dumped_railers 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +42 -0
- data/lib/dumped_railers/configuration.rb +12 -2
- data/lib/dumped_railers/file_helper.rb +2 -2
- data/lib/dumped_railers/import.rb +2 -2
- data/lib/dumped_railers/version.rb +1 -1
- data/lib/dumped_railers.rb +10 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c311dc2cc95619422567711140304a43f5e2851c1028a4c0f468b5f3ffdbe442
|
|
4
|
+
data.tar.gz: 1ea70f2788cfffda44f18433b36dd13302925f60c6894a3e628f264bc5d0161a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf2063fe3780b8a203d4131ed1a9d483c2497fe8ceacfa9e741358bcad6015857c404a8e4fd6ff105a63a71565cb596a447acbe6416c3dacf0def55d28b3e676
|
|
7
|
+
data.tar.gz: 0bf0d6f4ead5b7400d8dab700d3491804be5c526dbeab073569e241746029498b65bdd3c49a691ae2ad6d388d27221a507d75a3e069dc625d02d66dcf9bcbd23
|
data/CHANGELOG.md
CHANGED
|
@@ -62,3 +62,9 @@
|
|
|
62
62
|
### Changed
|
|
63
63
|
- require std gems (e.g. ostruct, forwardable). Users of dumped_railers are no longer need to require them.
|
|
64
64
|
- Added CI support against Ruby 3.3, 3.2, together with Rails 7.x, while dropping Ruby < 3.2, Rails < 6.1
|
|
65
|
+
|
|
66
|
+
## [0.6.0]
|
|
67
|
+
### Added
|
|
68
|
+
- Add new options to explicitly allow specific classes for YAML import.
|
|
69
|
+
### Changed
|
|
70
|
+
- Accept Date, Time, DateTIme together with the classes that are set as ActiveRecord.yaml_column_permitted_classes be default.
|
data/README.md
CHANGED
|
@@ -175,6 +175,48 @@ DumpedRailers.import!(fixture_path, before_save: before_callback, after_save: [a
|
|
|
175
175
|
|
|
176
176
|
`before_save` / `after_save` can accept both single and multiple (array) arguments.
|
|
177
177
|
|
|
178
|
+
### Deserializing Custom Classes with YAML
|
|
179
|
+
|
|
180
|
+
* YAML (Psych) does not permit to load random class objects for [security reasons](https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017).
|
|
181
|
+
* By default, DumpedRailers handles all the objects that Rails permitts (i.e. [ActiveRecord.yaml_column_permitted_classes](https://guides.rubyonrails.org/configuring.html#config-active-record-yaml-column-permitted-classes)), plus Time, Date, and DateTime.
|
|
182
|
+
* DumpedRailers raises `Psych::DisallowedClass` error when non-permitted classes are detected. If you want DumpedRailsers handle other classes, you could specify `yaml_column_permitted_classes` option with configurations or import method's arguments.
|
|
183
|
+
* *Please use this option with extra care* for security - again, it is recommended to use this for development purpose only.
|
|
184
|
+
|
|
185
|
+
```ruby
|
|
186
|
+
DumpedRailers.configure do |config|
|
|
187
|
+
config.ignorable_columns += [:published_on] # :published_on will be ignored *on top of* default settings.
|
|
188
|
+
end
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
#### Caveats
|
|
192
|
+
* If you wish to load Date, Time object, it would be easier to load it as a string. DumpedRailers will pass it to the specified ActiveRecord models and they typecast the raw string into the appropreate date/time object.
|
|
193
|
+
|
|
194
|
+
* below columns (published_date, published_time, first_drafted_at) all will be passed as a string (as the value is surrounded by the quotes). Strings will be interperted to apropreate column type with ActiveRecord.
|
|
195
|
+
|
|
196
|
+
```ruby
|
|
197
|
+
_fixture:
|
|
198
|
+
model_class: Article
|
|
199
|
+
fixture_generated_by: DumpedRailers
|
|
200
|
+
__article_1:
|
|
201
|
+
title: Harry Potter
|
|
202
|
+
published_date: '2024-03-01'
|
|
203
|
+
published_time: '10:00:00'
|
|
204
|
+
first_drafted_at: '2024-02-01T10:10:10+09:00'
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
* below fixture (without quotes) will be directly interperted to Date or Time via YAML module. It needs to have proper format that YAML can interpret.
|
|
208
|
+
|
|
209
|
+
```ruby
|
|
210
|
+
_fixture:
|
|
211
|
+
model_class: Article
|
|
212
|
+
fixture_generated_by: DumpedRailers
|
|
213
|
+
__article_1:
|
|
214
|
+
title: Harry Potter
|
|
215
|
+
published_date: 2024-03-01
|
|
216
|
+
published_time: 2000-01-01 10:00:00
|
|
217
|
+
first_drafted_at: 2024-02-01T10:10:10+09:00
|
|
218
|
+
```
|
|
219
|
+
|
|
178
220
|
### Configuration
|
|
179
221
|
|
|
180
222
|
* All the settings can be configured by either configuration (global) or arguments (at runtime).
|
|
@@ -5,7 +5,7 @@ require 'ostruct'
|
|
|
5
5
|
module DumpedRailers
|
|
6
6
|
module Configuration
|
|
7
7
|
extend Forwardable
|
|
8
|
-
def_delegators :@_config, :preprocessors, :ignorable_columns, :authorized_models
|
|
8
|
+
def_delegators :@_config, :preprocessors, :ignorable_columns, :authorized_models, :yaml_column_permitted_classes
|
|
9
9
|
|
|
10
10
|
def configure
|
|
11
11
|
yield config
|
|
@@ -17,10 +17,20 @@ module DumpedRailers
|
|
|
17
17
|
|
|
18
18
|
IGNORABLE_COLUMNS = %w[id created_at updated_at]
|
|
19
19
|
def configure_defaults!
