puppet 3.2.1 → 3.2.2

data/lib/puppet/vendor/safe_yaml/Rakefile

@@ -0,0 +1,6 @@
+require "rspec/core/rake_task"
+
+desc "Run specs"
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = %w(--color)
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml.rb

@@ -0,0 +1,253 @@
+require "yaml"
+
+# This needs to be defined up front in case any internal classes need to base
+# their behavior off of this.
+module SafeYAML
+  YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
+end
+
+require "set"
+require "safe_yaml/deep"
+require "safe_yaml/parse/hexadecimal"
+require "safe_yaml/parse/sexagesimal"
+require "safe_yaml/parse/date"
+require "safe_yaml/transform/transformation_map"
+require "safe_yaml/transform/to_boolean"
+require "safe_yaml/transform/to_date"
+require "safe_yaml/transform/to_float"
+require "safe_yaml/transform/to_integer"
+require "safe_yaml/transform/to_nil"
+require "safe_yaml/transform/to_symbol"
+require "safe_yaml/transform"
+require "safe_yaml/resolver"
+require "safe_yaml/syck_hack" if defined?(JRUBY_VERSION)
+
+module SafeYAML
+  MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
+
+  DEFAULT_OPTIONS = Deep.freeze({
+    :default_mode         => nil,
+    :suppress_warnings    => false,
+    :deserialize_symbols  => false,
+    :whitelisted_tags     => [],
+    :custom_initializers  => {},
+    :raise_on_unknown_tag => false
+  })
+
+  OPTIONS = Deep.copy(DEFAULT_OPTIONS)
+
+  module_function
+  def restore_defaults!
+    OPTIONS.clear.merge!(Deep.copy(DEFAULT_OPTIONS))
+  end
+
+  def tag_safety_check!(tag, options)
+    return if tag.nil? || tag == "!"
+    if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
+      raise "Unknown YAML tag '#{tag}'"
+    end
+  end
+
+  def whitelist!(*classes)
+    classes.each do |klass|
+      whitelist_class!(klass)
+    end
+  end
+
+  def whitelist_class!(klass)
+    raise "#{klass} not a Class" unless klass.is_a?(::Class)
+
+    klass_name = klass.name
+    raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
+
+    # Whitelist any built-in YAML tags supplied by Syck or Psych.
+    predefined_tag = predefined_tags[klass]
+    if predefined_tag
+      OPTIONS[:whitelisted_tags] << predefined_tag
+      return
+    end
+
+    # Exception is exceptional (har har).
+    tag_class  = klass < Exception ? "exception" : "object"
+
+    tag_prefix = case YAML_ENGINE
+                 when "psych" then "!ruby/#{tag_class}"
+                 when "syck"  then "tag:ruby.yaml.org,2002:#{tag_class}"
+                 else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
+                 end
+    OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
+  end
+
+  def predefined_tags
+    if @predefined_tags.nil?
+      @predefined_tags = {}
+
+      if YAML_ENGINE == "syck"
+        YAML.tagged_classes.each do |tag, klass|
+          @predefined_tags[klass] = tag
+        end
+
+      else
+        # Special tags appear to be hard-coded in Psych:
+        # https://github.com/tenderlove/psych/blob/v1.3.4/lib/psych/visitors/to_ruby.rb
+        # Fortunately, there aren't many that SafeYAML doesn't already support.
+        @predefined_tags.merge!({
+          Exception => "!ruby/exception",
+          Range     => "!ruby/range",
+          Regexp    => "!ruby/regexp",
+        })
+      end
+    end
+
+    @predefined_tags
+  end
+
+  if YAML_ENGINE == "psych"
+    def tag_is_explicitly_trusted?(tag)
+      false
+    end
+
+  else
+    TRUSTED_TAGS = Set.new([
+      "tag:yaml.org,2002:binary",
+      "tag:yaml.org,2002:bool#no",
+      "tag:yaml.org,2002:bool#yes",
+      "tag:yaml.org,2002:float",
+      "tag:yaml.org,2002:float#fix",
+      "tag:yaml.org,2002:int",
+      "tag:yaml.org,2002:map",
+      "tag:yaml.org,2002:null",
+      "tag:yaml.org,2002:seq",
+      "tag:yaml.org,2002:str",
+      "tag:yaml.org,2002:timestamp",
+      "tag:yaml.org,2002:timestamp#ymd"
+    ]).freeze
+
+    def tag_is_explicitly_trusted?(tag)
+      TRUSTED_TAGS.include?(tag)
