safe_yaml 0.1 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +3 -0
- data/.travis.yml +48 -0
- data/CHANGES.md +154 -0
- data/Gemfile +3 -1
- data/LICENSE.txt +22 -0
- data/README.md +191 -0
- data/Rakefile +22 -2
- data/bin/safe_yaml +75 -0
- data/bundle_install_all_ruby_versions.sh +11 -0
- data/lib/safe_yaml.rb +90 -6
- data/lib/safe_yaml/deep.rb +34 -0
- data/lib/safe_yaml/libyaml_checker.rb +36 -0
- data/lib/safe_yaml/load.rb +181 -0
- data/lib/safe_yaml/parse/date.rb +37 -0
- data/lib/safe_yaml/parse/hexadecimal.rb +12 -0
- data/lib/safe_yaml/parse/sexagesimal.rb +26 -0
- data/lib/safe_yaml/psych_handler.rb +99 -0
- data/lib/safe_yaml/psych_resolver.rb +52 -0
- data/lib/safe_yaml/resolver.rb +94 -0
- data/lib/safe_yaml/safe_to_ruby_visitor.rb +29 -0
- data/lib/safe_yaml/store.rb +39 -0
- data/lib/safe_yaml/syck_hack.rb +36 -0
- data/lib/safe_yaml/syck_node_monkeypatch.rb +43 -0
- data/lib/safe_yaml/syck_resolver.rb +38 -0
- data/lib/safe_yaml/transform.rb +41 -0
- data/lib/safe_yaml/transform/to_boolean.rb +21 -0
- data/lib/safe_yaml/transform/to_date.rb +13 -0
- data/lib/safe_yaml/transform/to_float.rb +33 -0
- data/lib/safe_yaml/transform/to_integer.rb +26 -0
- data/lib/safe_yaml/transform/to_nil.rb +18 -0
- data/lib/safe_yaml/transform/to_symbol.rb +17 -0
- data/lib/safe_yaml/transform/transformation_map.rb +47 -0
- data/lib/{version.rb → safe_yaml/version.rb} +1 -1
- data/run_specs_all_ruby_versions.sh +38 -0
- data/safe_yaml.gemspec +11 -8
- data/spec/exploit.1.9.2.yaml +2 -0
- data/spec/exploit.1.9.3.yaml +2 -0
- data/spec/issue48.txt +20 -0
- data/spec/issue49.yml +0 -0
- data/spec/libyaml_checker_spec.rb +69 -0
- data/spec/psych_resolver_spec.rb +10 -0
- data/spec/resolver_specs.rb +278 -0
- data/spec/safe_yaml_spec.rb +697 -23
- data/spec/spec_helper.rb +37 -2
- data/spec/store_spec.rb +57 -0
- data/spec/support/exploitable_back_door.rb +13 -7
- data/spec/syck_resolver_spec.rb +10 -0
- data/spec/transform/base64_spec.rb +11 -0
- data/spec/transform/to_date_spec.rb +60 -0
- data/spec/transform/to_float_spec.rb +42 -0
- data/spec/transform/to_integer_spec.rb +64 -0
- data/spec/transform/to_symbol_spec.rb +51 -0
- data/spec/yaml_spec.rb +15 -0
- metadata +78 -24
- data/Gemfile.lock +0 -28
- data/lib/handler.rb +0 -86
- data/spec/handler_spec.rb +0 -108
data/Gemfile.lock
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
safe_yaml (0.1)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: http://rubygems.org/
|
8
|
-
specs:
|
9
|
-
diff-lcs (1.1.3)
|
10
|
-
heredoc_unindent (1.1.2)
|
11
|
-
rake (10.0.3)
|
12
|
-
rspec (2.12.0)
|
13
|
-
rspec-core (~> 2.12.0)
|
14
|
-
rspec-expectations (~> 2.12.0)
|
15
|
-
rspec-mocks (~> 2.12.0)
|
16
|
-
rspec-core (2.12.2)
|
17
|
-
rspec-expectations (2.12.1)
|
18
|
-
diff-lcs (~> 1.1.3)
|
19
|
-
rspec-mocks (2.12.1)
|
20
|
-
|
21
|
-
PLATFORMS
|
22
|
-
ruby
|
23
|
-
|
24
|
-
DEPENDENCIES
|
25
|
-
heredoc_unindent
|
26
|
-
rake
|
27
|
-
rspec
|
28
|
-
safe_yaml!
|
data/lib/handler.rb
DELETED
@@ -1,86 +0,0 @@
|
|
1
|
-
require "yaml"
|
2
|
-
|
3
|
-
module SafeYAML
|
4
|
-
class Handler < Psych::Handler
|
5
|
-
def initialize
|
6
|
-
@stack = []
|
7
|
-
end
|
8
|
-
|
9
|
-
def result
|
10
|
-
@result
|
11
|
-
end
|
12
|
-
|
13
|
-
def add_to_current_structure(value)
|
14
|
-
if @result.nil?
|
15
|
-
@result = value
|
16
|
-
@current_structure = @result
|
17
|
-
return
|
18
|
-
end
|
19
|
-
|
20
|
-
case @current_structure
|
21
|
-
when Array
|
22
|
-
@current_structure.push(transform_value(value))
|
23
|
-
|
24
|
-
when Hash
|
25
|
-
if @current_key.nil?
