RubyGems - safe_yaml - Versions diffs - 0.1 → 0.2 - Mend

safe_yaml 0.1 → 0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/.gitignore +1 -0
data/lib/safe_yaml.rb +2 -2
data/lib/{handler.rb → safe_yaml/handler.rb} +47 -14
data/lib/{version.rb → safe_yaml/version.rb} +1 -1
data/safe_yaml.gemspec +6 -4
data/spec/handler_spec.rb +65 -1
metadata +22 -6

data/.gitignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ dist/

data/lib/safe_yaml.rb CHANGED Viewed

@@ -1,5 +1,5 @@
-require "yaml"
-require "handler"
+require "safe_yaml/handler"
+require "safe_yaml/version"
 module YAML
   def self.safe_load(yaml)

data/lib/{handler.rb → safe_yaml/handler.rb} RENAMED Viewed

@@ -2,7 +2,20 @@ require "yaml"
 module SafeYAML
   class Handler < Psych::Handler
+    PREDEFINED_VALUES = {
+      ""      => nil,
+      "~"     => nil,
+      "null"  => nil,
+      "yes"   => true,
+      "on"    => true,
+      "true"  => true,
+      "no"    => false,
+      "off"   => false,
+      "false" => false
+    }.freeze
     def initialize
+      @anchors = {}
       @stack = []
     end
@@ -10,7 +23,11 @@ module SafeYAML
       @result
     end
-    def add_to_current_structure(value)
+    def add_to_current_structure(value, anchor=nil)
+      value = transform_value(value)
+      @anchors[anchor] = value if anchor
       if @result.nil?
         @result = value
         @current_structure = @result
@@ -19,13 +36,19 @@ module SafeYAML
       case @current_structure
       when Array
-        @current_structure.push(transform_value(value))
+        @current_structure.push(value)
       when Hash
         if @current_key.nil?
-          @current_key = transform_value(value)
+          @current_key = value
         else
-          @current_structure[@current_key] = transform_value(value)
+          if @current_key == "<<"
+            @current_structure.merge!(value)
+          else
+            @current_structure[@current_key] = value
+          end
           @current_key = nil
         end
@@ -36,7 +59,10 @@ module SafeYAML
     def transform_value(value)
       if value.is_a?(String)
-        if value.match(/^:\w+$/)
+        if PREDEFINED_VALUES.include?(value.downcase)
+          return PREDEFINED_VALUES[value.downcase]
+        elsif value.match(/^:\w+$/)
           return value[1..-1].to_sym
         elsif value.match(/^\d+$/)
@@ -50,37 +76,44 @@ module SafeYAML
       value
     end
+    def end_current_structure
+      @stack.pop
+      @current_structure = @stack.last
+    end
     def streaming?
       false
     end
     # event handlers
+    def alias(anchor)
+      add_to_current_structure(@anchors[anchor])
+    end
     def scalar(value, anchor, tag, plain, quoted, style)
-      add_to_current_structure(value)
+      add_to_current_structure(value, anchor)
     end
-    def start_mapping(*args) # anchor, tag, implicit, style
+    def start_mapping(anchor, tag, implicit, style)
       map = {}
-      self.add_to_current_structure(map)
+      self.add_to_current_structure(map, anchor)
       @current_structure = map
       @stack.push(map)
     end
     def end_mapping
-      @stack.pop
-      @current_structure = @stack.last
+      self.end_current_structure()
     end
-    def start_sequence(*args) # anchor, tag, implicit, style
+    def start_sequence(anchor, tag, implicit, style)
       seq = []
-      self.add_to_current_structure(seq)
+      self.add_to_current_structure(seq, anchor)
       @current_structure = seq
       @stack.push(seq)
     end
     def end_sequence
-      @stack.pop
-      @current_structure = @stack.last
+      self.end_current_structure()
     end
   end
 end

