RubyGems - psych - Versions diffs - 3.1.0 → 3.2.0 - Mend

psych 3.1.0 → 3.2.0

Files changed (29) hide show

checksums.yaml +4 -4
data/Gemfile +6 -0
data/LICENSE +21 -0
data/README.md +0 -3
data/Rakefile +1 -15
data/ext/psych/depend +2 -0
data/ext/psych/extconf.rb +6 -2
data/ext/psych/psych.c +3 -3
data/ext/psych/psych_parser.c +20 -33
data/ext/psych/psych_yaml_tree.c +0 -12
data/ext/psych/yaml/api.c +22 -22
data/ext/psych/yaml/config.h +76 -6
data/ext/psych/yaml/dumper.c +1 -1
data/ext/psych/yaml/emitter.c +44 -10
data/ext/psych/yaml/loader.c +206 -106
data/ext/psych/yaml/parser.c +6 -1
data/ext/psych/yaml/scanner.c +43 -23
data/ext/psych/yaml/yaml.h +44 -30
data/ext/psych/yaml/yaml_private.h +3 -3
data/lib/psych.rb +10 -25
data/lib/psych/nodes/node.rb +2 -2
data/lib/psych/scalar_scanner.rb +23 -36
data/lib/psych/versions.rb +2 -2
data/lib/psych/visitors/to_ruby.rb +42 -11
data/lib/psych/visitors/yaml_tree.rb +29 -41
data/psych.gemspec +8 -15
metadata +9 -54
data/.travis.yml +0 -22
data/CHANGELOG.rdoc +0 -583

data/ext/psych/yaml/yaml_private.h CHANGED

@@ -3,7 +3,7 @@
 #endif
 #if HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
 #endif
 #include <yaml.h>
@@ -175,14 +175,14 @@ yaml_string_join(
  * Check the octet at the specified position.
  */
-#define CHECK_AT(string,octet,offset)                                           \
+#define CHECK_AT(string,octet,offset)                   \
     ((string).pointer[offset] == (yaml_char_t)(octet))
 /*
  * Check the current octet in the buffer.
  */
-#define CHECK(string,octet) CHECK_AT((string),(octet),0)
+#define CHECK(string,octet) (CHECK_AT((string),(octet),0))
 /*
  * Check if the character at the specified position is an alphabetical

data/lib/psych.rb CHANGED

@@ -10,11 +10,7 @@ when 'jruby'
     org.jruby.ext.psych.PsychLibrary.new.load(JRuby.runtime, false)
   end
 else
-  begin
-    require "#{RUBY_VERSION[/\d+\.\d+/]}/psych.so"
-  rescue LoadError
-    require 'psych.so'
-  end
+  require 'psych.so'
 end
 require 'psych/nodes'
 require 'psych/streaming'
@@ -268,7 +264,11 @@ module Psych
   #
   # Raises a TypeError when `yaml` parameter is NilClass
   #
-  def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false
+  # NOTE: This method *should not* be used to parse untrusted documents, such as
+  # YAML documents that are supplied via user input.  Instead, please use the
+  # safe_load method.
+  #
+  def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false, freeze: false
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
       filename = legacy_filename
@@ -276,8 +276,7 @@ module Psych
     result = parse(yaml, filename: filename)
     return fallback unless result
-    result = result.to_ruby if result
-    symbolize_names!(result) if symbolize_names
+    result = result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) if result
     result
   end
@@ -325,7 +324,7 @@ module Psych
   #   Psych.safe_load("---\n foo: bar")                         # => {"foo"=>"bar"}
   #   Psych.safe_load("---\n foo: bar", symbolize_names: true)  # => {:foo=>"bar"}
   #
-  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false
+  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false
     if legacy_permitted_classes != NOT_GIVEN
       warn_with_uplevel 'Passing permitted_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_classes: ...) instead.', uplevel: 1 if $VERBOSE
       permitted_classes = legacy_permitted_classes
@@ -353,12 +352,11 @@ module Psych
                                                permitted_symbols.map(&:to_s))
     scanner      = ScalarScanner.new class_loader
     visitor = if aliases
-                Visitors::ToRuby.new scanner, class_loader
+                Visitors::ToRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               else
-                Visitors::NoAliasRuby.new scanner, class_loader
+                Visitors::NoAliasRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               end
     result = visitor.accept result
-    symbolize_names!(result) if symbolize_names
     result
   end
@@ -604,19 +602,6 @@ module Psych
     @dump_tags[klass] = tag
   end
-  def self.symbolize_names!(result)
-    case result
-    when Hash
-      result.keys.each do |key|
-        result[key.to_sym] = symbolize_names!(result.delete(key))
-      end
-    when Array
-      result.map! { |r| symbolize_names!(r) }
-    end
-    result
-  end
-  private_class_method :symbolize_names!
   # Workaround for emulating `warn '...', uplevel: 1` in Ruby 2.4 or lower.
   def self.warn_with_uplevel(message, uplevel: 1)
     at = parse_caller(caller[uplevel]).join(':')

