puppet 3.2.1 → 3.2.2

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/psych_resolver.rb

@@ -0,0 +1,52 @@
+module SafeYAML
+  class PsychResolver < Resolver
+    NODE_TYPES = {
+      Psych::Nodes::Document => :root,
+      Psych::Nodes::Mapping  => :map,
+      Psych::Nodes::Sequence => :seq,
+      Psych::Nodes::Scalar   => :scalar,
+      Psych::Nodes::Alias    => :alias
+    }.freeze
+
+    def initialize(options={})
+      super
+      @aliased_nodes = {}
+    end
+
+    def resolve_root(root)
+      resolve_seq(root).first
+    end
+
+    def resolve_alias(node)
+      resolve_node(@aliased_nodes[node.anchor])
+    end
+
+    def native_resolve(node)
+      @visitor ||= SafeYAML::SafeToRubyVisitor.new(self)
+      @visitor.accept(node)
+    end
+
+    def get_node_type(node)
+      NODE_TYPES[node.class]
+    end
+
+    def get_node_tag(node)
+      node.tag
+    end
+
+    def get_node_value(node)
+      @aliased_nodes[node.anchor] = node if node.respond_to?(:anchor) && node.anchor
+
+      case get_node_type(node)
+      when :root, :map, :seq
+        node.children
+      when :scalar
+        node.value
+      end
+    end
+
+    def value_is_quoted?(node)
+      node.quoted
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/resolver.rb

@@ -0,0 +1,94 @@
+module SafeYAML
+  class Resolver
+    def initialize(options)
+      @options              = SafeYAML::OPTIONS.merge(options || {})
+      @whitelist            = @options[:whitelisted_tags] || []
+      @initializers         = @options[:custom_initializers] || {}
+      @raise_on_unknown_tag = @options[:raise_on_unknown_tag]
+    end
+
+    def resolve_node(node)
+      return node if !node
+      return self.native_resolve(node) if tag_is_whitelisted?(self.get_node_tag(node))
+
+      case self.get_node_type(node)
+      when :root
+        resolve_root(node)
+      when :map
+        resolve_map(node)
+      when :seq
+        resolve_seq(node)
+      when :scalar
+        resolve_scalar(node)
+      when :alias
+        resolve_alias(node)
+      else
+        raise "Don't know how to resolve this node: #{node.inspect}"
+      end
+    end
+
+    def resolve_map(node)
+      tag  = get_and_check_node_tag(node)
+      hash = @initializers.include?(tag) ? @initializers[tag].call : {}
+      map  = normalize_map(self.get_node_value(node))
+
+      # Take the "<<" key nodes first, as these are meant to approximate a form of inheritance.
+      inheritors = map.select { |key_node, value_node| resolve_node(key_node) == "<<" }
+      inheritors.each do |key_node, value_node|
+        merge_into_hash(hash, resolve_node(value_node))
+      end
+
+      # All that's left should be normal (non-"<<") nodes.
+      (map - inheritors).each do |key_node, value_node|
+        hash[resolve_node(key_node)] = resolve_node(value_node)
+      end
+
+      return hash
+    end
+
+    def resolve_seq(node)
+      seq = self.get_node_value(node)
+
+      tag = get_and_check_node_tag(node)
+      arr = @initializers.include?(tag) ? @initializers[tag].call : []
+
+      seq.inject(arr) { |array, node| array << resolve_node(node) }
+    end
+
+    def resolve_scalar(node)
+      Transform.to_proper_type(self.get_node_value(node), self.value_is_quoted?(node), get_and_check_node_tag(node), @options)
+    end
+
+    def get_and_check_node_tag(node)
+      tag = self.get_node_tag(node)
+      SafeYAML.tag_safety_check!(tag, @options)
+      tag
+    end
+
+    def tag_is_whitelisted?(tag)
+      @whitelist.include?(tag)
+    end
+
+    def options
+      @options
+    end
+
+    private
+    def normalize_map(map)
+      # Syck creates Hashes from maps.
+      if map.is_a?(Hash)
+        map.inject([]) { |arr, key_and_value| arr << key_and_value }
+
+      # Psych is really weird; it flattens out a Hash completely into: [key, value, key, value, ...]
+      else
+        map.each_slice(2).to_a
+      end
+    end
+
+    def merge_into_hash(hash, array)
+      array.each do |key, value|
+        hash[key] = value
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/safe_to_ruby_visitor.rb