|
|
20
|
+
default_yaml_column_permitted_classes =
|
|
21
|
+
# FIXME: this will be no longer needed when we drop support for older Rails versions
|
|
22
|
+
# https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
|
|
23
|
+
if ActiveRecord.respond_to?(:yaml_column_permitted_classes)
|
|
24
|
+
ActiveRecord.yaml_column_permitted_classes + [Date, Time, DateTime]
|
|
25
|
+
else
|
|
26
|
+
[Date, Time, DateTime]
|
|
27
|
+
end
|
|
28
|
+
|
|
20
29
|
clear_configuration!(
|
|
21
30
|
ignorable_columns: IGNORABLE_COLUMNS,
|
|
22
|
-
preprocessors:
|
|
31
|
+
preprocessors: [],
|
|
23
32
|
authorized_models: :any,
|
|
33
|
+
yaml_column_permitted_classes: default_yaml_column_permitted_classes,
|
|
24
34
|
)
|
|
25
35
|
end
|
|
26
36
|
|
|
@@ -5,7 +5,7 @@ require "yaml"
|
|
|
5
5
|
module DumpedRailers
|
|
6
6
|
module FileHelper
|
|
7
7
|
class << self
|
|
8
|
-
def read_fixtures(*paths)
|
|
8
|
+
def read_fixtures(*paths, yaml_column_permitted_classes: [])
|
|
9
9
|
yaml_files = paths.flat_map { |path|
|
|
10
10
|
if File.file?(path)
|
|
11
11
|
path
|
|
@@ -18,7 +18,7 @@ module DumpedRailers
|
|
|
18
18
|
|
|
19
19
|
yaml_files.map { |file|
|
|
20
20
|
raw_data = ::File.read(file)
|
|
21
|
-
YAML.
|
|
21
|
+
YAML.safe_load(raw_data, permitted_classes: yaml_column_permitted_classes)
|
|
22
22
|
}
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -6,14 +6,14 @@ module DumpedRailers
|
|
|
6
6
|
class Import
|
|
7
7
|
attr_reader :fixture_set
|
|
8
8
|
|
|
9
|
-
def initialize(*paths, authorized_models: [], before_save: [], after_save: [])
|
|
9
|
+
def initialize(*paths, authorized_models: [], before_save: [], after_save: [], yaml_column_permitted_classes: [])
|
|
10
10
|
@before_save = before_save
|
|
11
11
|
@after_save = after_save
|
|
12
12
|
|
|
13
13
|
if (paths.first.is_a? Hash)
|
|
14
14
|
@raw_fixtures = paths.first.values
|
|
15
15
|
else
|
|
16
|
-
@raw_fixtures = FileHelper.read_fixtures(*paths)
|
|
16
|
+
@raw_fixtures = FileHelper.read_fixtures(*paths, yaml_column_permitted_classes: yaml_column_permitted_classes)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
@fixture_set = RecordBuilder::FixtureSet.new(@raw_fixtures, authorized_models: authorized_models)
|
data/lib/dumped_railers.rb
CHANGED
|
@@ -24,13 +24,19 @@ module DumpedRailers
|
|
|
24
24
|
fixtures
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
def import!(*paths, authorized_models: nil, before_save: nil, after_save: nil)
|
|
27
|
+
def import!(*paths, authorized_models: nil, before_save: nil, after_save: nil, yaml_column_permitted_classes: [])
|
|
28
28
|
# make sure class-baseed caches starts with clean state
|
|
29
29
|
DumpedRailers::RecordBuilder::FixtureRow::RecordStore.clear!
|
|
30
30
|
DumpedRailers::RecordBuilder::DependencyTracker.clear!
|
|
31
31
|
|
|
32
32
|
# override global config settings when options are specified
|
|
33
|
-
runtime_options =
|
|
33
|
+
runtime_options =
|
|
34
|
+
{
|
|
35
|
+
authorized_models: authorized_models.presence,
|
|
36
|
+
yaml_column_permitted_classes: yaml_column_permitted_classes.presence,
|
|
37
|
+
}
|
|
38
|
+
.compact
|
|
39
|
+
.reverse_merge(import_options)
|
|
34
40
|
|
|
35
41
|
before_save = Array(before_save).compact
|
|
36
42
|
after_save = Array(after_save).compact
|
|
@@ -40,6 +46,7 @@ module DumpedRailers
|
|
|
40
46
|
authorized_models: runtime_options[:authorized_models],
|
|
41
47
|
before_save: before_save,
|
|
42
48
|
after_save: after_save,
|
|
49
|
+
yaml_column_permitted_classes: runtime_options[:yaml_column_permitted_classes]
|
|
43
50
|
)
|
|
44
51
|
fixture_handler.import_all!
|
|
45
52
|
end
|
|
@@ -55,7 +62,7 @@ module DumpedRailers
|
|
|
55
62
|
end
|
|
56
63
|
|
|
57
64
|
def import_options
|
|
58
|
-
options.slice(:authorized_models)
|
|
65
|
+
options.slice(:authorized_models, :yaml_column_permitted_classes)
|
|
59
66
|
end
|
|
60
67
|
end
|
|
61
68
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dumped_railers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Koji Onishi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|