Fix Gitlab/JsonSafeParse: lib/bulk_imports/common/pipelines/lfs_objects_pipeline.rb

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Fix Gitlab/JsonSafeParse violations in this file by replacing Gitlab::Json.parse with Gitlab::Json.safe_parse.

Related MR: !215073 (merged)

Implementation Plan

A contributor needs to:

1. Replace Gitlab::Json.parse with Gitlab::Json.safe_parse in this file.

2. Verify with the MR reviewer that the new size and depth limits imposed by safe_parse do not break any existing functionalities. The safe_parse method includes built-in protections against:

   • Excessively large JSON payloads
   • Deeply nested JSON structures

   Ensure that legitimate use cases in this file are not affected by these limits.

References

To help you fix those violations, see the following guidance: https://gitlab.com/gitlab-org/gitlab/-/blob/18d80bbc5468cd2f987c5ea6abcf27709e40994a/.rubocop_todo/gitlab/json_safe_parse.yml

It is also recommended to read the following documentation on JsonParse:

• https://docs.gitlab.com/development/secure_coding_guidelines/#when-to-use-gitlabjsonparse