RubyGems - puppet - Versions diffs - 3.2.1 → 3.2.2 - Mend

puppet 3.2.1 → 3.2.2

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (78) hide show

data/install.rb +1 -1
data/lib/puppet.rb +11 -0
data/lib/puppet/indirector/report/processor.rb +1 -1
data/lib/puppet/indirector/report/rest.rb +7 -0
data/lib/puppet/indirector/resource/rest.rb +8 -0
data/lib/puppet/indirector/rest.rb +80 -52
data/lib/puppet/indirector/run/rest.rb +6 -0
data/lib/puppet/network/formats.rb +20 -10
data/lib/puppet/network/http/handler.rb +1 -1
data/lib/puppet/node.rb +1 -1
data/lib/puppet/node/facts.rb +23 -4
data/lib/puppet/resource.rb +2 -4
data/lib/puppet/resource/status.rb +28 -0
data/lib/puppet/run.rb +24 -2
data/lib/puppet/status.rb +6 -2
data/lib/puppet/transaction/event.rb +19 -0
data/lib/puppet/transaction/report.rb +40 -0
data/lib/puppet/util/log.rb +19 -0
data/lib/puppet/util/metric.rb +6 -0
data/lib/puppet/util/monkey_patches.rb +0 -15
data/lib/puppet/vendor.rb +55 -0
data/lib/puppet/vendor/load_safe_yaml.rb +1 -0
data/lib/puppet/vendor/require_vendored.rb +5 -0
data/lib/puppet/vendor/safe_yaml/CHANGES.md +104 -0
data/lib/puppet/vendor/safe_yaml/Gemfile +11 -0
data/lib/puppet/vendor/safe_yaml/LICENSE.txt +22 -0
data/lib/puppet/vendor/safe_yaml/README.md +179 -0
data/lib/puppet/vendor/safe_yaml/Rakefile +6 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml.rb +253 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/deep.rb +34 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/date.rb +27 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/hexadecimal.rb +12 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/parse/sexagesimal.rb +26 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/psych_handler.rb +92 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/psych_resolver.rb +52 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/resolver.rb +94 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/safe_to_ruby_visitor.rb +17 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_hack.rb +36 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_node_monkeypatch.rb +43 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/syck_resolver.rb +38 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform.rb +41 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_boolean.rb +21 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_date.rb +11 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_float.rb +33 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_integer.rb +25 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_nil.rb +18 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_symbol.rb +13 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/transformation_map.rb +47 -0
data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/version.rb +3 -0
data/lib/puppet/vendor/safe_yaml/run_specs_all_ruby_versions.sh +21 -0
data/lib/puppet/vendor/safe_yaml/safe_yaml.gemspec +18 -0
data/lib/puppet/vendor/safe_yaml/spec/exploit.1.9.2.yaml +2 -0
data/lib/puppet/vendor/safe_yaml/spec/exploit.1.9.3.yaml +2 -0
data/lib/puppet/vendor/safe_yaml/spec/psych_resolver_spec.rb +10 -0
data/lib/puppet/vendor/safe_yaml/spec/resolver_specs.rb +250 -0
data/lib/puppet/vendor/safe_yaml/spec/safe_yaml_spec.rb +702 -0
data/lib/puppet/vendor/safe_yaml/spec/spec_helper.rb +18 -0
data/lib/puppet/vendor/safe_yaml/spec/support/exploitable_back_door.rb +29 -0
data/lib/puppet/vendor/safe_yaml/spec/syck_resolver_spec.rb +10 -0
data/lib/puppet/vendor/safe_yaml/spec/transform/base64_spec.rb +11 -0
data/lib/puppet/vendor/safe_yaml/spec/transform/to_date_spec.rb +34 -0
data/lib/puppet/vendor/safe_yaml/spec/transform/to_float_spec.rb +42 -0
data/lib/puppet/vendor/safe_yaml/spec/transform/to_integer_spec.rb +59 -0
data/lib/puppet/vendor/safe_yaml/spec/transform/to_symbol_spec.rb +49 -0
data/lib/puppet/vendor/safe_yaml_patches.rb +9 -0
data/lib/puppet/version.rb +1 -1
data/spec/lib/puppet_spec/matchers.rb +8 -0
data/spec/unit/application/facts_spec.rb +1 -0
data/spec/unit/file_serving/metadata_spec.rb +20 -28
data/spec/unit/indirector/report/rest_spec.rb +41 -0
data/spec/unit/indirector/rest_spec.rb +307 -334
data/spec/unit/network/formats_spec.rb +36 -27
data/spec/unit/network/http/handler_spec.rb +3 -12
data/spec/unit/node_spec.rb +14 -0
data/spec/unit/resource_spec.rb +5 -35
data/spec/unit/run_spec.rb +25 -6
data/spec/unit/status_spec.rb +6 -0
metadata +2566 -2521