+    end
+  end
+end
+
+module YAML
+  def self.load_with_options(yaml, *original_arguments)
+    filename, options = filename_and_options_from_arguments(original_arguments)
+    safe_mode = safe_mode_from_options("load", options)
+    arguments = [yaml]
+
+    if safe_mode == :safe
+      arguments << filename if SafeYAML::YAML_ENGINE == "psych"
+      arguments << options_for_safe_load(options)
+      safe_load(*arguments)
+    else
+      arguments << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+      unsafe_load(*arguments)
+    end
+  end
+
+  def self.load_file_with_options(file, options={})
+    safe_mode = safe_mode_from_options("load_file", options)
+    if safe_mode == :safe
+      safe_load_file(file, options_for_safe_load(options))
+    else
+      unsafe_load_file(file)
+    end
+  end
+
+  if SafeYAML::YAML_ENGINE == "psych"
+    require "safe_yaml/psych_handler"
+    require "safe_yaml/psych_resolver"
+    require "safe_yaml/safe_to_ruby_visitor"
+
+    def self.safe_load(yaml, filename=nil, options={})
+      # If the user hasn't whitelisted any tags, we can go with this implementation which is
+      # significantly faster.
+      if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
+        safe_handler = SafeYAML::PsychHandler.new(options)
+        arguments_for_parse = [yaml]
+        arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
+        return safe_handler.result || false
+
+      else
+        safe_resolver = SafeYAML::PsychResolver.new(options)
+        tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
+          Psych.parse(yaml, filename) :
+          Psych.parse(yaml)
+        return safe_resolver.resolve_node(tree)
+      end
+    end
+
+    def self.safe_load_file(filename, options={})
+      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load(f, filename, options) }
+    end
+
+    def self.unsafe_load_file(filename)
+      if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
+        File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load(f, filename) }
+      else
+        # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
+        self.unsafe_load File.open(filename)
+      end
+    end
+
+  else
+    require "safe_yaml/syck_resolver"
+    require "safe_yaml/syck_node_monkeypatch"
+
+    def self.safe_load(yaml, options={})
+      resolver = SafeYAML::SyckResolver.new(SafeYAML::OPTIONS.merge(options || {}))
+      tree = YAML.parse(yaml)
+      return resolver.resolve_node(tree)
+    end
+
+    def self.safe_load_file(filename, options={})
+      File.open(filename) { |f| self.safe_load(f, options) }
+    end
+
+    def self.unsafe_load_file(filename)
+      # https://github.com/indeyets/syck/blob/master/ext/ruby/lib/yaml.rb#L133-135
+      File.open(filename) { |f| self.unsafe_load(f) }
+    end
+  end
+
+  class << self
+    alias_method :unsafe_load, :load
+    alias_method :load, :load_with_options
+    alias_method :load_file, :load_file_with_options
+
+    private
+    def filename_and_options_from_arguments(arguments)
+      if arguments.count == 1
+        if arguments.first.is_a?(String)
+          return arguments.first, {}
+        else
+          return nil, arguments.first || {}
+        end
+
+      else
+        return arguments.first, arguments.last || {}
+      end
+    end
+
+    def safe_mode_from_options(method, options={})
+      if options[:safe].nil?
+        safe_mode = SafeYAML::OPTIONS[:default_mode] || :safe
+        if SafeYAML::OPTIONS[:default_mode].nil? && !SafeYAML::OPTIONS[:suppress_warnings]
+          Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{safe_mode} mode."
+          SafeYAML::OPTIONS[:suppress_warnings] = true
+        end
+        return safe_mode
+      end
+
+      options[:safe] ? :safe : :unsafe
+    end
+
+    def options_for_safe_load(base_options)
+      options = base_options.dup
+      options.delete(:safe)
+      options
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/deep.rb

