lib/rails-settings/base.rb in rails-settings-cached-2.5.2 vs lib/rails-settings/base.rb in rails-settings-cached-2.5.3

@@ -2,15 +2,16 @@
 
 module RailsSettings
   class Base < ActiveRecord::Base
     class SettingNotFound < RuntimeError; end
 
-    SEPARATOR_REGEXP = /[\n,;]+/.freeze
+    SEPARATOR_REGEXP = /[\n,;]+/
     self.table_name = table_name_prefix + "settings"
 
     # get the value field, YAML decoded
     def value
+      # rubocop:disable Security/YAMLLoad
       YAML.load(self[:value]) if self[:value].present?
     end
 
     # set the value field, YAML encoded
     def value=(new_value)
@@ -71,11 +72,12 @@
           readonly: readonly.nil? ? false : readonly
         }
 
         if readonly
           define_singleton_method(key) do
-            send(:_convert_string_to_typeof_value, type, default, separator: separator)
+            result = default.is_a?(Proc) ? default.call : default
+            send(:_convert_string_to_typeof_value, type, result, separator: separator)
           end
         else
           define_singleton_method(key) do
             val = send(:_value_of, key)
             result = nil
@@ -128,16 +130,12 @@
           ["true", "1", 1, true].include?(value)
         when :array
           value.split(separator || SEPARATOR_REGEXP).reject { |str| str.empty? }.map(&:strip)
         when :hash
           value = begin
-            begin
-              YAML.load(value).to_h
-            rescue StandardError
-              eval(value).to_h
-            end
-          rescue StandardError
+            YAML.safe_load(value).to_h
+          rescue
             {}
           end
           value.deep_stringify_keys!
           ActiveSupport::HashWithIndifferentAccess.new(value)
         when :integer
@@ -161,25 +159,23 @@
         _all_settings[var_name]
       end
 
       def _table_exists?
         table_exists?
-      rescue => e
+      rescue
         false
       end
 
       def rails_initialized?
         Rails.application&.initialized?
       end
 
       def _all_settings
-        RequestCache.settings ||= begin
-          Rails.cache.fetch(cache_key, expires_in: 1.week) do
-            vars = unscoped.select("var, value")
-            result = {}
-            vars.each { |record| result[record.var] = record.value }
-            result.with_indifferent_access
-          end
+        RequestCache.settings ||= Rails.cache.fetch(cache_key, expires_in: 1.week) do
+          vars = unscoped.select("var, value")
+          result = {}
+          vars.each { |record| result[record.var] = record.value }
+          result.with_indifferent_access
         end
       end
     end
   end
 end