ndr_support 5.9.7 → 5.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/code_safety.yml +4 -4
- data/lib/ndr_support/version.rb +1 -1
- data/lib/ndr_support/yaml/serialization_migration.rb +32 -5
- data/test/yaml/serialization_test.rb +39 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 452da481cc47dceb02b62e7eb832db07ba61985fb2cdc8267a40b6194d0ef108
|
|
4
|
+
data.tar.gz: e06b9a9845389b639c2fbe55aab1f4008d6dad69843a24113bf55b2b88fd7d56
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7d06a0fb2e4adae1cbc71b7e89fd4fc45b527a419ad313d6440dd199ddb845df637b4dd505dce4220dae16bc6f059e96a2faddc455c1901a54bd8acba86b4b3e
|
|
7
|
+
data.tar.gz: d5abcaa621cf18823123cd1241a519c2c2a9dd856ac6659a9f4d4497adcd11ec4b57beeade25c7e799b9924de02736344b91ef079b2bef5a65785a41a6d20333
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
* No unreleased changes
|
|
3
3
|
|
|
4
|
+
## 5.10.0 / 2023-11-17
|
|
5
|
+
## Changed
|
|
6
|
+
* Generate UTF-8 encoded YAML by default. Disable with `utf8_storage = false`
|
|
7
|
+
* Use `YAML.safe_load` by default. Override with
|
|
8
|
+
`self.yaml_safe_classes = yaml_safe_classes + [Klass1, Klass2]` and revert to
|
|
9
|
+
unsafe loading with `yaml_safe_classes = :unsafe` and `gem 'psych', '< 4'`
|
|
10
|
+
|
|
4
11
|
## 5.9.7 / 2023-11-16
|
|
5
12
|
## Fixed
|
|
6
13
|
* YAMLSupport should preserve escaped backslashes in YAML text
|
data/code_safety.yml
CHANGED
|
@@ -23,7 +23,7 @@ file safety:
|
|
|
23
23
|
CHANGELOG.md:
|
|
24
24
|
comments:
|
|
25
25
|
reviewed_by: brian.shand
|
|
26
|
-
safe_revision:
|
|
26
|
+
safe_revision: 646eaebdf824490150e991225f9e15abb67dd4c1
|
|
27
27
|
CODE_OF_CONDUCT.md:
|
|
28
28
|
comments:
|
|
29
29
|
reviewed_by: timgentry
|
|
@@ -171,7 +171,7 @@ file safety:
|
|
|
171
171
|
lib/ndr_support/version.rb:
|
|
172
172
|
comments:
|
|
173
173
|
reviewed_by: brian.shand
|
|
174
|
-
safe_revision:
|
|
174
|
+
safe_revision: 765520ebaf3652bed7105995c815afe681dd5363
|
|
175
175
|
lib/ndr_support/working_days.rb:
|
|
176
176
|
comments:
|
|
177
177
|
reviewed_by: josh.pencheon
|
|
@@ -179,7 +179,7 @@ file safety:
|
|
|
179
179
|
lib/ndr_support/yaml/serialization_migration.rb:
|
|
180
180
|
comments:
|
|
181
181
|
reviewed_by: brian.shand
|
|
182
|
-
safe_revision:
|
|
182
|
+
safe_revision: 646eaebdf824490150e991225f9e15abb67dd4c1
|
|
183
183
|
ndr_support.gemspec:
|
|
184
184
|
comments:
|
|
185
185
|
reviewed_by: brian.shand
|
|
@@ -283,4 +283,4 @@ file safety:
|
|
|
283
283
|
test/yaml/serialization_test.rb:
|
|
284
284
|
comments:
|
|
285
285
|
reviewed_by: brian.shand
|
|
286
|
-
safe_revision:
|
|
286
|
+
safe_revision: 646eaebdf824490150e991225f9e15abb67dd4c1
|
data/lib/ndr_support/version.rb
CHANGED
|
@@ -12,8 +12,29 @@ module NdrSupport
|
|
|
12
12
|
# accepted by load_yaml
|
|
13
13
|
YAML_SAFE_CLASSES = [Date, DateTime, Time, Symbol].freeze
|
|
14
14
|
|
|
15
|
+
# Set list of YAML safe classes, or :unsafe to use unsafe load
|
|
16
|
+
def yaml_safe_classes=(yaml_safe_classes)
|
|
17
|
+
@yaml_safe_classes = yaml_safe_classes
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def yaml_safe_classes
|
|
21
|
+
@yaml_safe_classes || YAML_SAFE_CLASSES
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Allow emitted YAML to contain UTF-8 characters
|
|
25
|
+
# Defaults to true. (Defaulted to false in ndr_support versions < 6)
|
|
26
|
+
def utf8_storage=(utf8_storage)
|
|
27
|
+
@utf8_storage = utf8_storage
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def utf8_storage
|
|
31
|
+
return @utf8_storage if @utf8_storage == false
|
|
32
|
+
|
|
33
|
+
true # New ndr_support default for versions >= 6, previously false
|
|
34
|
+
end
|
|
35
|
+
|
|
15
36
|
# Wrapper around: YAML.load(string)
|
|
16
|
-
def load_yaml(string, coerce_invalid_chars = false)
|
|
37
|
+
def load_yaml(string, coerce_invalid_chars = false) # rubocop:disable Style/OptionalBooleanParameter
|
|
17
38
|
fix_encoding!(string, coerce_invalid_chars)
|
|
18
39
|
|
|
19
40
|
# Achieve same behaviour using `syck` and `psych`:
|
|
@@ -21,10 +42,14 @@ module NdrSupport
|
|
|
21
42
|
fix_encoding!(string, coerce_invalid_chars)
|
|
22
43
|
|
|
23
44
|
# TODO: Bump NdrSupport major version, and switch to safe_load by default
|
|
24
|
-
object = if
|
|
45
|
+
object = if yaml_safe_classes == :unsafe
|
|
46
|
+
unless Psych::VERSION.start_with?('3.')
