RubyGems - safe_yaml - Versions diffs - 0.1 → 0.2 - Mend

safe_yaml 0.1 → 0.2

Files changed (7) hide show

data/.gitignore +1 -0
data/lib/safe_yaml.rb +2 -2
data/lib/{handler.rb → safe_yaml/handler.rb} +47 -14
data/lib/{version.rb → safe_yaml/version.rb} +1 -1
data/safe_yaml.gemspec +6 -4
data/spec/handler_spec.rb +65 -1
metadata +22 -6

data/.gitignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ dist/

data/lib/safe_yaml.rb CHANGED Viewed

@@ -1,5 +1,5 @@
-require "yaml"
-require "handler"
+require "safe_yaml/handler"
+require "safe_yaml/version"
 module YAML
   def self.safe_load(yaml)

data/lib/{handler.rb → safe_yaml/handler.rb} RENAMED Viewed

@@ -2,7 +2,20 @@ require "yaml"
 module SafeYAML
   class Handler < Psych::Handler
+    PREDEFINED_VALUES = {
+      ""      => nil,
+      "~"     => nil,
+      "null"  => nil,
+      "yes"   => true,
+      "on"    => true,
+      "true"  => true,
+      "no"    => false,
+      "off"   => false,
+      "false" => false
+    }.freeze
     def initialize
+      @anchors = {}
       @stack = []
     end
@@ -10,7 +23,11 @@ module SafeYAML
       @result
     end
-    def add_to_current_structure(value)
+    def add_to_current_structure(value, anchor=nil)
+      value = transform_value(value)
+      @anchors[anchor] = value if anchor
       if @result.nil?
         @result = value
         @current_structure = @result
@@ -19,13 +36,19 @@ module SafeYAML
       case @current_structure
       when Array
-        @current_structure.push(transform_value(value))
+        @current_structure.push(value)
       when Hash
         if @current_key.nil?
-          @current_key = transform_value(value)
+          @current_key = value
         else
-          @current_structure[@current_key] = transform_value(value)
+          if @current_key == "<<"
+            @current_structure.merge!(value)
+          else
+            @current_structure[@current_key] = value
+          end
           @current_key = nil
         end
@@ -36,7 +59,10 @@ module SafeYAML
     def transform_value(value)
       if value.is_a?(String)
-        if value.match(/^:\w+$/)
+        if PREDEFINED_VALUES.include?(value.downcase)
+          return PREDEFINED_VALUES[value.downcase]
+        elsif value.match(/^:\w+$/)
           return value[1..-1].to_sym
         elsif value.match(/^\d+$/)
@@ -50,37 +76,44 @@ module SafeYAML
       value
     end
+    def end_current_structure
+      @stack.pop
+      @current_structure = @stack.last
+    end
     def streaming?
       false
     end
     # event handlers
+    def alias(anchor)
+      add_to_current_structure(@anchors[anchor])
+    end
     def scalar(value, anchor, tag, plain, quoted, style)
-      add_to_current_structure(value)
+      add_to_current_structure(value, anchor)
     end
-    def start_mapping(*args) # anchor, tag, implicit, style
+    def start_mapping(anchor, tag, implicit, style)
       map = {}
-      self.add_to_current_structure(map)
+      self.add_to_current_structure(map, anchor)
       @current_structure = map
       @stack.push(map)
     end
     def end_mapping
-      @stack.pop
-      @current_structure = @stack.last
+      self.end_current_structure()
     end
-    def start_sequence(*args) # anchor, tag, implicit, style
+    def start_sequence(anchor, tag, implicit, style)
       seq = []
-      self.add_to_current_structure(seq)
+      self.add_to_current_structure(seq, anchor)
       @current_structure = seq
       @stack.push(seq)
     end
     def end_sequence
-      @stack.pop
-      @current_structure = @stack.last
+      self.end_current_structure()
     end
   end
 end