@@ -0,0 +1,34 @@
+module SafeYAML
+  class Deep
+    def self.freeze(object)
+      object.each do |*entry|
+        value = entry.last
+        case value
+        when String, Regexp
+          value.freeze
+        when Enumerable
+          Deep.freeze(value)
+        end
+      end
+
+      return object.freeze
+    end
+
+    def self.copy(object)
+      duplicate = object.dup rescue object
+
+      case object
+      when Array
+        (0...duplicate.count).each do |i|
+          duplicate[i] = Deep.copy(duplicate[i])
+        end
+      when Hash
+        duplicate.keys.each do |key|
+          duplicate[key] = Deep.copy(duplicate[key])
+        end
+      end
+
+      duplicate
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/date.rb

@@ -0,0 +1,27 @@
+module SafeYAML
+  class Parse
+    class Date
+      # This one's easy enough :)
+      DATE_MATCHER = /\A(\d{4})-(\d{2})-(\d{2})\Z/.freeze
+
+      # This unbelievable little gem is taken basically straight from the YAML spec, but made
+      # slightly more readable (to my poor eyes at least) to me:
+      # http://yaml.org/type/timestamp.html
+      TIME_MATCHER = /\A\d{4}-\d{1,2}-\d{1,2}(?:[Tt]|\s+)\d{1,2}:\d{2}:\d{2}(?:\.\d*)?\s*(?:Z|[-+]\d{1,2}(?::?\d{2})?)?\Z/.freeze
+
+      SECONDS_PER_DAY = 60 * 60 * 24
+      MICROSECONDS_PER_SECOND = 1000000
+
+      # So this is weird. In Ruby 1.8.7, the DateTime#sec_fraction method returned fractional
+      # seconds in units of DAYS for some reason. In 1.9.2, they changed the units -- much more
+      # reasonably -- to seconds.
+      SEC_FRACTION_MULTIPLIER = RUBY_VERSION == "1.8.7" ? (SECONDS_PER_DAY * MICROSECONDS_PER_SECOND) : MICROSECONDS_PER_SECOND
+
+      def self.value(value)
+        d = DateTime.parse(value)
+        usec = d.sec_fraction * SEC_FRACTION_MULTIPLIER
+        Time.utc(d.year, d.month, d.day, d.hour, d.min, d.sec, usec) - (d.offset * SECONDS_PER_DAY)
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/hexadecimal.rb

@@ -0,0 +1,12 @@
+module SafeYAML
+  class Parse
+    class Hexadecimal
+      MATCHER = /\A[-+]?0x[0-9a-fA-F_]+\Z/.freeze
+
+      def self.value(value)
+        # This is safe to do since we already validated the value.
+        return Integer(value.gsub(/_/, ""))
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/sexagesimal.rb

@@ -0,0 +1,26 @@
+module SafeYAML
+  class Parse
+    class Sexagesimal
+      INTEGER_MATCHER = /\A[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+\Z/.freeze
+      FLOAT_MATCHER = /\A[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+\.[0-9_]*\Z/.freeze
+
+      def self.value(value)
+        before_decimal, after_decimal = value.split(".")
+
+        whole_part = 0
+        multiplier = 1
+
+        before_decimal = before_decimal.split(":")
+        until before_decimal.empty?
+          whole_part += (Float(before_decimal.pop) * multiplier)
+          multiplier *= 60
+        end
+
+        result = whole_part
+        result += Float("." + after_decimal) unless after_decimal.nil?
+        result *= -1 if value[0] == "-"
+        result
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/psych_handler.rb

@@ -0,0 +1,92 @@
+require "psych"
+require "base64"
+
+module SafeYAML
+  class PsychHandler < Psych::Handler
+    def initialize(options)
+      @options      = SafeYAML::OPTIONS.merge(options || {})
+      @initializers = @options[:custom_initializers] || {}
+      @anchors      = {}
+      @stack        = []
+      @current_key  = nil
+      @result       = nil
+    end
+
+    def result
+      @result
+    end
+
+    def add_to_current_structure(value, anchor=nil, quoted=nil, tag=nil)
+      value = Transform.to_proper_type(value, quoted, tag, @options)
+
+      @anchors[anchor] = value if anchor
+
+      if @result.nil?
+        @result = value
+        @current_structure = @result
+        return
+      end
+
+      if @current_structure.respond_to?(:<<)
+        @current_structure << value
+
+      elsif @current_structure.respond_to?(:[]=)
+        if @current_key.nil?
+          @current_key = value
+
+        else
+          if @current_key == "<<"
+            @current_structure.merge!(value)
+          else
+            @current_structure[@current_key] = value
+          end
+
+          @current_key = nil
+        end
+
+      else
+        raise "Don't know how to add to a #{@current_structure.class}!"
+      end
+    end
+
+    def end_current_structure
+      @stack.pop
+      @current_structure = @stack.last
+    end
+
+    def streaming?
+      false
+    end
+
+    # event handlers
+    def alias(anchor)
+      add_to_current_structure(@anchors[anchor])
+    end
+
+    def scalar(value, anchor, tag, plain, quoted, style)
+      add_to_current_structure(value, anchor, quoted, tag)
+    end
+
+    def start_mapping(anchor, tag, implicit, style)
+      map = @initializers.include?(tag) ? @initializers[tag].call : {}
+      self.add_to_current_structure(map, anchor)
+      @current_structure = map
+      @stack.push(map)
+    end
+
+    def end_mapping
+      self.end_current_structure()
+    end
+
+    def start_sequence(anchor, tag, implicit, style)
+      seq = @initializers.include?(tag) ? @initializers[tag].call : []
+      self.add_to_current_structure(seq, anchor)
+      @current_structure = seq
+      @stack.push(seq)
+    end
+
+    def end_sequence
+      self.end_current_structure()
+    end
+  end
+end