|
|
47
|
+
raise(SecurityError, 'Unsafe YAML no longer supported')
|
|
48
|
+
end
|
|
49
|
+
|
|
25
50
|
Psych.load(string)
|
|
26
51
|
else
|
|
27
|
-
Psych.safe_load(string, permitted_classes:
|
|
52
|
+
Psych.safe_load(string, permitted_classes: yaml_safe_classes)
|
|
28
53
|
end
|
|
29
54
|
|
|
30
55
|
# Ensure that any string related to the object
|
|
@@ -37,8 +62,10 @@ module NdrSupport
|
|
|
37
62
|
|
|
38
63
|
# Wrapper around: YAML.dump(object)
|
|
39
64
|
def dump_yaml(object)
|
|
40
|
-
|
|
41
|
-
|
|
65
|
+
return Psych.dump(object) if utf8_storage
|
|
66
|
+
|
|
67
|
+
# Psych produces UTF-8 encoded output; historically we
|
|
68
|
+
# preferred YAML that can be safely stored in stores with
|
|
42
69
|
# other encodings. If #load_yaml is used, the binary
|
|
43
70
|
# encoding of the object will be reversed on load.
|
|
44
71
|
Psych.dump binary_encode_any_high_ascii(object)
|
|
@@ -44,26 +44,60 @@ class SerializationTest < Minitest::Test
|
|
|
44
44
|
assert_yaml_coercion_behaviour
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
-
test 'dump_yaml should produce encoding-portable YAML' do
|
|
48
|
-
|
|
47
|
+
test 'dump_yaml with utf8_storage = false should produce encoding-portable YAML' do
|
|
48
|
+
self.utf8_storage = false
|
|
49
|
+
original_object = { basic: 'manana', complex: 'mañana' }
|
|
49
50
|
yaml_produced = dump_yaml(original_object)
|
|
50
51
|
reloaded_object = load_yaml(yaml_produced)
|
|
51
52
|
|
|
52
|
-
|
|
53
|
+
assert_match(/basic: manana/, yaml_produced, 'binary-encoded more than was necessary')
|
|
53
54
|
|
|
54
55
|
refute yaml_produced.bytes.detect { |byte| byte > 127 }, 'yaml has high-ascii'
|
|
55
56
|
assert reloaded_object.inspect.bytes.detect { |byte| byte > 127 }
|
|
56
57
|
assert_equal original_object, reloaded_object
|
|
57
58
|
end
|
|
58
59
|
|
|
59
|
-
test 'encoding-portable YAML should be loadable' do
|
|
60
|
-
|
|
60
|
+
test 'encoding-portable YAML with utf8_storage = false should be loadable' do
|
|
61
|
+
self.utf8_storage = false
|
|
62
|
+
original_object = { basic: 'manana', complex: 'mañana' }
|
|
61
63
|
yaml_produced = dump_yaml(original_object)
|
|
62
64
|
|
|
65
|
+
assert_equal("---\n:basic: manana\n:complex: !binary |-\n bWHDsWFuYQ==\n", yaml_produced)
|
|
66
|
+
|
|
67
|
+
reloaded_object = load_yaml(yaml_produced)
|
|
68
|
+
assert_equal original_object, reloaded_object
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
test 'non-encoding-portable YAML with utf8_storage = true should be loadable' do
|
|
72
|
+
self.utf8_storage = true
|
|
73
|
+
original_object = { basic: 'manana', complex: 'mañana' }
|
|
74
|
+
yaml_produced = dump_yaml(original_object)
|
|
75
|
+
assert_equal("---\n:basic: manana\n:complex: mañana\n", yaml_produced)
|
|
76
|
+
|
|
63
77
|
reloaded_object = load_yaml(yaml_produced)
|
|
64
78
|
assert_equal original_object, reloaded_object
|
|
65
79
|
end
|
|
66
80
|
|
|
81
|
+
test 'yaml_safe_classes should filter which classes can be loaded' do
|
|
82
|
+
original_object = { basic: 'manana', complex: 'mañana' }
|
|
83
|
+
yaml_produced = dump_yaml(original_object)
|
|
84
|
+
self.yaml_safe_classes = []
|
|
85
|
+
assert_raises Psych::DisallowedClass, 'Load should fail without Symbol in yaml_safe_classes' do
|
|
86
|
+
load_yaml(yaml_produced)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
self.yaml_safe_classes = [Symbol]
|
|
90
|
+
reloaded_object = load_yaml(yaml_produced)
|
|
91
|
+
assert_equal original_object, reloaded_object, 'Safe reload with Symbol class specified'
|
|
92
|
+
|
|
93
|
+
if Psych::VERSION.start_with?('3.')
|
|
94
|
+
# Not supported with Ruby >= 3.1 unless you force psych version < 4
|
|
95
|
+
self.yaml_safe_classes = :unsafe
|
|
96
|
+
reloaded_object = load_yaml(yaml_produced)
|
|
97
|
+
assert_equal original_object, reloaded_object, 'Unsafe reload with Symbol class'
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
67
101
|
test 'time-like objects should serialise correctly with psych' do
|
|
68
102
|
assert_timey_wimey_stuff
|
|
69
103
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ndr_support
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NCRS Development Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-11-
|
|
11
|
+
date: 2023-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|