Tweak specs for Security/YAMLLoad

koic · koic · commit 8acce2851bbd · 2024-02-29T18:07:43.000+09:00
Follow #10424. Ruby 3.1+ (Psych 4) uses `Psych.load` as `Psych.safe_load` by default. So, only Ruby 3.0 and earlier will be warned about using `YAML.load`.
diff --git a/spec/rubocop/cop/security/yaml_load_spec.rb b/spec/rubocop/cop/security/yaml_load_spec.rb
@@ -13,26 +13,28 @@
     expect_no_offenses('Module::YAML.load("foo")')
   end
 
-  it 'registers an offense and corrects load with a literal string' do
-    expect_offense(<<~RUBY)
-      YAML.load("--- !ruby/object:Foo {}")
-           ^^^^ Prefer using `YAML.safe_load` over `YAML.load`.
-    RUBY
+  context 'Ruby <= 3.0', :ruby30 do
+    it 'registers an offense and corrects load with a literal string' do
+      expect_offense(<<~RUBY)
+        YAML.load("--- !ruby/object:Foo {}")
+             ^^^^ Prefer using `YAML.safe_load` over `YAML.load`.
+      RUBY
 
-    expect_correction(<<~RUBY)
-      YAML.safe_load("--- !ruby/object:Foo {}")
-    RUBY
-  end
+      expect_correction(<<~RUBY)
+        YAML.safe_load("--- !ruby/object:Foo {}")
+      RUBY
+    end
 
-  it 'registers an offense and corrects a fully qualified ::YAML.load' do
-    expect_offense(<<~RUBY)
-      ::YAML.load("--- foo")
-             ^^^^ Prefer using `YAML.safe_load` over `YAML.load`.
-    RUBY
+    it 'registers an offense and corrects a fully qualified ::YAML.load' do
+      expect_offense(<<~RUBY)
+        ::YAML.load("--- foo")
+               ^^^^ Prefer using `YAML.safe_load` over `YAML.load`.
+      RUBY
 
-    expect_correction(<<~RUBY)
-      ::YAML.safe_load("--- foo")
-    RUBY
+      expect_correction(<<~RUBY)
+        ::YAML.safe_load("--- foo")
+      RUBY
+    end
   end
 
   # Ruby 3.1+ (Psych 4) uses `Psych.load` as `Psych.safe_load` by default.
