WA-VERIFY-103: Audit YAML.load usage (safe_load + trust boundaries)

[kitcommerce]

Summary

Audit for unsafe YAML deserialization (YAML.load, YAML.load_file) as part of Rails 7 + Ruby/Psych upgrades.

Approach

Run:

rg -n "\\bYAML\\.load\\b|\\bYAML\\.load_file\\b" --glob "*.rb"

For each call site:

• Determine whether the YAML input is trusted (static config under our control) or untrusted (user-supplied, HTTP params, file uploads, external feeds).
• If untrusted or ambiguous, replace with YAML.safe_load and explicitly list permitted classes/symbols.
• If trusted and intentionally using YAML.load, add an inline comment explaining why the input is trusted and bounded.

Acceptance Criteria

• No unsafe YAML deserialization from untrusted inputs
• Any remaining YAML.load* usage is explicitly justified with a trust boundary comment
• Test suite passes (default appraisal)

Verification Plan

• Run the grep above and patch call sites
• Run: bundle exec rake test (affected engine(s) or default)

[kitcommerce]

Dispatch: started implementation in batch with #1111-#1114 (session: workarea-impl-1111-1114-deserialization-audits).\n\nEarly push required (branch should be pushed immediately to avoid stale resets). PR will target .

[kitcommerce]

Correction: PR base/target branch is next.