@@ -0,0 +1,17 @@
+module SafeYAML
+  class SafeToRubyVisitor < Psych::Visitors::ToRuby
+    def initialize(resolver)
+      super()
+      @resolver = resolver
+    end
+
+    def accept(node)
+      if node.tag
+        SafeYAML.tag_safety_check!(node.tag, @resolver.options)
+        return super
+      end
+
+      @resolver.resolve_node(node)
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_hack.rb

@@ -0,0 +1,36 @@
+# Hack to JRuby 1.8's YAML Parser Yecht
+#
+# This file is always loaded AFTER either syck or psych are already
+# loaded. It then looks at what constants are available and creates
+# a consistent view on all rubys.
+#
+# Taken from rubygems and modified.
+# See https://github.com/rubygems/rubygems/blob/master/lib/rubygems/syck_hack.rb
+
+module YAML
+  # In newer 1.9.2, there is a Syck toplevel constant instead of it
+  # being underneith YAML. If so, reference it back under YAML as
+  # well.
+  if defined? ::Syck
+    # for tests that change YAML::ENGINE
+    # 1.8 does not support the second argument to const_defined?
+    remove_const :Syck rescue nil
+
+    Syck = ::Syck
+
+  # JRuby's "Syck" is called "Yecht"
+  elsif defined? YAML::Yecht
+    Syck = YAML::Yecht
+  end
+end
+
+# Sometime in the 1.9 dev cycle, the Syck constant was moved from under YAML
+# to be a toplevel constant. So gemspecs created under these versions of Syck
+# will have references to Syck::DefaultKey.
+#
+# So we need to be sure that we reference Syck at the toplevel too so that
+# we can always load these kind of gemspecs.
+#
+if !defined?(Syck)
+  Syck = YAML::Syck
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_node_monkeypatch.rb

@@ -0,0 +1,43 @@
+# This is, admittedly, pretty insane. Fundamentally the challenge here is this: if we want to allow
+# whitelisting of tags (while still leveraging Syck's internal functionality), then we have to
+# change how Syck::Node#transform works. But since we (SafeYAML) do not control instantiation of
+# Syck::Node objects, we cannot, for example, subclass Syck::Node and override #tranform the "easy"
+# way. So the only choice is to monkeypatch, like this. And the only way to make this work
+# recursively with potentially call-specific options (that my feeble brain can think of) is to set
+# pseudo-global options on the first call and unset them once the recursive stack has fully unwound.
+
+monkeypatch = <<-EORUBY
+  class Node
+    @@safe_transform_depth     = 0
+    @@safe_transform_whitelist = nil
+
+    def safe_transform(options={})
+      begin
+        @@safe_transform_depth += 1
+        @@safe_transform_whitelist ||= options[:whitelisted_tags]
+
+        if self.type_id
+          SafeYAML.tag_safety_check!(self.type_id, options)
+          return unsafe_transform if @@safe_transform_whitelist.include?(self.type_id)
+        end
+
+        SafeYAML::SyckResolver.new.resolve_node(self)
+
+      ensure
+        @@safe_transform_depth -= 1
+        if @@safe_transform_depth == 0
+          @@safe_transform_whitelist = nil
+        end
+      end
+    end
+
+    alias_method :unsafe_transform, :transform
+    alias_method :transform, :safe_transform
+  end
+EORUBY
+
+if defined?(YAML::Syck::Node)
+  YAML::Syck.module_eval monkeypatch
+else
+  Syck.module_eval monkeypatch
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_resolver.rb

@@ -0,0 +1,38 @@
+module SafeYAML
+  class SyckResolver < Resolver
+    QUOTE_STYLES = [
+      :quote1,
+      :quote2
+    ].freeze
+
+    NODE_TYPES = {
+      Hash   => :map,
+      Array  => :seq,
+      String => :scalar
+    }.freeze
+
+    def initialize(options={})
+      super
+    end
+
+    def native_resolve(node)
+      node.transform(self.options)
+    end
+
+    def get_node_type(node)
+      NODE_TYPES[node.value.class]
+    end
+
+    def get_node_tag(node)
+      node.type_id
+    end
+
+    def get_node_value(node)
+      node.value
+    end
+
+    def value_is_quoted?(node)
+      QUOTE_STYLES.include?(node.instance_variable_get(:@style))
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform.rb

