RubyGems - psych - Versions diffs - 3.1.0-java → 3.3.2-java - Mend

psych 3.1.0-java → 3.3.2-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/Gemfile +6 -0
data/LICENSE +21 -0
data/README.md +2 -5
data/Rakefile +8 -15
data/ext/java/org/jruby/ext/psych/PsychLibrary.java +25 -1
data/ext/java/org/jruby/ext/psych/PsychYamlTree.java +0 -8
data/ext/psych/depend +2 -0
data/ext/psych/extconf.rb +6 -2
data/ext/psych/psych.c +6 -3
data/ext/psych/psych_parser.c +20 -33
data/ext/psych/psych_yaml_tree.c +0 -12
data/ext/psych/yaml/api.c +22 -22
data/ext/psych/yaml/config.h +76 -6
data/ext/psych/yaml/dumper.c +1 -1
data/ext/psych/yaml/emitter.c +44 -10
data/ext/psych/yaml/loader.c +206 -106
data/ext/psych/yaml/parser.c +6 -1
data/ext/psych/yaml/scanner.c +45 -25
data/ext/psych/yaml/yaml.h +43 -29
data/ext/psych/yaml/yaml_private.h +4 -4
data/lib/psych.rb +72 -48
data/lib/psych/class_loader.rb +6 -4
data/lib/psych/handler.rb +1 -1
data/lib/psych/nodes/node.rb +2 -2
data/lib/psych/nodes/scalar.rb +1 -1
data/lib/psych/scalar_scanner.rb +23 -36
data/lib/psych/versions.rb +3 -3
data/lib/psych/visitors/to_ruby.rb +50 -17
data/lib/psych/visitors/visitor.rb +17 -3
data/lib/psych/visitors/yaml_tree.rb +32 -44
data/psych.gemspec +8 -16
metadata +7 -52
data/.travis.yml +0 -22
data/CHANGELOG.rdoc +0 -583

data/ext/psych/yaml/yaml_private.h CHANGED Viewed

@@ -2,8 +2,8 @@
 #include RUBY_EXTCONF_H
 #endif
-#if HAVE_CONFIG_H
-#include <config.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
 #endif
 #include <yaml.h>
@@ -175,14 +175,14 @@ yaml_string_join(
  * Check the octet at the specified position.
  */
-#define CHECK_AT(string,octet,offset)                                           \
+#define CHECK_AT(string,octet,offset)                   \
     ((string).pointer[offset] == (yaml_char_t)(octet))
 /*
  * Check the current octet in the buffer.
  */
-#define CHECK(string,octet) CHECK_AT((string),(octet),0)
+#define CHECK(string,octet) (CHECK_AT((string),(octet),0))
 /*
  * Check if the character at the specified position is an alphabetical