data/lib/psych/nodes/node.rb CHANGED

@@ -46,8 +46,8 @@ module Psych
       # Convert this node to Ruby.
       #
       # See also Psych::Visitors::ToRuby
-      def to_ruby
-        Visitors::ToRuby.create.accept(self)
+      def to_ruby(symbolize_names: false, freeze: false)
+        Visitors::ToRuby.create(symbolize_names: symbolize_names, freeze: freeze).accept(self)
       end
       alias :transform :to_ruby

data/lib/psych/scalar_scanner.rb CHANGED

@@ -14,16 +14,15 @@ module Psych
               |\.(nan|NaN|NAN)(?# not a number))$/x
     # Taken from http://yaml.org/type/int.html
-    INTEGER = /^(?:[-+]?0b[0-1_]+          (?# base 2)
-                  |[-+]?0[0-7_]+           (?# base 8)
-                  |[-+]?(?:0|[1-9][0-9_]*) (?# base 10)
-                  |[-+]?0x[0-9a-fA-F_]+    (?# base 16))$/x
+    INTEGER = /^(?:[-+]?0b[0-1_,]+          (?# base 2)
+                  |[-+]?0[0-7_,]+           (?# base 8)
+                  |[-+]?(?:0|[1-9][0-9_,]*) (?# base 10)
+                  |[-+]?0x[0-9a-fA-F_,]+    (?# base 16))$/x
     attr_reader :class_loader
     # Create a new scanner
     def initialize class_loader
-      @string_cache = {}
       @symbol_cache = {}
       @class_loader = class_loader
     end
@@ -31,81 +30,70 @@ module Psych
     # Tokenize +string+ returning the Ruby object
     def tokenize string
       return nil if string.empty?
-      return string if @string_cache.key?(string)
       return @symbol_cache[string] if @symbol_cache.key?(string)
-      case string
       # Check for a String type, being careful not to get caught by hash keys, hex values, and
       # special floats (e.g., -.inf).
-      when /^[^\d\.:-]?[A-Za-z_\s!@#\$%\^&\*\(\)\{\}\<\>\|\/\\~;=]+/, /\n/
-        if string.length > 5
-          @string_cache[string] = true
-          return string
-        end
+      if string.match?(/^[^\d\.:-]?[A-Za-z_\s!@#\$%\^&\*\(\)\{\}\<\>\|\/\\~;=]+/) || string.match?(/\n/)
+        return string if string.length > 5
-        case string
-        when /^[^ytonf~]/i
-          @string_cache[string] = true
+        if string.match?(/^[^ytonf~]/i)
           string
-        when '~', /^null$/i
+        elsif string == '~' || string.match?(/^null$/i)
           nil
-        when /^(yes|true|on)$/i
+        elsif string.match?(/^(yes|true|on)$/i)
           true
-        when /^(no|false|off)$/i
+        elsif string.match?(/^(no|false|off)$/i)
           false
         else
-          @string_cache[string] = true
           string
         end
-      when TIME
+      elsif string.match?(TIME)
         begin
           parse_time string
         rescue ArgumentError
           string
         end
-      when /^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/
+      elsif string.match?(/^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/)
         require 'date'
         begin
           class_loader.date.strptime(string, '%Y-%m-%d')
         rescue ArgumentError
           string
         end
-      when /^\.inf$/i
+      elsif string.match?(/^\.inf$/i)
         Float::INFINITY
-      when /^-\.inf$/i
+      elsif string.match?(/^-\.inf$/i)
         -Float::INFINITY
-      when /^\.nan$/i
+      elsif string.match?(/^\.nan$/i)
         Float::NAN
-      when /^:./
+      elsif string.match?(/^:./)
         if string =~ /^:(["'])(.*)\1/
           @symbol_cache[string] = class_loader.symbolize($2.sub(/^:/, ''))
         else
           @symbol_cache[string] = class_loader.symbolize(string.sub(/^:/, ''))
         end
-      when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}$/
+      elsif string.match?(/^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}$/)
         i = 0
         string.split(':').each_with_index do |n,e|
           i += (n.to_i * 60 ** (e - 2).abs)
         end
         i
-      when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}\.[0-9_]*$/
+      elsif string.match?(/^[-+]?[0-9][0-9_]*(:[0-5]?[0-9]){1,2}\.[0-9_]*$/)
         i = 0
         string.split(':').each_with_index do |n,e|
           i += (n.to_f * 60 ** (e - 2).abs)
         end
         i
-      when FLOAT
-        if string =~ /\A[-+]?\.\Z/
-          @string_cache[string] = true
+      elsif string.match?(FLOAT)
+        if string.match?(/\A[-+]?\.\Z/)
           string
         else
           Float(string.gsub(/[,_]|\.([Ee]|$)/, '\1'))
         end
+      elsif string.match?(INTEGER)
+        parse_int string
       else
-        int = parse_int string.gsub(/[,_]/, '')
-        return int if int
-        @string_cache[string] = true
         string
       end
     end
@@ -113,8 +101,7 @@ module Psych
     ###
     # Parse and return an int from +string+
     def parse_int string
-      return unless INTEGER === string
-      Integer(string)
+      Integer(string.gsub(/[,_]/, ''))
     end
     ###