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/to_symbol.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module SafeYAML
+  class Transform
+    class ToSymbol
+      MATCHER = /\A:"?(\w+)"?\Z/.freeze
+      def transform?(value, options=nil)
+        options ||= SafeYAML::OPTIONS
+        return false unless options[:deserialize_symbols] && MATCHER.match(value)
+        return true, $1.to_sym
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/transform/transformation_map.rb ADDED Viewed

@@ -0,0 +1,47 @@
+module SafeYAML
+  class Transform
+    module TransformationMap
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+      class CaseAgnosticMap < Hash
+        def initialize(*args)
+          super
+        end
+        def include?(key)
+          super(key.downcase)
+        end
+        def [](key)
+          super(key.downcase)
+        end
+        # OK, I actually don't think it's all that important that this map be
+        # frozen.
+        def freeze
+          self
+        end
+      end
+      module ClassMethods
+        def set_predefined_values(predefined_values)
+          if SafeYAML::YAML_ENGINE == "syck"
+            expanded_map = predefined_values.inject({}) do |hash, (key, value)|
+              hash[key] = value
+              hash[key.capitalize] = value
+              hash[key.upcase] = value
+              hash
+            end
+          else
+            expanded_map = CaseAgnosticMap.new
+            expanded_map.merge!(predefined_values)
+          end
+          self.const_set(:PREDEFINED_VALUES, expanded_map.freeze)
+        end
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module SafeYAML
+  VERSION = "0.9.2"
+end

data/lib/puppet/vendor/safe_yaml/run_specs_all_ruby_versions.sh ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/bash
+[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
+rvm use 1.8.7@safe_yaml
+rake spec
+rvm use 1.9.2@safe_yaml
+YAMLER=syck rake spec
+rvm use 1.9.3@safe_yaml
+YAMLER=syck rake spec
+rvm use 1.9.2@safe_yaml
+YAMLER=psych rake spec
+rvm use 1.9.3@safe_yaml
+YAMLER=psych rake spec
+rvm use 2.0.0@safe_yaml
+YAMLER=psych rake spec

data/lib/puppet/vendor/safe_yaml/safe_yaml.gemspec ADDED Viewed

@@ -0,0 +1,18 @@
+# -*- encoding: utf-8 -*-
+require File.join(File.dirname(__FILE__), "lib", "safe_yaml", "version")
+Gem::Specification.new do |gem|
+  gem.name          = "safe_yaml"
+  gem.version       = SafeYAML::VERSION
+  gem.authors       = "Dan Tao"
+  gem.email         = "daniel.tao@gmail.com"
+  gem.description   = %q{Parse YAML safely, without that pesky arbitrary object deserialization vulnerability}
+  gem.summary       = %q{SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.}
+  gem.homepage      = "http://dtao.github.com/safe_yaml/"
+  gem.license       = "MIT"
+  gem.files         = `git ls-files`.split($\)
+  gem.test_files    = gem.files.grep(%r{^spec/})
+  gem.require_paths = ["lib"]
+  gem.required_ruby_version = ">= 1.8.7"
+end

data/lib/puppet/vendor/safe_yaml/spec/exploit.1.9.2.yaml ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --- !ruby/object:ExploitableBackDoor
2	+ foo: bar

data/lib/puppet/vendor/safe_yaml/spec/exploit.1.9.3.yaml ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --- !ruby/hash:ExploitableBackDoor
2	+ foo: bar

data/lib/puppet/vendor/safe_yaml/spec/psych_resolver_spec.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require File.join(File.dirname(__FILE__), "spec_helper")
+if SafeYAML::YAML_ENGINE == "psych"
+  require "safe_yaml/psych_resolver"
+  describe SafeYAML::PsychResolver do
+    include ResolverSpecs
+    let(:resolver) { SafeYAML::PsychResolver.new }
+  end
+end

