WA-VERIFY-104: Audit Marshal.load usage (object injection hardening)

[kitcommerce]

Summary

Audit Marshal.load usage to ensure we never deserialize attacker-controlled data (object injection risk).

Approach

Run:

rg -n "\\bMarshal\\.load\\b|\\bMarshal\\.restore\\b" --glob "*.rb"

For each call site:

• Identify the data source (cache, DB field, cookie/session, params, file, external service)
• If there is any path from user-controlled input → Marshal.load, replace with a safe serialization format (JSON) or a constrained parser.
• If the data is strictly internal/trusted (e.g., cache written only by our process), add a brief trust-boundary comment.

Acceptance Criteria

• No Marshal.load on untrusted inputs
• Remaining usage has explicit trust-boundary comments
• Tests pass (default appraisal)

Verification Plan

• Update call sites as needed
• Run targeted tests for the touched area + bundle exec rake test (default)

[kitcommerce]

Dispatch: started implementation in batch with #1111-#1114 (session: workarea-impl-1111-1114-deserialization-audits).\n\nEarly push required (branch should be pushed immediately to avoid stale resets). PR will target .

[kitcommerce]

Correction: PR base/target branch is next.