data/lib/{version.rb → safe_yaml/version.rb} RENAMED Viewed

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.1"
+  VERSION = "0.2"
 end

data/safe_yaml.gemspec CHANGED Viewed

@@ -1,10 +1,11 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path("../lib/version", __FILE__)
+require File.join(File.dirname(__FILE__), "lib", "safe_yaml", "version")
 Gem::Specification.new do |gem|
   gem.name          = "safe_yaml"
-  gem.authors       = ["Dan Tao"]
-  gem.email         = ["daniel.tao@gmail.com"]
+  gem.version       = SafeYAML::VERSION
+  gem.authors       = "Dan Tao"
+  gem.email         = "daniel.tao@gmail.com"
   gem.description   = %q{Parse (simple) YAML safely, without that pesky arbitrary code execution vulnerability.}
   gem.summary       = %q{SameYAML adds a ::safe_load method to Ruby's built-in YAML module to parse YAML data for only basic types (strings, symbols, numbers, arrays, and hashes).}
   gem.homepage      = "http://dtao.github.com/safe_yaml/"
@@ -12,5 +13,6 @@ Gem::Specification.new do |gem|
   gem.files         = `git ls-files`.split($\)
   gem.test_files    = gem.files.grep(%r{^spec/})
   gem.require_paths = ["lib"]
-  gem.version       = SafeYAML::VERSION
+  gem.add_dependency("psych")
 end

data/spec/handler_spec.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require File.join(File.dirname(__FILE__), "spec_helper")
-require "handler"
+require "safe_yaml/handler"
 describe SafeYAML::Handler do
   let(:handler) { SafeYAML::Handler.new }
@@ -31,6 +31,27 @@ describe SafeYAML::Handler do
     result.should == { "float" => 3.14 }
   end
+  it "translates valid true/false values to booleans" do
+    parser.parse <<-YAML
+      - yes
+      - true
+      - no
+      - false
+    YAML
+    result.should == [true, true, false, false]
+  end
+  it "translates valid nulls to nil" do
+    parser.parse <<-YAML
+      -
+      - ~
+      - null
+    YAML
+    result.should == [nil] * 3
+  end
   it "applies the same transformations to values as to keys" do
     parse <<-YAML
       string: value
@@ -105,4 +126,47 @@ describe SafeYAML::Handler do
     result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
   end
+  it "deals just fine with aliases and anchors" do
+    parse <<-YAML
+      - &id001 {}
+      - *id001
+      - *id001
+    YAML
+    result.should == [{}, {}, {}]
+  end
+  it "deals just fine with sections" do
+    parse <<-YAML
+      mysql: &mysql
+        adapter: mysql
+        pool: 30
+      login: &login
+        username: dan
+        password: gobbledygook
+      local: &local
+        <<: *mysql
+        <<: *login
+        host: localhost
+    YAML
+    result.should == {
+      "mysql" => {
+        "adapter" => "mysql",
+        "pool"    => 30
+      },
+      "login" => {
+        "username" => "dan",
+        "password" => "gobbledygook"
+      },
+      "local" => {
+        "adapter"  => "mysql",
+        "pool"     => 30,
+        "username" => "dan",
+        "password" => "gobbledygook",
+        "host"     => "localhost"
+      }
+    }
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: '0.1'
+  version: '0.2'
   prerelease:
 platform: ruby
 authors:
@@ -10,21 +10,37 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2013-01-17 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: psych
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Parse (simple) YAML safely, without that pesky arbitrary code execution
   vulnerability.
-email:
-- daniel.tao@gmail.com
+email: daniel.tao@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
 - Gemfile
 - Gemfile.lock
 - Rakefile
-- lib/handler.rb
 - lib/safe_yaml.rb
-- lib/version.rb
+- lib/safe_yaml/handler.rb
+- lib/safe_yaml/version.rb
 - safe_yaml.gemspec
 - spec/handler_spec.rb
 - spec/safe_yaml_spec.rb