data/lib/puppet/vendor/safe_yaml/spec/resolver_specs.rb ADDED Viewed

@@ -0,0 +1,250 @@
+module ResolverSpecs
+  def self.included(base)
+    base.module_eval do
+      let(:resolver) { nil }
+      let(:result) { @result }
+      def parse(yaml)
+        tree = YAML.parse(yaml.unindent)
+        @result = resolver.resolve_node(tree)
+      end
+      # Isn't this how I should've been doing it all along?
+      def parse_and_test(yaml)
+        parse(yaml)
+        @result.should == YAML.unsafe_load(yaml)
+      end
+      context "by default" do
+        it "translates maps to hashes" do
+          parse <<-YAML
+            potayto: potahto
+            tomayto: tomahto
+          YAML
+          result.should == {
+            "potayto" => "potahto",
+            "tomayto" => "tomahto"
+          }
+        end
+        it "translates sequences to arrays" do
+          parse <<-YAML
+            - foo
+            - bar
+            - baz
+          YAML
+          result.should == ["foo", "bar", "baz"]
+        end
+        it "translates most values to strings" do
+          parse "string: value"
+          result.should == { "string" => "value" }
+        end
+        it "does not deserialize symbols" do
+          parse ":symbol: value"
+          result.should == { ":symbol" => "value" }
+        end
+        it "translates valid integral numbers to integers" do
+          parse "integer: 1"
+          result.should == { "integer" => 1 }
+        end
+        it "translates valid decimal numbers to floats" do
+          parse "float: 3.14"
+          result.should == { "float" => 3.14 }
+        end
+        it "translates valid dates" do
+          parse "date: 2013-01-24"
+          result.should == { "date" => Date.parse("2013-01-24") }
+        end
+        it "translates valid true/false values to booleans" do
+          parse <<-YAML
+            - yes
+            - true
+            - no
+            - false
+          YAML
+          result.should == [true, true, false, false]
+        end
+        it "translates valid nulls to nil" do
+          parse <<-YAML
+            -
+            - ~
+            - null
+          YAML
+          result.should == [nil] * 3
+        end
+        it "matches the behavior of the underlying YAML engine w/ respect to capitalization of boolean values" do
+          parse_and_test <<-YAML
+            - true
+            - True
+            - TRUE
+            - tRue
+            - TRue
+            - False
+            - FALSE
+            - fAlse
+            - FALse
+          YAML
+          # using Syck: [true, true, true, "tRue", "TRue", false, false, "fAlse", "FALse"]
+          # using Psych: all booleans
+        end
+        it "matches the behavior of the underlying YAML engine w/ respect to capitalization of nil values" do
+          parse_and_test <<-YAML
+            - Null
+            - NULL
+            - nUll
+            - NUll
+          YAML
+          # using Syck: [nil, nil, "nUll", "NUll"]
+          # using Psych: all nils
+        end
+        it "translates quoted empty strings to strings (not nil)" do
+          parse "foo: ''"
+          result.should == { "foo" => "" }
+        end
+        it "correctly reverse-translates strings encoded via #to_yaml" do
+          parse "5.10".to_yaml
+          result.should == "5.10"
+        end
+        it "does not specially parse any double-quoted strings" do
+          parse <<-YAML
+            - "1"
+            - "3.14"
+            - "true"
+            - "false"
+            - "2013-02-03"
+            - "2013-02-03 16:27:00 -0600"
+          YAML
+          result.should == ["1", "3.14", "true", "false", "2013-02-03", "2013-02-03 16:27:00 -0600"]
+        end
+        it "does not specially parse any single-quoted strings" do
+          parse <<-YAML
+            - '1'
+            - '3.14'
+            - 'true'
+            - 'false'
+            - '2013-02-03'
+            - '2013-02-03 16:27:00 -0600'
+          YAML
+          result.should == ["1", "3.14", "true", "false", "2013-02-03", "2013-02-03 16:27:00 -0600"]
+        end
+        it "deals just fine with nested maps" do
+          parse <<-YAML
+            foo:
+              bar:
+                marco: polo
+          YAML
+          result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
+        end
+        it "deals just fine with nested sequences" do
+          parse <<-YAML
+            - foo
+            -
+              - bar1
+              - bar2
+              -
+                - baz1
+                - baz2
+          YAML
+          result.should == ["foo", ["bar1", "bar2", ["baz1", "baz2"]]]
+        end
+        it "applies the same transformations to keys as to values" do
+          parse <<-YAML
+            foo: string
+            :bar: symbol
+            1: integer
+            3.14: float
+            2013-01-24: date
+          YAML
+          result.should == {
+            "foo"  => "string",
+            ":bar" => "symbol",
+            1      => "integer",
+            3.14   => "float",
+            Date.parse("2013-01-24") => "date",
+          }
+        end
+        it "applies the same transformations to elements in sequences as to all values" do
+          parse <<-YAML
+            - foo
+            - :bar
+            - 1
+            - 3.14
+            - 2013-01-24
+          YAML
+          result.should == ["foo", ":bar", 1, 3.14, Date.parse("2013-01-24")]
+        end
+      end
+      context "for Ruby version #{RUBY_VERSION}" do
+        it "translates valid time values" do
+          parse "time: 2013-01-29 05:58:00 -0800"
+          result.should == { "time" => Time.utc(2013, 1, 29, 13, 58, 0) }
+        end
+        it "applies the same transformation to elements in sequences" do
+          parse "- 2013-01-29 05:58:00 -0800"
+          result.should == [Time.utc(2013, 1, 29, 13, 58, 0)]
+        end
+        it "applies the same transformation to keys" do
+          parse "2013-01-29 05:58:00 -0800: time"
+          result.should == { Time.utc(2013, 1, 29, 13, 58, 0) => "time" }
+        end
+      end
+      context "with symbol deserialization enabled" do
+        before :each do
+          SafeYAML::OPTIONS[:deserialize_symbols] = true
+        end
+        after :each do
+          SafeYAML.restore_defaults!
+        end
+        it "translates values starting with ':' to symbols" do
+          parse "symbol: :value"
+          result.should == { "symbol" => :value }
+        end
+        it "applies the same transformation to keys" do
+          parse ":bar: symbol"
+          result.should == { :bar  => "symbol" }
+        end
+        it "applies the same transformation to elements in sequences" do
+          parse "- :bar"
+          result.should == [:bar]
+        end
+      end
+    end
+  end
+end