data/lib/psych.rb CHANGED Viewed

@@ -10,11 +10,7 @@ when 'jruby'
     org.jruby.ext.psych.PsychLibrary.new.load(JRuby.runtime, false)
   end
 else
-  begin
-    require "#{RUBY_VERSION[/\d+\.\d+/]}/psych.so"
-  rescue LoadError
-    require 'psych.so'
-  end
+  require 'psych.so'
 end
 require 'psych/nodes'
 require 'psych/streaming'
@@ -78,12 +74,15 @@ require 'psych/class_loader'
 #
 # ==== Reading from a string
 #
-#   Psych.load("--- a")             # => 'a'
-#   Psych.load("---\n - a\n - b")   # => ['a', 'b']
+#   Psych.safe_load("--- a")             # => 'a'
+#   Psych.safe_load("---\n - a\n - b")   # => ['a', 'b']
+#   # From a trusted string:
+#   Psych.load("--- !ruby/range\nbegin: 0\nend: 42\nexcl: false\n") # => 0..42
 #
 # ==== Reading from a file
 #
-#   Psych.load_file("database.yml")
+#   Psych.safe_load_file("data.yml", permitted_classes: [Date])
+#   Psych.load_file("trusted_database.yml")
 #
 # ==== Exception handling
 #
@@ -234,9 +233,9 @@ require 'psych/class_loader'
 module Psych
   # The version of libyaml Psych is using
-  LIBYAML_VERSION = Psych.libyaml_version.join '.'
+  LIBYAML_VERSION = Psych.libyaml_version.join('.').freeze
   # Deprecation guard
-  NOT_GIVEN = Object.new
+  NOT_GIVEN = Object.new.freeze
   private_constant :NOT_GIVEN
   ###
@@ -268,7 +267,11 @@ module Psych
   #
   # Raises a TypeError when `yaml` parameter is NilClass
   #
-  def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false
+  # NOTE: This method *should not* be used to parse untrusted documents, such as
+  # YAML documents that are supplied via user input.  Instead, please use the
+  # safe_load method.
+  #
+  def self.unsafe_load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false, freeze: false
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
       filename = legacy_filename
@@ -276,10 +279,9 @@ module Psych
     result = parse(yaml, filename: filename)
     return fallback unless result
-    result = result.to_ruby if result
-    symbolize_names!(result) if symbolize_names
-    result
+    result.to_ruby(symbolize_names: symbolize_names, freeze: freeze)
   end
+  class << self; alias :load :unsafe_load; end
   ###
   # Safely load the yaml string in +yaml+.  By default, only the following
@@ -325,7 +327,7 @@ module Psych
   #   Psych.safe_load("---\n foo: bar")                         # => {"foo"=>"bar"}
   #   Psych.safe_load("---\n foo: bar", symbolize_names: true)  # => {:foo=>"bar"}
   #
-  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false
+  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false
     if legacy_permitted_classes != NOT_GIVEN
       warn_with_uplevel 'Passing permitted_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_classes: ...) instead.', uplevel: 1 if $VERBOSE
       permitted_classes = legacy_permitted_classes
@@ -353,12 +355,11 @@ module Psych
                                                permitted_symbols.map(&:to_s))
     scanner      = ScalarScanner.new class_loader
     visitor = if aliases
-                Visitors::ToRuby.new scanner, class_loader
+                Visitors::ToRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               else
-                Visitors::NoAliasRuby.new scanner, class_loader
+                Visitors::NoAliasRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               end
     result = visitor.accept result
-    symbolize_names!(result) if symbolize_names
     result
   end
@@ -551,7 +552,7 @@ module Psych
   #   end
   #   list # => ['foo', 'bar']
   #
-  def self.load_stream yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: []
+  def self.load_stream yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: [], **kwargs
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load_stream is deprecated. Use keyword argument like Psych.load_stream(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
       filename = legacy_filename
@@ -559,10 +560,10 @@ module Psych
     result = if block_given?
                parse_stream(yaml, filename: filename) do |node|
-                 yield node.to_ruby
+                 yield node.to_ruby(**kwargs)
                end
              else
-               parse_stream(yaml, filename: filename).children.map(&:to_ruby)
+               parse_stream(yaml, filename: filename).children.map { |node| node.to_ruby(**kwargs) }
              end
     return fallback if result.is_a?(Array) && result.empty?
@@ -573,50 +574,50 @@ module Psych
   # Load the document contained in +filename+.  Returns the yaml contained in
   # +filename+ as a Ruby object, or if the file is empty, it returns
   # the specified +fallback+ return value, which defaults to +false+.
-  def self.load_file filename, fallback: false
+  #
+  # NOTE: This method *should not* be used to parse untrusted documents, such as
+  # YAML documents that are supplied via user input.  Instead, please use the
+  # safe_load_file method.
+  def self.unsafe_load_file filename, **kwargs
+    File.open(filename, 'r:bom|utf-8') { |f|
+      self.unsafe_load f, filename: filename, **kwargs
+    }
+  end
+  class << self; alias :load_file :unsafe_load_file; end
+  ###
+  # Safely loads the document contained in +filename+.  Returns the yaml contained in
+  # +filename+ as a Ruby object, or if the file is empty, it returns
+  # the specified +fallback+ return value, which defaults to +false+.
+  # See safe_load for options.
+  def self.safe_load_file filename, **kwargs
     File.open(filename, 'r:bom|utf-8') { |f|
-      self.load f, filename: filename, fallback: fallback
+      self.safe_load f, filename: filename, **kwargs
     }
   end
   # :stopdoc:
-  @domain_types = {}
   def self.add_domain_type domain, type_tag, &block
     key = ['tag', domain, type_tag].join ':'
-    @domain_types[key] = [key, block]
-    @domain_types["tag:#{type_tag}"] = [key, block]
+    domain_types[key] = [key, block]
+    domain_types["tag:#{type_tag}"] = [key, block]
   end
   def self.add_builtin_type type_tag, &block
     domain = 'yaml.org,2002'
     key = ['tag', domain, type_tag].join ':'
-    @domain_types[key] = [key, block]
+    domain_types[key] = [key, block]
   end
   def self.remove_type type_tag
-    @domain_types.delete type_tag
+    domain_types.delete type_tag
   end
-  @load_tags = {}
-  @dump_tags = {}
   def self.add_tag tag, klass
-    @load_tags[tag] = klass.name
-    @dump_tags[klass] = tag
+    load_tags[tag] = klass.name
+    dump_tags[klass] = tag
   end
-  def self.symbolize_names!(result)
-    case result
-    when Hash
-      result.keys.each do |key|
-        result[key.to_sym] = symbolize_names!(result.delete(key))
-      end
-    when Array
-      result.map! { |r| symbolize_names!(r) }
-    end
-    result
-  end
-  private_class_method :symbolize_names!
   # Workaround for emulating `warn '...', uplevel: 1` in Ruby 2.4 or lower.
   def self.warn_with_uplevel(message, uplevel: 1)
     at = parse_caller(caller[uplevel]).join(':')
@@ -633,9 +634,32 @@ module Psych
   private_class_method :warn_with_uplevel, :parse_caller
   class << self
-    attr_accessor :load_tags
-    attr_accessor :dump_tags
-    attr_accessor :domain_types
+    if defined?(Ractor)
+      require 'forwardable'
+      extend Forwardable
+      class Config
+        attr_accessor :load_tags, :dump_tags, :domain_types
+        def initialize
+          @load_tags = {}
+          @dump_tags = {}
+          @domain_types = {}
+        end
+      end
+      def config
+        Ractor.current[:PsychConfig] ||= Config.new
+      end
+      def_delegators :config, :load_tags, :dump_tags, :domain_types, :load_tags=, :dump_tags=, :domain_types=
+    else
+      attr_accessor :load_tags
+      attr_accessor :dump_tags
+      attr_accessor :domain_types
+    end
   end
+  self.load_tags = {}
+  self.dump_tags = {}
+  self.domain_types = {}
   # :startdoc:
 end