data/lib/psych/versions.rb CHANGED

@@ -2,9 +2,9 @@
 # frozen_string_literal: true
 module Psych
   # The version of Psych you are using
-  VERSION = '3.1.0' unless defined?(::Psych::VERSION)
+  VERSION = '3.2.0'
   if RUBY_ENGINE == 'jruby'
-    DEFAULT_SNAKEYAML_VERSION = '1.23'.freeze
+    DEFAULT_SNAKEYAML_VERSION = '1.26'.freeze
   end
 end

data/lib/psych/visitors/to_ruby.rb CHANGED

@@ -12,34 +12,38 @@ module Psych
     ###
     # This class walks a YAML AST, converting each node to Ruby
     class ToRuby < Psych::Visitors::Visitor
-      def self.create
+      def self.create(symbolize_names: false, freeze: false)
         class_loader = ClassLoader.new
         scanner      = ScalarScanner.new class_loader
-        new(scanner, class_loader)
+        new(scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze)
       end
       attr_reader :class_loader
-      def initialize ss, class_loader
+      def initialize ss, class_loader, symbolize_names: false, freeze: false
         super()
         @st = {}
         @ss = ss
         @domain_types = Psych.domain_types
         @class_loader = class_loader
+        @symbolize_names = symbolize_names
+        @freeze = freeze
       end
       def accept target
         result = super
-        return result if @domain_types.empty? || !target.tag
-        key = target.tag.sub(/^[!\/]*/, '').sub(/(,\d+)\//, '\1:')
-        key = "tag:#{key}" unless key =~ /^(?:tag:|x-private)/
+        unless @domain_types.empty? || !target.tag
+          key = target.tag.sub(/^[!\/]*/, '').sub(/(,\d+)\//, '\1:')
+          key = "tag:#{key}" unless key =~ /^(?:tag:|x-private)/
-        if @domain_types.key? key
-          value, block = @domain_types[key]
-          return block.call value, result
+          if @domain_types.key? key
+            value, block = @domain_types[key]
+            result = block.call value, result
+          end
         end
+        result = deduplicate(result).freeze if @freeze
         result
       end
@@ -252,6 +256,8 @@ module Psych
           e = build_exception((resolve_class($1) || class_loader.exception),
                               h.delete('message'))
+          e.set_backtrace h.delete('backtrace') if h.key? 'backtrace'
           init_with(e, h, o)
         when '!set', 'tag:yaml.org,2002:set'
@@ -331,13 +337,12 @@ module Psych
         list
       end
-      SHOVEL = '<<'
       def revive_hash hash, o
         o.children.each_slice(2) { |k,v|
           key = accept(k)
           val = accept(v)
-          if key == SHOVEL && k.tag != "tag:yaml.org,2002:str"
+          if key == '<<' && k.tag != "tag:yaml.org,2002:str"
             case v
             when Nodes::Alias, Nodes::Mapping
               begin
@@ -359,6 +364,12 @@ module Psych
               hash[key] = val
             end
           else
+            if @symbolize_names
+              key = key.to_sym
+            elsif !@freeze
+              key = deduplicate(key)
+            end
             hash[key] = val
           end
@@ -366,6 +377,26 @@ module Psych
         hash
       end
+      if RUBY_VERSION < '2.7'
+        def deduplicate key
+          if key.is_a?(String)
+            # It is important to untaint the string, otherwise it won't
+            # be deduplicated into an fstring, but simply frozen.
+            -(key.untaint)
+          else
+            key
+          end
+        end
+      else
+        def deduplicate key
+          if key.is_a?(String)
+            -key
+          else
+            key
+          end
+        end
+      end
       def merge_key hash, key, val
       end

