safe_yaml 0.1 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +3 -0
- data/.travis.yml +48 -0
- data/CHANGES.md +154 -0
- data/Gemfile +3 -1
- data/LICENSE.txt +22 -0
- data/README.md +191 -0
- data/Rakefile +22 -2
- data/bin/safe_yaml +75 -0
- data/bundle_install_all_ruby_versions.sh +11 -0
- data/lib/safe_yaml.rb +90 -6
- data/lib/safe_yaml/deep.rb +34 -0
- data/lib/safe_yaml/libyaml_checker.rb +36 -0
- data/lib/safe_yaml/load.rb +181 -0
- data/lib/safe_yaml/parse/date.rb +37 -0
- data/lib/safe_yaml/parse/hexadecimal.rb +12 -0
- data/lib/safe_yaml/parse/sexagesimal.rb +26 -0
- data/lib/safe_yaml/psych_handler.rb +99 -0
- data/lib/safe_yaml/psych_resolver.rb +52 -0
- data/lib/safe_yaml/resolver.rb +94 -0
- data/lib/safe_yaml/safe_to_ruby_visitor.rb +29 -0
- data/lib/safe_yaml/store.rb +39 -0
- data/lib/safe_yaml/syck_hack.rb +36 -0
- data/lib/safe_yaml/syck_node_monkeypatch.rb +43 -0
- data/lib/safe_yaml/syck_resolver.rb +38 -0
- data/lib/safe_yaml/transform.rb +41 -0
- data/lib/safe_yaml/transform/to_boolean.rb +21 -0
- data/lib/safe_yaml/transform/to_date.rb +13 -0
- data/lib/safe_yaml/transform/to_float.rb +33 -0
- data/lib/safe_yaml/transform/to_integer.rb +26 -0
- data/lib/safe_yaml/transform/to_nil.rb +18 -0
- data/lib/safe_yaml/transform/to_symbol.rb +17 -0
- data/lib/safe_yaml/transform/transformation_map.rb +47 -0
- data/lib/{version.rb → safe_yaml/version.rb} +1 -1
- data/run_specs_all_ruby_versions.sh +38 -0
- data/safe_yaml.gemspec +11 -8
- data/spec/exploit.1.9.2.yaml +2 -0
- data/spec/exploit.1.9.3.yaml +2 -0
- data/spec/issue48.txt +20 -0
- data/spec/issue49.yml +0 -0
- data/spec/libyaml_checker_spec.rb +69 -0
- data/spec/psych_resolver_spec.rb +10 -0
- data/spec/resolver_specs.rb +278 -0
- data/spec/safe_yaml_spec.rb +697 -23
- data/spec/spec_helper.rb +37 -2
- data/spec/store_spec.rb +57 -0
- data/spec/support/exploitable_back_door.rb +13 -7
- data/spec/syck_resolver_spec.rb +10 -0
- data/spec/transform/base64_spec.rb +11 -0
- data/spec/transform/to_date_spec.rb +60 -0
- data/spec/transform/to_float_spec.rb +42 -0
- data/spec/transform/to_integer_spec.rb +64 -0
- data/spec/transform/to_symbol_spec.rb +51 -0
- data/spec/yaml_spec.rb +15 -0
- metadata +78 -24
- data/Gemfile.lock +0 -28
- data/lib/handler.rb +0 -86
- data/spec/handler_spec.rb +0 -108
data/Gemfile.lock
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
safe_yaml (0.1)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: http://rubygems.org/
|
8
|
-
specs:
|
9
|
-
diff-lcs (1.1.3)
|
10
|
-
heredoc_unindent (1.1.2)
|
11
|
-
rake (10.0.3)
|
12
|
-
rspec (2.12.0)
|
13
|
-
rspec-core (~> 2.12.0)
|
14
|
-
rspec-expectations (~> 2.12.0)
|
15
|
-
rspec-mocks (~> 2.12.0)
|
16
|
-
rspec-core (2.12.2)
|
17
|
-
rspec-expectations (2.12.1)
|
18
|
-
diff-lcs (~> 1.1.3)
|
19
|
-
rspec-mocks (2.12.1)
|
20
|
-
|
21
|
-
PLATFORMS
|
22
|
-
ruby
|
23
|
-
|
24
|
-
DEPENDENCIES
|
25
|
-
heredoc_unindent
|
26
|
-
rake
|
27
|
-
rspec
|
28
|
-
safe_yaml!
|
data/lib/handler.rb
DELETED
@@ -1,86 +0,0 @@
|
|
1
|
-
require "yaml"
|
2
|
-
|
3
|
-
module SafeYAML
|
4
|
-
class Handler < Psych::Handler
|
5
|
-
def initialize
|
6
|
-
@stack = []
|
7
|
-
end
|
8
|
-
|
9
|
-
def result
|
10
|
-
@result
|
11
|
-
end
|
12
|
-
|
13
|
-
def add_to_current_structure(value)
|
14
|
-
if @result.nil?
|
15
|
-
@result = value
|
16
|
-
@current_structure = @result
|
17
|
-
return
|
18
|
-
end
|
19
|
-
|
20
|
-
case @current_structure
|
21
|
-
when Array
|
22
|
-
@current_structure.push(transform_value(value))
|
23
|
-
|
24
|
-
when Hash
|
25
|
-
if @current_key.nil?