data/lib/puppet/vendor/safe_yaml/spec/safe_yaml_spec.rb ADDED Viewed

@@ -0,0 +1,702 @@
+require File.join(File.dirname(__FILE__), "spec_helper")
+require "exploitable_back_door"
+describe YAML do
+  # Essentially stolen from:
+  # https://github.com/rails/rails/blob/3-2-stable/activesupport/lib/active_support/core_ext/kernel/reporting.rb#L10-25
+  def silence_warnings
+    $VERBOSE = nil; yield
+  ensure
+    $VERBOSE = true
+  end
+  def safe_load_round_trip(object, options={})
+    yaml = object.to_yaml
+    if SafeYAML::YAML_ENGINE == "psych"
+      YAML.safe_load(yaml, nil, options)
+    else
+      YAML.safe_load(yaml, options)
+    end
+  end
+  before :each do
+    SafeYAML.restore_defaults!
+  end
+  after :each do
+    SafeYAML.restore_defaults!
+  end
+  describe "unsafe_load" do
+    if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.3"
+      it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
+        backdoor = YAML.unsafe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
+        backdoor.should be_exploited_through_setter
+      end
+      it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
+        backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+        backdoor.should be_exploited_through_init_with
+      end
+    end
+    it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
+      backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+      backdoor.should be_exploited_through_ivars
+    end
+    context "with special whitelisted tags defined" do
+      before :each do
+        SafeYAML::whitelist!(OpenStruct)
+      end
+      it "effectively ignores the whitelist (since everything is whitelisted)" do
+        result = YAML.unsafe_load <<-YAML.unindent
+          --- !ruby/object:OpenStruct
+          table:
+            :backdoor: !ruby/object:ExploitableBackDoor
+              foo: bar
+        YAML
+        result.should be_a(OpenStruct)
+        result.backdoor.should be_exploited_through_ivars
+      end
+    end
+  end
+  describe "safe_load" do
+    it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
+      object = YAML.safe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
+      object.should_not be_a(ExploitableBackDoor)
+    end
+    it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
+      object = YAML.safe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+      object.should_not be_a(ExploitableBackDoor)
+    end
+    context "for YAML engine #{SafeYAML::YAML_ENGINE}" do
+      if SafeYAML::YAML_ENGINE == "psych"
+        let(:options) { nil }
+        let(:arguments) { ["foo: bar", nil, options] }
+        context "when no tags are whitelisted" do
+          it "constructs a SafeYAML::PsychHandler to resolve nodes as they're parsed, for optimal performance" do
+            Psych::Parser.should_receive(:new).with an_instance_of(SafeYAML::PsychHandler)
+            # This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
+            YAML.safe_load(*arguments) rescue nil
+          end
+        end
+        context "when whitelisted tags are specified" do
+          let(:options) {
+            { :whitelisted_tags => ["foo"] }
+          }
+          it "instead uses Psych to construct a full tree before examining the nodes" do
+            Psych.should_receive(:parse)
+            # This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
+            YAML.safe_load(*arguments) rescue nil
+          end
+        end
+      end
+      if SafeYAML::YAML_ENGINE == "syck"
+        it "uses Syck internally to parse YAML" do
+          YAML.should_receive(:parse).with("foo: bar")
+          # This won't work now; we just want to ensure YAML::parse was in fact called.
+          YAML.safe_load("foo: bar") rescue nil
+        end
+      end
+    end
+    it "loads a plain ol' YAML document just fine" do
+      result = YAML.safe_load <<-YAML.unindent
+        foo:
+          number: 1
+          string: Hello, there!
+          symbol: :blah
+          sequence:
+            - hi
+            - bye
+      YAML
+      result.should == {
+        "foo" => {
+          "number" => 1,
+          "string" => "Hello, there!",
+          "symbol" => ":blah",
+          "sequence" => ["hi", "bye"]
+        }
+      }
+    end
+    it "works for YAML documents with anchors and aliases" do