@@ -0,0 +1,41 @@
+require 'base64'
+
+module SafeYAML
+  class Transform
+    TRANSFORMERS = [
+      Transform::ToSymbol.new,
+      Transform::ToInteger.new,
+      Transform::ToFloat.new,
+      Transform::ToNil.new,
+      Transform::ToBoolean.new,
+      Transform::ToDate.new
+    ]
+
+    def self.to_guessed_type(value, quoted=false, options=nil)
+      return value if quoted
+
+      if value.is_a?(String)
+        TRANSFORMERS.each do |transformer|
+          success, transformed_value = transformer.method(:transform?).arity == 1 ?
+            transformer.transform?(value) :
+            transformer.transform?(value, options)
+
+          return transformed_value if success
+        end
+      end
+
+      value
+    end
+
+    def self.to_proper_type(value, quoted=false, tag=nil, options=nil)
+      case tag
+      when "tag:yaml.org,2002:binary", "x-private:binary", "!binary"
+        decoded = Base64.decode64(value)
+        decoded = decoded.force_encoding(value.encoding) if decoded.respond_to?(:force_encoding)
+        decoded
+      else
+        self.to_guessed_type(value, quoted, options)
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_boolean.rb

@@ -0,0 +1,21 @@
+module SafeYAML
+  class Transform
+    class ToBoolean
+      include TransformationMap
+
+      set_predefined_values({
+        "yes"   => true,
+        "on"    => true,
+        "true"  => true,
+        "no"    => false,
+        "off"   => false,
+        "false" => false
+      })
+
+      def transform?(value)
+        return false if value.length > 5
+        return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_date.rb

@@ -0,0 +1,11 @@
+module SafeYAML
+  class Transform
+    class ToDate
+      def transform?(value)
+        return true, Date.parse(value) if Parse::Date::DATE_MATCHER.match(value)
+        return true, Parse::Date.value(value) if Parse::Date::TIME_MATCHER.match(value)
+        false
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_float.rb

@@ -0,0 +1,33 @@
+module SafeYAML
+  class Transform
+    class ToFloat
+      Infinity = 1.0 / 0.0
+      NaN = 0.0 / 0.0
+
+      PREDEFINED_VALUES = {
+        ".inf"  => Infinity,
+        ".Inf"  => Infinity,
+        ".INF"  => Infinity,
+        "-.inf" => -Infinity,
+        "-.Inf" => -Infinity,
+        "-.INF" => -Infinity,
+        ".nan"  => NaN,
+        ".NaN"  => NaN,
+        ".NAN"  => NaN,
+      }.freeze
+
+      MATCHER = /\A[-+]?(?:\d[\d_]*)?\.[\d_]+(?:[eE][-+][\d]+)?\Z/.freeze
+
+      def transform?(value)
+        return true, Float(value) if MATCHER.match(value)
+        try_edge_cases?(value)
+      end
+
+      def try_edge_cases?(value)
+        return true, PREDEFINED_VALUES[value] if PREDEFINED_VALUES.include?(value)
+        return true, Parse::Sexagesimal.value(value) if Parse::Sexagesimal::FLOAT_MATCHER.match(value)
+        return false
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_integer.rb

@@ -0,0 +1,25 @@
+module SafeYAML
+  class Transform
+    class ToInteger
+      MATCHERS = Deep.freeze([
+        /\A[-+]?(0|([1-9][0-9_,]*))\Z/, # decimal
+        /\A0[0-7]+\Z/,                  # octal
+        /\A0x[0-9a-f]+\Z/i,             # hexadecimal
+        /\A0b[01_]+\Z/                  # binary
+      ])
+
+      def transform?(value)
+        MATCHERS.each do |matcher|
+          return true, Integer(value.gsub(",", "")) if matcher.match(value)
+        end
+        try_edge_cases?(value)
+      end
+
+      def try_edge_cases?(value)
+        return true, Parse::Hexadecimal.value(value) if Parse::Hexadecimal::MATCHER.match(value)
+        return true, Parse::Sexagesimal.value(value) if Parse::Sexagesimal::INTEGER_MATCHER.match(value)
+        return false
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_nil.rb

@@ -0,0 +1,18 @@
+module SafeYAML
+  class Transform
+    class ToNil
+      include TransformationMap
+
+      set_predefined_values({
+        ""      => nil,
+        "~"     => nil,
+        "null"  => nil,
+      })
+
+      def transform?(value)
+        return false if value.length > 4
+        return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
+      end
+    end
+  end
+end