data/lib/psych/visitors/yaml_tree.rb CHANGED

@@ -181,41 +181,11 @@ module Psych
       end
       def visit_Exception o
-        tag = ['!ruby/exception', o.class.name].join ':'
-        @emitter.start_mapping nil, tag, false, Nodes::Mapping::BLOCK
-        {
-          'message'   => private_iv_get(o, 'mesg'),
-          'backtrace' => private_iv_get(o, 'backtrace'),
-        }.each do |k,v|
-          next unless v
-          @emitter.scalar k, nil, nil, true, false, Nodes::Scalar::ANY
-          accept v
-        end
-        dump_ivars o
-        @emitter.end_mapping
+        dump_exception o, o.message.to_s
       end
       def visit_NameError o
-        tag = ['!ruby/exception', o.class.name].join ':'
-        @emitter.start_mapping nil, tag, false, Nodes::Mapping::BLOCK
-        {
-          'message'   => o.message.to_s,
-          'backtrace' => private_iv_get(o, 'backtrace'),
-        }.each do |k,v|
-          next unless v
-          @emitter.scalar k, nil, nil, true, false, Nodes::Scalar::ANY
-          accept v
-        end
-        dump_ivars o
-        @emitter.end_mapping
+        dump_exception o, o.message.to_s
       end
       def visit_Regexp o
@@ -458,15 +428,6 @@ module Psych
           node = @emitter.start_mapping(nil, tag, false, Psych::Nodes::Mapping::BLOCK)
           register(o, node)
-          # Dump the elements
-          accept 'elements'
-          @emitter.start_mapping nil, nil, true, Nodes::Mapping::BLOCK
-          o.each do |k,v|
-            accept k
-            accept v
-          end
-          @emitter.end_mapping
           # Dump the ivars
           accept 'ivars'
           @emitter.start_mapping nil, nil, true, Nodes::Mapping::BLOCK
@@ -476,6 +437,15 @@ module Psych
           end
           @emitter.end_mapping
+          # Dump the elements
+          accept 'elements'
+          @emitter.start_mapping nil, nil, true, Nodes::Mapping::BLOCK
+          o.each do |k,v|
+            accept k
+            accept v
+          end
+          @emitter.end_mapping
           @emitter.end_mapping
         else
           tag = "!ruby/hash:#{o.class}"
@@ -492,6 +462,24 @@ module Psych
       def dump_list o
       end
+      def dump_exception o, msg
+        tag = ['!ruby/exception', o.class.name].join ':'
+        @emitter.start_mapping nil, tag, false, Nodes::Mapping::BLOCK
+        if msg
+          @emitter.scalar 'message', nil, nil, true, false, Nodes::Scalar::ANY
+          accept msg
+        end
+        @emitter.scalar 'backtrace', nil, nil, true, false, Nodes::Scalar::ANY
+        accept o.backtrace
+        dump_ivars o
+        @emitter.end_mapping
+      end
       def format_time time
         if time.utc?
           time.strftime("%Y-%m-%d %H:%M:%S.%9N Z")