data/lib/{version.rb → safe_yaml/version.rb} RENAMED Viewed

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.1"
+  VERSION = "0.2"
 end

data/safe_yaml.gemspec CHANGED Viewed

@@ -1,10 +1,11 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path("../lib/version", __FILE__)
+require File.join(File.dirname(__FILE__), "lib", "safe_yaml", "version")
 Gem::Specification.new do |gem|
   gem.name          = "safe_yaml"
-  gem.authors       = ["Dan Tao"]
-  gem.email         = ["daniel.tao@gmail.com"]
+  gem.version       = SafeYAML::VERSION
+  gem.authors       = "Dan Tao"
+  gem.email         = "daniel.tao@gmail.com"
   gem.description   = %q{Parse (simple) YAML safely, without that pesky arbitrary code execution vulnerability.}
   gem.summary       = %q{SameYAML adds a ::safe_load method to Ruby's built-in YAML module to parse YAML data for only basic types (strings, symbols, numbers, arrays, and hashes).}
   gem.homepage      = "http://dtao.github.com/safe_yaml/"
@@ -12,5 +13,6 @@ Gem::Specification.new do |gem|
   gem.files         = `git ls-files`.split($\)
   gem.test_files    = gem.files.grep(%r{^spec/})
   gem.require_paths = ["lib"]
-  gem.version       = SafeYAML::VERSION
+  gem.add_dependency("psych")
 end

data/spec/handler_spec.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require File.join(File.dirname(__FILE__), "spec_helper")
-require "handler"
+require "safe_yaml/handler"
 describe SafeYAML::Handler do
   let(:handler) { SafeYAML::Handler.new }
@@ -31,6 +31,27 @@ describe SafeYAML::Handler do
     result.should == { "float" => 3.14 }
   end
+  it "translates valid true/false values to booleans" do
+    parser.parse <<-YAML
+      - yes
+      - true
+      - no
+      - false
+    YAML
+    result.should == [true, true, false, false]
+  end
+  it "translates valid nulls to nil" do
+    parser.parse <<-YAML
+      -
+      - ~
+      - null
+    YAML
+    result.should == [nil] * 3
+  end
   it "applies the same transformations to values as to keys" do
     parse <<-YAML
       string: value
@@ -105,4 +126,47 @@ describe SafeYAML::Handler do
     result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
   end
+  it "deals just fine with aliases and anchors" do
+    parse <<-YAML
+      - &id001 {}
+      - *id001
+      - *id001
+    YAML
+    result.should == [{}, {}, {}]
+  end
+  it "deals just fine with sections" do
+    parse <<-YAML
+      mysql: &mysql
+        adapter: mysql
+        pool: 30
+      login: &login
+        username: dan
+        password: gobbledygook
+      local: &local
+        <<: *mysql
+        <<: *login
+        host: localhost
+    YAML
+    result.should == {
+      "mysql" => {
+        "adapter" => "mysql",
+        "pool"    => 30
+      },
+      "login" => {
+        "username" => "dan",
+        "password" => "gobbledygook"
+      },
+      "local" => {
+        "adapter"  => "mysql",
+        "pool"     => 30,
+        "username" => "dan",
+        "password" => "gobbledygook",
+        "host"     => "localhost"
+      }
+    }
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: '0.1'
+  version: '0.2'
   prerelease:
 platform: ruby
 authors:
@@ -10,21 +10,37 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2013-01-17 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: psych
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Parse (simple) YAML safely, without that pesky arbitrary code execution
   vulnerability.
-email:
-- daniel.tao@gmail.com
+email: daniel.tao@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
 - Gemfile
 - Gemfile.lock
 - Rakefile
-- lib/handler.rb
 - lib/safe_yaml.rb
-- lib/version.rb
+- lib/safe_yaml/handler.rb
+- lib/safe_yaml/version.rb
 - safe_yaml.gemspec
 - spec/handler_spec.rb
 - spec/safe_yaml_spec.rb