psych 1.1.0 → 1.1.1

data/Manifest.txt

@@ -78,6 +78,7 @@ test/psych/test_stream.rb
 test/psych/test_string.rb
 test/psych/test_struct.rb
 test/psych/test_symbol.rb
+test/psych/test_tainted.rb
 test/psych/test_to_yaml_properties.rb
 test/psych/test_tree_builder.rb
 test/psych/test_yaml.rb

data/ext/psych/parser.c

@@ -73,6 +73,7 @@ static VALUE parse(VALUE self, VALUE yaml)
     yaml_parser_t * parser;
     yaml_event_t event;
     int done = 0;
+    int tainted = 0;
 #ifdef HAVE_RUBY_ENCODING_H
     int encoding = rb_utf8_encindex();
     rb_encoding * internal_enc = rb_default_internal_encoding();
@@ -81,8 +82,11 @@ static VALUE parse(VALUE self, VALUE yaml)
 
     Data_Get_Struct(self, yaml_parser_t, parser);
 
+    if (OBJ_TAINTED(yaml)) tainted = 1;
+
     if(rb_respond_to(yaml, id_read)) {
 	yaml_parser_set_input(parser, io_reader, (void *)yaml);
+	if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1;
     } else {
 	StringValue(yaml);
 	yaml_parser_set_input_string(
@@ -140,6 +144,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 			VALUE prefix = Qnil;
 			if(start->handle) {
 			    handle = rb_str_new2((const char *)start->handle);
+			    if (tainted) OBJ_TAINT(handle);
 #ifdef HAVE_RUBY_ENCODING_H
 			    PSYCH_TRANSCODE(handle, encoding, internal_enc);
 #endif
@@ -147,6 +152,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 
 			if(start->prefix) {
 			    prefix = rb_str_new2((const char *)start->prefix);
+			    if (tainted) OBJ_TAINT(prefix);
 #ifdef HAVE_RUBY_ENCODING_H
 			    PSYCH_TRANSCODE(prefix, encoding, internal_enc);
 #endif
@@ -171,6 +177,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 		VALUE alias = Qnil;
 		if(event.data.alias.anchor) {
 		    alias = rb_str_new2((const char *)event.data.alias.anchor);
+		    if (tainted) OBJ_TAINT(alias);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(alias, encoding, internal_enc);
 #endif
@@ -188,6 +195,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 		    (const char *)event.data.scalar.value,
 		    (long)event.data.scalar.length
 		    );
+		if (tainted) OBJ_TAINT(val);
 
 #ifdef HAVE_RUBY_ENCODING_H
 		PSYCH_TRANSCODE(val, encoding, internal_enc);
@@ -195,6 +203,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 
 		if(event.data.scalar.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.scalar.anchor);
+		    if (tainted) OBJ_TAINT(anchor);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 #endif
@@ -202,6 +211,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 
 		if(event.data.scalar.tag) {
 		    tag = rb_str_new2((const char *)event.data.scalar.tag);
+		    if (tainted) OBJ_TAINT(tag);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 #endif
@@ -226,6 +236,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 		VALUE implicit, style;
 		if(event.data.sequence_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.sequence_start.anchor);
+		    if (tainted) OBJ_TAINT(anchor);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 #endif
@@ -234,6 +245,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 		tag = Qnil;
 		if(event.data.sequence_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.sequence_start.tag);
+		    if (tainted) OBJ_TAINT(tag);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 #endif
@@ -258,6 +270,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 		VALUE implicit, style;
 		if(event.data.mapping_start.anchor) {
 		    anchor = rb_str_new2((const char *)event.data.mapping_start.anchor);
+		    if (tainted) OBJ_TAINT(anchor);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(anchor, encoding, internal_enc);
 #endif
@@ -265,6 +278,7 @@ static VALUE parse(VALUE self, VALUE yaml)
 
 		if(event.data.mapping_start.tag) {
 		    tag = rb_str_new2((const char *)event.data.mapping_start.tag);
+		    if (tainted) OBJ_TAINT(tag);
 #ifdef HAVE_RUBY_ENCODING_H
 		    PSYCH_TRANSCODE(tag, encoding, internal_enc);
 #endif

data/lib/psych.rb

@@ -90,7 +90,7 @@ require 'psych/json'
 
 module Psych
   # The version is Psych you're using
-  VERSION         = '1.1.0'
+  VERSION         = '1.1.1'
 