+      result = YAML.safe_load <<-YAML
+        - &id001 {}
+        - *id001
+        - *id001
+      YAML
+      result.should == [{}, {}, {}]
+    end
+    it "works for YAML documents with binary tagged keys" do
+      result = YAML.safe_load <<-YAML
+        ? !!binary >
+          Zm9v
+        : "bar"
+        ? !!binary >
+          YmFy
+        : "baz"
+      YAML
+      result.should == {"foo" => "bar", "bar" => "baz"}
+    end
+    it "works for YAML documents with binary tagged values" do
+      result = YAML.safe_load <<-YAML
+        "foo": !!binary >
+          YmFy
+        "bar": !!binary >
+          YmF6
+      YAML
+      result.should == {"foo" => "bar", "bar" => "baz"}
+    end
+    it "works for YAML documents with binary tagged array values" do
+      result = YAML.safe_load <<-YAML
+        - !binary |-
+          Zm9v
+        - !binary |-
+          YmFy
+      YAML
+      result.should == ["foo", "bar"]
+    end
+    it "works for YAML documents with sections" do
+      result = YAML.safe_load <<-YAML
+        mysql: &mysql
+          adapter: mysql
+          pool: 30
+        login: &login
+          username: user
+          password: password123
+        development: &development
+          <<: *mysql
+          <<: *login
+          host: localhost
+      YAML
+      result.should == {
+        "mysql" => {
+          "adapter" => "mysql",
+          "pool"    => 30
+        },
+        "login" => {
+          "username" => "user",
+          "password" => "password123"
+        },
+        "development" => {
+          "adapter"  => "mysql",
+          "pool"     => 30,
+          "username" => "user",
+          "password" => "password123",
+          "host"     => "localhost"
+        }
+      }
+    end
+    it "correctly prefers explicitly defined values over default values from included sections" do
+      # Repeating this test 100 times to increase the likelihood of running into an issue caused by
+      # non-deterministic hash key enumeration.
+      100.times do
+        result = YAML.safe_load <<-YAML
+          defaults: &defaults
+            foo: foo
+            bar: bar
+            baz: baz
+          custom:
+            <<: *defaults
+            bar: custom_bar
+            baz: custom_baz
+        YAML
+        result["custom"].should == {
+          "foo" => "foo",
+          "bar" => "custom_bar",
+          "baz" => "custom_baz"
+        }
+      end
+    end
+    it "works with multi-level inheritance" do
+      result = YAML.safe_load <<-YAML
+        defaults: &defaults
+          foo: foo
+          bar: bar
+          baz: baz
+        custom: &custom
+          <<: *defaults
+          bar: custom_bar
+          baz: custom_baz
+        grandcustom: &grandcustom
+          <<: *custom
+      YAML
+      result.should == {
+        "defaults"    => { "foo" => "foo", "bar" => "bar", "baz" => "baz" },
+        "custom"      => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" },
+        "grandcustom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" }
+      }
+    end
+    it "returns false when parsing an empty document" do
+      result = YAML.safe_load ""
+      result.should == false
+    end
+    context "with custom initializers defined" do
+      before :each do
+        if SafeYAML::YAML_ENGINE == "psych"
+          SafeYAML::OPTIONS[:custom_initializers] = {
+            "!set" => lambda { Set.new },
+            "!hashiemash" => lambda { Hashie::Mash.new }
+          }
+        else
+          SafeYAML::OPTIONS[:custom_initializers] = {
+            "tag:yaml.org,2002:set" => lambda { Set.new },
+            "tag:yaml.org,2002:hashiemash" => lambda { Hashie::Mash.new }
+          }
+        end
+      end
+      it "will use a custom initializer to instantiate an array-like class upon deserialization" do
+        result = YAML.safe_load <<-YAML.unindent
+          --- !set
+          - 1
+          - 2
+          - 3
+        YAML
+        result.should be_a(Set)
+        result.to_a.should =~ [1, 2, 3]
+      end
+      it "will use a custom initializer to instantiate a hash-like class upon deserialization" do
+        result = YAML.safe_load <<-YAML.unindent
+          --- !hashiemash
+          foo: bar
+        YAML