|
26
|
-
@current_key = transform_value(value)
|
27
|
-
else
|
28
|
-
@current_structure[@current_key] = transform_value(value)
|
29
|
-
@current_key = nil
|
30
|
-
end
|
31
|
-
|
32
|
-
else
|
33
|
-
raise "Don't know how to add to a #{@current_structure.class}!"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def transform_value(value)
|
38
|
-
if value.is_a?(String)
|
39
|
-
if value.match(/^:\w+$/)
|
40
|
-
return value[1..-1].to_sym
|
41
|
-
|
42
|
-
elsif value.match(/^\d+$/)
|
43
|
-
return value.to_i
|
44
|
-
|
45
|
-
elsif value.match(/^\d+(?:\.\d*)?$/) || value.match(/^\.\d+$/)
|
46
|
-
return value.to_f
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
value
|
51
|
-
end
|
52
|
-
|
53
|
-
def streaming?
|
54
|
-
false
|
55
|
-
end
|
56
|
-
|
57
|
-
# event handlers
|
58
|
-
def scalar(value, anchor, tag, plain, quoted, style)
|
59
|
-
add_to_current_structure(value)
|
60
|
-
end
|
61
|
-
|
62
|
-
def start_mapping(*args) # anchor, tag, implicit, style
|
63
|
-
map = {}
|
64
|
-
self.add_to_current_structure(map)
|
65
|
-
@current_structure = map
|
66
|
-
@stack.push(map)
|
67
|
-
end
|
68
|
-
|
69
|
-
def end_mapping
|
70
|
-
@stack.pop
|
71
|
-
@current_structure = @stack.last
|
72
|
-
end
|
73
|
-
|
74
|
-
def start_sequence(*args) # anchor, tag, implicit, style
|
75
|
-
seq = []
|
76
|
-
self.add_to_current_structure(seq)
|
77
|
-
@current_structure = seq
|
78
|
-
@stack.push(seq)
|
79
|
-
end
|
80
|
-
|
81
|
-
def end_sequence
|
82
|
-
@stack.pop
|
83
|
-
@current_structure = @stack.last
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
data/spec/handler_spec.rb
DELETED
@@ -1,108 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), "spec_helper")
|
2
|
-
|
3
|
-
require "handler"
|
4
|
-
|
5
|
-
describe SafeYAML::Handler do
|
6
|
-
let(:handler) { SafeYAML::Handler.new }
|
7
|
-
let(:parser) { Psych::Parser.new(handler) }
|
8
|
-
let(:result) { handler.result }
|
9
|
-
|
10
|
-
def parse(yaml)
|
11
|
-
parser.parse(yaml.unindent)
|
12
|
-
end
|
13
|
-
|
14
|
-
it "translates most values to strings" do
|
15
|
-
parser.parse "key: value"
|
16
|
-
result.should == { "key" => "value" }
|
17
|
-
end
|
18
|
-
|
19
|
-
it "translates values starting with ':' to symbols" do
|
20
|
-
parser.parse ":key: value"
|
21
|
-
result.should == { :key => "value" }
|
22
|
-
end
|
23
|
-
|
24
|
-
it "translates valid integral numbers to integers" do
|
25
|
-
parser.parse "integer: 1"
|
26
|
-
result.should == { "integer" => 1 }
|
27
|
-
end
|
28
|
-
|
29
|
-
it "translates valid decimal numbers to floats" do
|
30
|
-
parser.parse "float: 3.14"
|
31
|
-
result.should == { "float" => 3.14 }
|
32
|
-
end
|
33
|
-
|
34
|
-
it "applies the same transformations to values as to keys" do
|
35
|
-
parse <<-YAML
|
36
|
-
string: value
|
37
|
-
symbol: :value
|
38
|
-
integer: 1
|
39
|
-
float: 3.14
|
40
|
-
YAML
|
41
|
-
|
42
|
-
result.should == {
|
43
|
-
"string" => "value",
|
44
|
-
"symbol" => :value,
|
45
|
-
"integer" => 1,
|
46
|
-
"float" => 3.14
|
47
|
-
}
|
48
|
-
end
|
49
|
-
|
50
|
-
it "translates sequences to arrays" do
|
51
|
-
parse <<-YAML
|
52
|
-
- foo
|
53
|
-
- bar
|
54
|
-
- baz
|
55
|
-
YAML
|
56
|
-
|
57
|
-
result.should == ["foo", "bar", "baz"]
|
58
|
-
end
|
59
|
-
|
60
|
-
it "applies the same transformations to elements in sequences as to all values" do
|
61
|
-
parse <<-YAML
|
62
|
-
- string
|
63
|
-
- :symbol
|
64
|
-
- 1
|
65
|
-
- 3.14
|
66
|
-
YAML
|
67
|
-
|
68
|
-
result.should == ["string", :symbol, 1, 3.14]
|
69
|
-
end
|
70
|
-
|
71
|
-
it "translates maps to hashes" do
|
72
|
-
parse <<-YAML
|
73
|
-
foo: blah
|
74
|
-
bar: glah
|
75
|
-
baz: flah
|
76
|
-
YAML
|
77
|
-
|
78
|
-
result.should == {
|
79
|
-
"foo" => "blah",
|
80
|
-
"bar" => "glah",
|
81
|
-
"baz" => "flah"
|
82
|
-
}
|
83
|
-
end
|
84
|
-
|
85
|
-
it "applies the same transformations to values in hashes as to all values" do
|
86
|
-
parse <<-YAML
|
87
|
-
foo: :symbol
|
88
|
-
bar: 1
|
89
|
-
baz: 3.14
|
90
|
-
YAML
|
91
|
-
|
92
|
-
result.should == {
|
93
|
-
"foo" => :symbol,
|
94
|
-
"bar" => 1,
|
95
|
-
"baz" => 3.14
|
96
|
-
}
|
97
|
-
end
|
98
|
-
|
99
|
-
it "deals just fine with nested maps" do
|
100
|
-
parse <<-YAML
|
101
|
-
foo:
|
102
|
-
bar:
|
103
|
-
marco: polo
|
104
|
-
YAML
|
105
|
-
|
106
|
-
result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
|
107
|
-
end
|
108
|
-
end
|