   # The version of libyaml Psych is using
   LIBYAML_VERSION = Psych.libyaml_version.join '.'

data/lib/psych/scalar_scanner.rb

@@ -80,10 +80,10 @@ module Psych
     def parse_time string
       date, time = *(string.split(/[ tT]/, 2))
       (yy, m, dd) = date.split('-').map { |x| x.to_i }
-      md = time.match(/(\d+:\d+:\d+)(\.\d*)?\s*(Z|[-+]\d+(:\d\d)?)?/)
+      md = time.match(/(\d+:\d+:\d+)(?:\.(\d*))?\s*(Z|[-+]\d+(:\d\d)?)?/)
 
       (hh, mm, ss) = md[1].split(':').map { |x| x.to_i }
-      us = (md[2] ? Rational(md[2].sub(/^\./, '0.')) : 0) * 1000000
+      us = (md[2] ? Rational("0.#{md[2]}") : 0) * 1000000
 
       time = Time.utc(yy, m, dd, hh, mm, ss, us)
 

data/lib/psych/visitors/yaml_tree.rb

@@ -297,7 +297,7 @@ module Psych
       private
       def format_time time
         if time.utc?
-          time.strftime("%Y-%m-%d %H:%M:%S.%9NZ")
+          time.strftime("%Y-%m-%d %H:%M:%S.%9N Z")
         else
           time.strftime("%Y-%m-%d %H:%M:%S.%9N %:z")
         end

data/test/psych/json/test_stream.rb

@@ -95,7 +95,7 @@ module Psych
         time = Time.utc(2010, 10, 10)
         @stream.push({'a' => time })
         json = @io.string
-        assert_match "{\"a\": \"2010-10-10 00:00:00.000000000Z\"}\n", json
+        assert_match "{\"a\": \"2010-10-10 00:00:00.000000000 Z\"}\n", json
       end
 
       def test_datetime

data/test/psych/test_json_tree.rb

@@ -53,7 +53,7 @@ module Psych
 
     def test_time
       time = Time.utc(2010, 10, 10)
-      assert_equal "{\"a\": \"2010-10-10 00:00:00.000000000Z\"}\n",
+      assert_equal "{\"a\": \"2010-10-10 00:00:00.000000000 Z\"}\n",
 Psych.to_json({'a' => time })
     end
 

data/test/psych/test_tainted.rb

@@ -0,0 +1,128 @@
+require 'psych/helper'
+
+module Psych
+  class TestStringTainted < TestCase
+    class Tainted < Handler
+      attr_reader :tc
+
+      def initialize tc
+        @tc = tc
+      end
+
+      def start_document version, tags, implicit
+        tags.flatten.each do |tag|
+          assert_taintedness tag
+        end
+      end
+
+      def alias name
+        assert_taintedness name
+      end
+
+      def scalar value, anchor, tag, plain, quoted, style
+        assert_taintedness value
+        assert_taintedness tag if tag
+        assert_taintedness anchor if anchor
+      end
+
+      def start_sequence anchor, tag, implicit, style
+        assert_taintedness tag if tag
+        assert_taintedness anchor if anchor
+      end
+
+      def start_mapping anchor, tag, implicit, style
+        assert_taintedness tag if tag
+        assert_taintedness anchor if anchor
+      end
+
+      def assert_taintedness thing, message = "'#{thing}' should be tainted"
+        tc.assert thing.tainted?, message
+      end
+    end
+
+    class Untainted < Tainted
+      def assert_taintedness thing, message = "'#{thing}' should not be tainted"
+        tc.assert !thing.tainted?, message
+      end
+    end
+
+
+    def setup
+      handler = Tainted.new self
+      @parser = Psych::Parser.new handler
+    end
+
+    def test_tags_are_tainted
+      assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\""
+    end
+
+    def test_alias
+      assert_taintedness  "--- &ponies\n- foo\n- *ponies"
+    end
+
+    def test_scalar
+      assert_taintedness "--- ponies"
+    end
+
+    def test_anchor
+      assert_taintedness "--- &hi ponies"
+    end
+
+    def test_scalar_tag
+      assert_taintedness "--- !str ponies"
+    end
+
+    def test_seq_start_tag
+      assert_taintedness "--- !!seq [ a ]"
+    end
+
+    def test_seq_start_anchor
+      assert_taintedness "--- &zomg [ a ]"
+    end
+
+    def test_seq_mapping_tag
+      assert_taintedness "--- !!map { a: b }"
+    end
+
+    def test_seq_mapping_anchor
+      assert_taintedness "--- &himom { a: b }"
+    end
+
+    def assert_taintedness string
+      @parser.parse string.taint
+    end
+  end
+
+  class TestStringUntainted < TestStringTainted
+    def setup
+      handler = Untainted.new self
+      @parser = Psych::Parser.new handler
+    end
+
+    def assert_taintedness string
+      @parser.parse string
+    end
+  end
+
+  class TestStringIOUntainted < TestStringTainted
+    def setup
+      handler = Untainted.new self
+      @parser = Psych::Parser.new handler
+    end
+
+    def assert_taintedness string
+      @parser.parse StringIO.new(string)
+    end
+  end
+
+  class TestIOTainted < TestStringTainted
+    def assert_taintedness string
+      t = Tempfile.new(['something', 'yml'])
+      t.binmode
+      t.write string
+      t.close
+      File.open(t.path) { |f| @parser.parse f }
+      t.close(true)
+    end
+  end
+end