data/lib/psych/class_loader.rb CHANGED Viewed

@@ -35,9 +35,11 @@ module Psych
     constants.each do |const|
       konst = const_get const
-      define_method(const.to_s.downcase) do
-        load konst
-      end
+      class_eval <<~RUBY
+        def #{const.to_s.downcase}
+          load #{konst.inspect}
+        end
+      RUBY
     end
     private
@@ -69,7 +71,7 @@ module Psych
       rescue
         nil
       end
-    }.compact]
+    }.compact].freeze
     class Restricted < ClassLoader
       def initialize classes, symbols

data/lib/psych/handler.rb CHANGED Viewed

@@ -119,7 +119,7 @@ module Psych
     # +tag+ is an associated tag or nil
     # +plain+ is a boolean value
     # +quoted+ is a boolean value
-    # +style+ is an integer idicating the string style
+    # +style+ is an integer indicating the string style
     #
     # See the constants in Psych::Nodes::Scalar for the possible values of
     # +style+

data/lib/psych/nodes/node.rb CHANGED Viewed

@@ -46,8 +46,8 @@ module Psych
       # Convert this node to Ruby.
       #
       # See also Psych::Visitors::ToRuby
-      def to_ruby
-        Visitors::ToRuby.create.accept(self)
+      def to_ruby(symbolize_names: false, freeze: false)
+        Visitors::ToRuby.create(symbolize_names: symbolize_names, freeze: freeze).accept(self)
       end
       alias :transform :to_ruby

data/lib/psych/nodes/scalar.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module Psych
       # +tag+ is an associated tag or nil
       # +plain+ is a boolean value
       # +quoted+ is a boolean value
-      # +style+ is an integer idicating the string style
+      # +style+ is an integer indicating the string style
       #
       # == See Also
       #