|
26
|
-
@current_key = transform_value(value)
|
27
|
-
else
|
28
|
-
@current_structure[@current_key] = transform_value(value)
|
29
|
-
@current_key = nil
|
30
|
-
end
|
31
|
-
|
32
|
-
else
|
33
|
-
raise "Don't know how to add to a #{@current_structure.class}!"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def transform_value(value)
|
38
|
-
if value.is_a?(String)
|
39
|
-
if value.match(/^:\w+$/)
|
40
|
-
return value[1..-1].to_sym
|
41
|
-
|
42
|
-
elsif value.match(/^\d+$/)
|
43
|
-
return value.to_i
|
44
|
-
|
45
|
-
elsif value.match(/^\d+(?:\.\d*)?$/) || value.match(/^\.\d+$/)
|
46
|
-
return value.to_f
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
value
|
51
|
-
end
|
52
|
-
|
53
|
-
def streaming?
|
54
|
-
false
|
55
|
-
end
|
56
|
-
|
57
|
-
# event handlers
|
58
|
-
def scalar(value, anchor, tag, plain, quoted, style)
|
59
|
-
add_to_current_structure(value)
|
60
|
-
end
|
61
|
-
|
62
|
-
def start_mapping(*args) # anchor, tag, implicit, style
|
63
|
-
map = {}
|
64
|
-
self.add_to_current_structure(map)
|
65
|
-
@current_structure = map
|
66
|
-
@stack.push(map)
|
67
|
-
end
|
68
|
-
|
69
|
-
def end_mapping
|
70
|
-
@stack.pop
|
71
|
-
@current_structure = @stack.last
|
72
|
-
end
|
73
|
-
|
74
|
-
def start_sequence(*args) # anchor, tag, implicit, style
|
75
|
-
seq = []
|
76
|
-
self.add_to_current_structure(seq)
|
77
|
-
@current_structure = seq
|
78
|
-
@stack.push(seq)
|
79
|
-
end
|
80
|
-
|
81
|
-
def end_sequence
|
82
|
-
@stack.pop
|
83
|
-
@current_structure = @stack.last
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
data/spec/handler_spec.rb
DELETED
@@ -1,108 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), "spec_helper")
|
2
|
-
|
3
|
-
require "handler"
|
4
|
-
|
5
|
-
describe SafeYAML::Handler do
|
6
|
-
let(:handler) { SafeYAML::Handler.new }
|
7
|
-
let(:parser) { Psych::Parser.new(handler) }
|
8
|
-
let(:result) { handler.result }
|
9
|
-
|
10
|
-
def parse(yaml)
|
11
|
-
parser.parse(yaml.unindent)
|
12
|
-
end
|
13
|
-
|
14
|
-
it "translates most values to strings" do
|
15
|
-
parser.parse "key: value"
|
16
|
-
result.should == { "key" => "value" }
|
17
|
-
end
|
18
|
-
|
19
|
-
it "translates values starting with ':' to symbols" do
|
20
|
-
parser.parse ":key: value"
|
21
|
-
result.should == { :key => "value" }
|
22
|
-
end
|
23
|
-
|
24
|
-
it "translates valid integral numbers to integers" do
|
25
|
-
parser.parse "integer: 1"
|
26
|
-
result.should == { "integer" => 1 }
|
27
|
-
end
|
28
|
-
|
29
|
-
it "translates valid decimal numbers to floats" do
|
30
|
-
parser.parse "float: 3.14"
|
31
|
-
result.should == { "float" => 3.14 }
|
32
|
-
end
|
33
|
-
|
34
|
-
it "applies the same transformations to values as to keys" do
|
35
|
-
parse <<-YAML
|
36
|
-
string: value
|
37
|
-
symbol: :value
|
38
|
-
integer: 1
|
39
|
-
float: 3.14
|
40
|
-
YAML
|
41
|
-
|
42
|
-
result.should == {
|
43
|
-
"string" => "value",
|
44
|
-
"symbol" => :value,
|
45
|
-
"integer" => 1,
|
46
|
-
"float" => 3.14
|
47
|
-
}
|
48
|
-
end
|
49
|
-
|
50
|
-
it "translates sequences to arrays" do
|
51
|
-
parse <<-YAML
|
52
|
-
- foo
|
53
|
-
- bar
|
54
|
-
- baz
|
55
|
-
YAML
|
56
|
-
|
57
|
-
result.should == ["foo", "bar", "baz"]
|
58
|
-
end
|
59
|
-
|
60
|
-
it "applies the same transformations to elements in sequences as to all values" do
|
61
|
-
parse <<-YAML
|
62
|
-
- string
|
63
|
-
- :symbol
|
64
|
-
- 1
|
65
|
-
- 3.14
|
66
|
-
YAML
|
67
|
-
|
68
|
-
result.should == ["string", :symbol, 1, 3.14]
|
69
|
-
end
|
70
|
-
|
71
|
-
it "translates maps to hashes" do
|
72
|
-
parse <<-YAML
|
73
|
-
foo: blah
|
74
|
-
bar: glah
|
75
|
-
baz: flah
|
76
|
-
YAML
|
77
|
-
|
78
|
-
result.should == {
|
79
|
-
"foo" => "blah",
|
80
|
-
"bar" => "glah",
|
81
|
-
"baz" => "flah"
|
82
|
-
}
|
83
|
-
end
|
84
|
-
|
85
|
-
it "applies the same transformations to values in hashes as to all values" do
|
86
|
-
parse <<-YAML
|
87
|
-
foo: :symbol
|
88
|
-
bar: 1
|
89
|
-
baz: 3.14
|
90
|
-
YAML
|
91
|
-
|
92
|
-
result.should == {
|
93
|
-
"foo" => :symbol,
|
94
|
-
"bar" => 1,
|
95
|
-
"baz" => 3.14
|
96
|
-
}
|
97
|
-
end
|
98
|
-
|
99
|
-
it "deals just fine with nested maps" do
|
100
|
-
parse <<-YAML
|
101
|
-
foo:
|
102
|
-
bar:
|
103
|
-
marco: polo
|
104
|
-
YAML
|
105
|
-
|
106
|
-
result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
|
107
|
-
end
|
108
|
-
end
|