+        result.should be_a(Hashie::Mash)
+        result.to_hash.should == { "foo" => "bar" }
+      end
+    end
+    context "with special whitelisted tags defined" do
+      before :each do
+        SafeYAML::whitelist!(OpenStruct)
+        # Necessary for deserializing OpenStructs properly.
+        SafeYAML::OPTIONS[:deserialize_symbols] = true
+      end
+      it "will allow objects to be deserialized for whitelisted tags" do
+        result = YAML.safe_load("--- !ruby/object:OpenStruct\ntable:\n  foo: bar\n")
+        result.should be_a(OpenStruct)
+        result.instance_variable_get(:@table).should == { "foo" => "bar" }
+      end
+      it "will not deserialize objects without whitelisted tags" do
+        result = YAML.safe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
+        result.should_not be_a(ExploitableBackDoor)
+        result.should == { "foo" => "bar" }
+      end
+      it "will not allow non-whitelisted objects to be embedded within objects with whitelisted tags" do
+        result = YAML.safe_load <<-YAML.unindent
+          --- !ruby/object:OpenStruct
+          table:
+            :backdoor: !ruby/object:ExploitableBackDoor
+              foo: bar
+        YAML
+        result.should be_a(OpenStruct)
+        result.backdoor.should_not be_a(ExploitableBackDoor)
+        result.backdoor.should == { "foo" => "bar" }
+      end
+      context "with the :raise_on_unknown_tag option enabled" do
+        before :each do
+          SafeYAML::OPTIONS[:raise_on_unknown_tag] = true
+        end
+        after :each do
+          SafeYAML.restore_defaults!
+        end
+        it "raises an exception if a non-nil, non-whitelisted tag is encountered" do
+          lambda {
+            YAML.safe_load <<-YAML.unindent
+              --- !ruby/object:Unknown
+              foo: bar
+            YAML
+          }.should raise_error
+        end
+        it "checks all tags, even those within objects with trusted tags" do
+          lambda {
+            YAML.safe_load <<-YAML.unindent
+              --- !ruby/object:OpenStruct
+              table:
+                :backdoor: !ruby/object:Unknown
+                  foo: bar
+            YAML
+          }.should raise_error
+        end
+        it "does not raise an exception as long as all tags are whitelisted" do
+          result = YAML.safe_load <<-YAML.unindent
+            --- !ruby/object:OpenStruct
+            table:
+              :backdoor:
+                string: foo
+                integer: 1
+                float: 3.14
+                symbol: :bar
+                date: 2013-02-20
+                array: []
+                hash: {}
+          YAML
+          result.should be_a(OpenStruct)
+          result.backdoor.should == {
+            "string"  => "foo",
+            "integer" => 1,
+            "float"   => 3.14,
+            "symbol"  => :bar,
+            "date"    => Date.parse("2013-02-20"),
+            "array"   => [],
+            "hash"    => {}
+          }
+        end
+        it "does not raise an exception on the non-specific '!' tag" do
+          result = nil
+          expect { result = YAML.safe_load "--- ! 'foo'" }.to_not raise_error
+          result.should == "foo"
+        end
+        context "with whitelisted custom class" do
+          class SomeClass
+            attr_accessor :foo
+          end
+          let(:instance) { SomeClass.new }
+          before do
+            SafeYAML::whitelist!(SomeClass)
+            instance.foo = 'with trailing whitespace: '
+          end
+          it "does not raise an exception on the non-specific '!' tag" do
+            result = nil
+            expect { result = YAML.safe_load(instance.to_yaml) }.to_not raise_error
+            result.foo.should == 'with trailing whitespace: '
+          end
+        end
+      end
+    end
+    context "when options are passed direclty to #load which differ from the defaults" do
+      let(:default_options) { {} }
+      before :each do
+        SafeYAML::OPTIONS.merge!(default_options)
+      end
+      context "(for example, when symbol deserialization is enabled by default)" do
+        let(:default_options) { { :deserialize_symbols => true } }
+        it "goes with the default option when it is not overridden" do
+          silence_warnings do