data/test/psych/test_yaml.rb

@@ -14,6 +14,12 @@ class Psych_Unit_Tests < Psych::TestCase
         Psych.domain_types.clear
     end
 
+    def test_syck_compat
+      time = Time.utc(2010, 10, 10)
+      yaml = Psych.dump time
+      assert_match "2010-10-10 00:00:00.000000000 Z", yaml
+    end
+
     # [ruby-core:34969]
     def test_regexp_with_n
         assert_cycle(Regexp.new('',0,'n'))

metadata

@@ -1,71 +1,55 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: psych
-version: !ruby/object:Gem::Version 
-  hash: 19
+version: !ruby/object:Gem::Version
+  version: 1.1.1
   prerelease: 
-  segments: 
-  - 1
-  - 1
-  - 0
-  version: 1.1.0
 platform: ruby
-authors: 
+authors:
 - Aaron Patterson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-03-30 00:00:00 -07:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2011-05-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rake-compiler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &2153250500 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 0
-        - 4
-        - 1
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.4.1
   type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: hoe
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *2153250500
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: &2153250040 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 41
-        segments: 
-        - 2
-        - 9
-        - 1
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.9.1
   type: :development
-  version_requirements: *id002
-description: |-
-  Psych is a YAML parser and emitter.  Psych leverages libyaml[http://libyaml.org]
-  for it's YAML parsing and emitting capabilities.  In addition to wrapping
+  prerelease: false
+  version_requirements: *2153250040
+description: ! 'Psych is a YAML parser and emitter.  Psych leverages libyaml[http://libyaml.org]
+
+  for it''s YAML parsing and emitting capabilities.  In addition to wrapping
+
   libyaml, Psych also knows how to serialize and de-serialize most Ruby objects
-  to and from the YAML format.
-email: 
+
+  to and from the YAML format.'
+email:
 - aaronp@rubyforge.org
 executables: []
-
-extensions: 
+extensions:
 - ext/psych/extconf.rb
-extra_rdoc_files: 
+extra_rdoc_files:
 - Manifest.txt
 - CHANGELOG.rdoc
 - README.rdoc
-files: 
+files:
 - .autotest
 - CHANGELOG.rdoc
 - Manifest.txt
@@ -146,6 +130,7 @@ files:
 - test/psych/test_string.rb
 - test/psych/test_struct.rb
 - test/psych/test_symbol.rb
+- test/psych/test_tainted.rb
 - test/psych/test_to_yaml_properties.rb
 - test/psych/test_tree_builder.rb
 - test/psych/test_yaml.rb
@@ -154,44 +139,33 @@ files:
 - test/psych/visitors/test_to_ruby.rb
 - test/psych/visitors/test_yaml_tree.rb
 - .gemtest
-has_rdoc: true
 homepage: http://github.com/tenderlove/psych
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --main
 - README.rdoc
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 55
-      segments: 
-      - 1
-      - 9
-      - 2
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.9.2
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: psych
-rubygems_version: 1.6.1
+rubygems_version: 1.8.2
 signing_key: 
 specification_version: 3
 summary: Psych is a YAML parser and emitter
-test_files: 
+test_files:
 - test/psych/json/test_stream.rb
 - test/psych/nodes/test_enumerable.rb
 - test/psych/test_alias_and_anchor.rb
@@ -223,6 +197,7 @@ test_files:
 - test/psych/test_string.rb
 - test/psych/test_struct.rb
 - test/psych/test_symbol.rb
+- test/psych/test_tainted.rb
 - test/psych/test_to_yaml_properties.rb
 - test/psych/test_tree_builder.rb
 - test/psych/test_yaml.rb