data/lib/psych/scalar_scanner.rb CHANGED Viewed

@@ -14,16 +14,15 @@ module Psych
               |\.(nan|NaN|NAN)(?# not a number))$/x
     # Taken from http://yaml.org/type/int.html
-    INTEGER = /^(?:[-+]?0b[0-1_]+          (?# base 2)
-                  |[-+]?0[0-7_]+           (?# base 8)
-                  |[-+]?(?:0|[1-9][0-9_]*) (?# base 10)
-                  |[-+]?0x[0-9a-fA-F_]+    (?# base 16))$/x
+    INTEGER = /^(?:[-+]?0b[0-1_,]+          (?# base 2)
+                  |[-+]?0[0-7_,]+           (?# base 8)
+                  |[-+]?(?:0|[1-9][0-9_,]*) (?# base 10)
+                  |[-+]?0x[0-9a-fA-F_,]+    (?# base 16))$/x
     attr_reader :class_loader
     # Create a new scanner
     def initialize class_loader
-      @string_cache = {}
       @symbol_cache = {}
       @class_loader = class_loader
     end
@@ -31,81 +30,70 @@ module Psych
     # Tokenize +string+ returning the Ruby object
     def tokenize string
       return nil if string.empty?
-      return string if @string_cache.key?(string)
       return @symbol_cache[string] if @symbol_cache.key?(string)
-      case string
       # Check for a String type, being careful not to get caught by hash keys, hex values, and
       # special floats (e.g., -.inf).
-      when /^[^\d\.:-]?[A-Za-z_\s!@#\$%\^&\*\(\)\{\}\<\>\|\/\\~;=]+/, /\n/
-        if string.length > 5
-          @string_cache[string] = true
-          return string
-        end
+      if string.match?(/^[^\d\.:-]?[A-Za-z_\s!@#\$%\^&\*\(\)\{\}\<\>\|\/\\~;=]+/) || string.match?(/\n/)
+        return string if string.length > 5
-        case string
-        when /^[^ytonf~]/i
-          @string_cache[string] = true
+        if string.match?(/^[^ytonf~]/i)
           string
-        when '~', /^null$/i
+        elsif string == '~' || string.match?(/^null$/i)
           nil
-        when /^(yes|true|on)$/i
+        elsif string.match?(/^(yes|true|on)$/i)
           true
-        when /^(no|false|off)$/i
+        elsif string.match?(/^(no|false|off)$/i)
           false
         else
-          @string_cache[string] = true
           string
         end
-      when TIME
+      elsif string.match?(TIME)
         begin
           parse_time string
         rescue ArgumentError
           string
         end
-      when /^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/
+      elsif string.match?(/^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/)
         require 'date'
         begin
           class_loader.date.strptime(string, '%Y-%m-%d')
         rescue ArgumentError
           string
         end
-      when /^\.inf$/i
+      elsif string.match?(/^\.inf$/i)
         Float::INFINITY
-      when /^-\.inf$/i
+      elsif string.match?(/^-\.inf$/i)
         -Float::INFINITY
-      when /^\.nan$/i
+      elsif string.match?(/^\.nan$/i)
         Float::NAN
-      when /^:./
+      elsif string.match?(/^:./)
         if string =~ /^:(["'])(.*)\1/
           @symbol_cache[string] = class_loader.symbolize($2.sub(/^:/, ''))
         else
           @symbol_cache[string] = class_loader.symbolize(string.sub(/^:/, ''))
         end
-      when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}$/
+      elsif string.match?(/^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}$/)
         i = 0
         string.split(':').each_with_index do |n,e|
           i += (n.to_i * 60 ** (e - 2).abs)
         end
         i
-      when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}\.[0-9_]*$/
+      elsif string.match?(/^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}\.[0-9_]*$/)
         i = 0
         string.split(':').each_with_index do |n,e|
           i += (n.to_f * 60 ** (e - 2).abs)
         end
         i
-      when FLOAT
-        if string =~ /\A[-+]?\.\Z/
-          @string_cache[string] = true
+      elsif string.match?(FLOAT)
+        if string.match?(/\A[-+]?\.\Z/)
           string
         else
           Float(string.gsub(/[,_]|\.([Ee]|$)/, '\1'))
         end
+      elsif string.match?(INTEGER)
+        parse_int string
       else
-        int = parse_int string.gsub(/[,_]/, '')
-        return int if int
-        @string_cache[string] = true
         string
       end
     end
@@ -113,8 +101,7 @@ module Psych
     ###
     # Parse and return an int from +string+
     def parse_int string
-      return unless INTEGER === string
-      Integer(string)
+      Integer(string.gsub(/[,_]/, ''))
     end
     ###

data/lib/psych/versions.rb CHANGED Viewed

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 module Psych
   # The version of Psych you are using
-  VERSION = '3.1.0' unless defined?(::Psych::VERSION)
+  VERSION = '3.3.2'
   if RUBY_ENGINE == 'jruby'
-    DEFAULT_SNAKEYAML_VERSION = '1.23'.freeze
+    DEFAULT_SNAKEYAML_VERSION = '1.28'.freeze
   end
 end