow deserialize Regexp when SafeYAML is required

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

safe_yaml vs rubocop #2009

safe_yaml vs rubocop #2009

mfazekas commented Jul 3, 2015

mfazekas commented Jul 3, 2015

safe_yaml vs rubocop #2009

safe_yaml vs rubocop #2009

Comments

mfazekas commented Jul 3, 2015

mfazekas commented Jul 3, 2015