+            YAML.load(":foo: bar").should == { :foo => "bar" }
+          end
+        end
+        it "allows the default option to be overridden on a per-call basis" do
+          silence_warnings do
+            YAML.load(":foo: bar", :deserialize_symbols => false).should == { ":foo" => "bar" }
+            YAML.load(":foo: bar", :deserialize_symbols => true).should == { :foo => "bar" }
+          end
+        end
+      end
+      context "(or, for example, when certain tags are whitelisted)" do
+        let(:default_options) {
+          {
+            :deserialize_symbols => true,
+            :whitelisted_tags => SafeYAML::YAML_ENGINE == "psych" ?
+              ["!ruby/object:OpenStruct"] :
+              ["tag:ruby.yaml.org,2002:object:OpenStruct"]
+          }
+        }
+        it "goes with the default option when it is not overridden" do
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
+          result.should be_a(OpenStruct)
+          result.foo.should == "bar"
+        end
+        it "allows the default option to be overridden on a per-call basis" do
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :whitelisted_tags => [])
+          result.should == { "table" => { :foo => "bar" } }
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :deserialize_symbols => false, :whitelisted_tags => [])
+          result.should == { "table" => { ":foo" => "bar" } }
+        end
+      end
+    end
+  end
+  describe "unsafe_load_file" do
+    if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.3"
+      it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
+        backdoor = YAML.unsafe_load_file "spec/exploit.1.9.3.yaml"
+        backdoor.should be_exploited_through_setter
+      end
+    end
+    if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.2"
+      it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
+        backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
+        backdoor.should be_exploited_through_init_with
+      end
+    end
+    it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
+      backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
+      backdoor.should be_exploited_through_ivars
+    end
+  end
+  describe "safe_load_file" do
+    it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
+      object = YAML.safe_load_file "spec/exploit.1.9.3.yaml"
+      object.should_not be_a(ExploitableBackDoor)
+    end
+    it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
+      object = YAML.safe_load_file "spec/exploit.1.9.2.yaml"
+      object.should_not be_a(ExploitableBackDoor)
+    end
+  end
+  describe "load" do
+    let(:options) { {} }
+    let (:arguments) {
+      if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        ["foo: bar", nil, options]
+      else
+        ["foo: bar", options]
+      end
+    }
+    context "as long as a :default_mode has been specified" do
+      it "doesn't issue a warning for safe mode, since an explicit mode has been set" do
+        SafeYAML::OPTIONS[:default_mode] = :safe
+        Kernel.should_not_receive(:warn)
+        YAML.load(*arguments)
+      end
+      it "doesn't issue a warning for unsafe mode, since an explicit mode has been set" do
+        SafeYAML::OPTIONS[:default_mode] = :unsafe
+        Kernel.should_not_receive(:warn)
+        YAML.load(*arguments)
+      end
+    end
+    context "when the :safe options is specified" do
+      let(:safe_mode) { true }
+      let(:options) { { :safe => safe_mode } }
+      it "doesn't issue a warning" do
+        Kernel.should_not_receive(:warn)
+        YAML.load(*arguments)
+      end
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load)
+        YAML.load(*arguments)
+      end
+      context "when the :safe option is set to false" do
+        let(:safe_mode) { false }
+        it "calls #unsafe_load if the :safe option is set to false" do
+          YAML.should_receive(:unsafe_load)
+          YAML.load(*arguments)
+        end
+      end
+    end
+    it "issues a warning when the :safe option is omitted" do
+      silence_warnings do
+        Kernel.should_receive(:warn)
+        YAML.load(*arguments)
+      end
+    end
+    it "only issues a warning once (to avoid spamming an app's output)" do
+      silence_warnings do
+        Kernel.should_receive(:warn).once
+        2.times { YAML.load(*arguments) }
+      end
+    end
+    it "defaults to safe mode if the :safe option is omitted" do
+      silence_warnings do
+        YAML.should_receive(:safe_load)
+        YAML.load(*arguments)
+      end
+    end
+    context "with the default mode set to :unsafe" do
+      before :each do
+        SafeYAML::OPTIONS[:default_mode] = :unsafe
+      end
+      it "defaults to unsafe mode if the :safe option is omitted" do
+        silence_warnings do
+          YAML.should_receive(:unsafe_load)
+          YAML.load(*arguments)
+        end
+      end
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load)
+        YAML.load(*(arguments + [{ :safe => true }]))
+      end
+    end
+  end
+  describe "load_file" do
+    let(:filename) { "spec/exploit.1.9.2.yaml" } # doesn't really matter
+    it "issues a warning if the :safe option is omitted" do
+      silence_warnings do
+        Kernel.should_receive(:warn)
+        YAML.load_file(filename)
+      end
+    end
+    it "doesn't issue a warning as long as the :safe option is specified" do
+      Kernel.should_not_receive(:warn)
+      YAML.load_file(filename, :safe => true)
+    end
+    it "defaults to safe mode if the :safe option is omitted" do
+      silence_warnings do
+        YAML.should_receive(:safe_load_file)
+        YAML.load_file(filename)
+      end
+    end
+    it "calls #safe_load_file if the :safe option is set to true" do
+      YAML.should_receive(:safe_load_file)
+      YAML.load_file(filename, :safe => true)
+    end
+    it "calls #unsafe_load_file if the :safe option is set to false" do
+      YAML.should_receive(:unsafe_load_file)
+      YAML.load_file(filename, :safe => false)
+    end
+    context "with arbitrary object deserialization enabled by default" do
+      before :each do
+        SafeYAML::OPTIONS[:default_mode] = :unsafe
+      end
+      it "defaults to unsafe mode if the :safe option is omitted" do
+        silence_warnings do
+          YAML.should_receive(:unsafe_load_file)
+          YAML.load_file(filename)
+        end
+      end
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load_file)
+        YAML.load_file(filename, :safe => true)
+      end
+    end
+  end
+  describe "whitelist!" do
+    context "not a class" do
+      it "should raise" do
+        expect { SafeYAML::whitelist! :foo }.to raise_error(/not a Class/)
+        SafeYAML::OPTIONS[:whitelisted_tags].should be_empty
+      end
+    end
+    context "anonymous class" do
+      it "should raise" do
+        expect { SafeYAML::whitelist! Class.new }.to raise_error(/cannot be anonymous/)
+        SafeYAML::OPTIONS[:whitelisted_tags].should be_empty
+      end
+    end
+    context "with a Class as its argument" do
+      it "should configure correctly" do
+        expect { SafeYAML::whitelist! OpenStruct }.to_not raise_error
+        SafeYAML::OPTIONS[:whitelisted_tags].grep(/OpenStruct\Z/).should_not be_empty
+      end
+      it "successfully deserializes the specified class" do
+        SafeYAML.whitelist!(OpenStruct)
+        # necessary for properly assigning OpenStruct attributes
+        SafeYAML::OPTIONS[:deserialize_symbols] = true
+        result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
+        result.should be_a(OpenStruct)
+        result.foo.should == "bar"
+      end
+      it "works for ranges" do
+        SafeYAML.whitelist!(Range)
+        safe_load_round_trip(1..10).should == (1..10)
+      end
+      it "works for regular expressions" do
+        SafeYAML.whitelist!(Regexp)
+        safe_load_round_trip(/foo/).should == /foo/
+      end
+      it "works for multiple classes" do
+        SafeYAML.whitelist!(Range, Regexp)
+        safe_load_round_trip([(1..10), /bar/]).should == [(1..10), /bar/]
+      end
+      it "works for arbitrary Exception subclasses" do
+        class CustomException < Exception
+          attr_reader :custom_message
+          def initialize(custom_message)
+            @custom_message = custom_message
+          end
+        end
+        SafeYAML.whitelist!(CustomException)
+        ex = safe_load_round_trip(CustomException.new("blah"))
+        ex.should be_a(CustomException)
+        ex.custom_message.should == "blah"
+      end
+    end
+  end
+end