safe_yaml 0.1 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +3 -0
  3. data/.travis.yml +48 -0
  4. data/CHANGES.md +154 -0
  5. data/Gemfile +3 -1
  6. data/LICENSE.txt +22 -0
  7. data/README.md +191 -0
  8. data/Rakefile +22 -2
  9. data/bin/safe_yaml +75 -0
  10. data/bundle_install_all_ruby_versions.sh +11 -0
  11. data/lib/safe_yaml.rb +90 -6
  12. data/lib/safe_yaml/deep.rb +34 -0
  13. data/lib/safe_yaml/libyaml_checker.rb +36 -0
  14. data/lib/safe_yaml/load.rb +181 -0
  15. data/lib/safe_yaml/parse/date.rb +37 -0
  16. data/lib/safe_yaml/parse/hexadecimal.rb +12 -0
  17. data/lib/safe_yaml/parse/sexagesimal.rb +26 -0
  18. data/lib/safe_yaml/psych_handler.rb +99 -0
  19. data/lib/safe_yaml/psych_resolver.rb +52 -0
  20. data/lib/safe_yaml/resolver.rb +94 -0
  21. data/lib/safe_yaml/safe_to_ruby_visitor.rb +29 -0
  22. data/lib/safe_yaml/store.rb +39 -0
  23. data/lib/safe_yaml/syck_hack.rb +36 -0
  24. data/lib/safe_yaml/syck_node_monkeypatch.rb +43 -0
  25. data/lib/safe_yaml/syck_resolver.rb +38 -0
  26. data/lib/safe_yaml/transform.rb +41 -0
  27. data/lib/safe_yaml/transform/to_boolean.rb +21 -0
  28. data/lib/safe_yaml/transform/to_date.rb +13 -0
  29. data/lib/safe_yaml/transform/to_float.rb +33 -0
  30. data/lib/safe_yaml/transform/to_integer.rb +26 -0
  31. data/lib/safe_yaml/transform/to_nil.rb +18 -0
  32. data/lib/safe_yaml/transform/to_symbol.rb +17 -0
  33. data/lib/safe_yaml/transform/transformation_map.rb +47 -0
  34. data/lib/{version.rb → safe_yaml/version.rb} +1 -1
  35. data/run_specs_all_ruby_versions.sh +38 -0
  36. data/safe_yaml.gemspec +11 -8
  37. data/spec/exploit.1.9.2.yaml +2 -0
  38. data/spec/exploit.1.9.3.yaml +2 -0
  39. data/spec/issue48.txt +20 -0
  40. data/spec/issue49.yml +0 -0
  41. data/spec/libyaml_checker_spec.rb +69 -0
  42. data/spec/psych_resolver_spec.rb +10 -0
  43. data/spec/resolver_specs.rb +278 -0
  44. data/spec/safe_yaml_spec.rb +697 -23
  45. data/spec/spec_helper.rb +37 -2
  46. data/spec/store_spec.rb +57 -0
  47. data/spec/support/exploitable_back_door.rb +13 -7
  48. data/spec/syck_resolver_spec.rb +10 -0
  49. data/spec/transform/base64_spec.rb +11 -0
  50. data/spec/transform/to_date_spec.rb +60 -0
  51. data/spec/transform/to_float_spec.rb +42 -0
  52. data/spec/transform/to_integer_spec.rb +64 -0
  53. data/spec/transform/to_symbol_spec.rb +51 -0
  54. data/spec/yaml_spec.rb +15 -0
  55. metadata +78 -24
  56. data/Gemfile.lock +0 -28
  57. data/lib/handler.rb +0 -86
  58. data/spec/handler_spec.rb +0 -108
data/Gemfile.lock DELETED
@@ -1,28 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- safe_yaml (0.1)
5
-
6
- GEM
7
- remote: http://rubygems.org/
8
- specs:
9
- diff-lcs (1.1.3)
10
- heredoc_unindent (1.1.2)
11
- rake (10.0.3)
12
- rspec (2.12.0)
13
- rspec-core (~> 2.12.0)
14
- rspec-expectations (~> 2.12.0)
15
- rspec-mocks (~> 2.12.0)
16
- rspec-core (2.12.2)
17
- rspec-expectations (2.12.1)
18
- diff-lcs (~> 1.1.3)
19
- rspec-mocks (2.12.1)
20
-
21
- PLATFORMS
22
- ruby
23
-
24
- DEPENDENCIES
25
- heredoc_unindent
26
- rake
27
- rspec
28
- safe_yaml!
data/lib/handler.rb DELETED
@@ -1,86 +0,0 @@
1
- require "yaml"
2
-
3
- module SafeYAML
4
- class Handler < Psych::Handler
5
- def initialize
6
- @stack = []
7
- end
8
-
9
- def result
10
- @result
11
- end
12
-
13
- def add_to_current_structure(value)
14
- if @result.nil?
15
- @result = value
16
- @current_structure = @result
17
- return
18
- end
19
-
20
- case @current_structure
21
- when Array
22
- @current_structure.push(transform_value(value))
23
-
24
- when Hash
25
- if @current_key.nil?
26
- @current_key = transform_value(value)
27
- else
28
- @current_structure[@current_key] = transform_value(value)
29
- @current_key = nil
30
- end
31
-
32
- else
33
- raise "Don't know how to add to a #{@current_structure.class}!"
34
- end
35
- end
36
-
37
- def transform_value(value)
38
- if value.is_a?(String)
39
- if value.match(/^:\w+$/)
40
- return value[1..-1].to_sym
41
-
42
- elsif value.match(/^\d+$/)
43
- return value.to_i
44
-
45
- elsif value.match(/^\d+(?:\.\d*)?$/) || value.match(/^\.\d+$/)
46
- return value.to_f
47
- end
48
- end
49
-
50
- value
51
- end
52
-
53
- def streaming?
54
- false
55
- end
56
-
57
- # event handlers
58
- def scalar(value, anchor, tag, plain, quoted, style)
59
- add_to_current_structure(value)
60
- end
61
-
62
- def start_mapping(*args) # anchor, tag, implicit, style
63
- map = {}
64
- self.add_to_current_structure(map)
65
- @current_structure = map
66
- @stack.push(map)
67
- end
68
-
69
- def end_mapping
70
- @stack.pop
71
- @current_structure = @stack.last
72
- end
73
-
74
- def start_sequence(*args) # anchor, tag, implicit, style
75
- seq = []
76
- self.add_to_current_structure(seq)
77
- @current_structure = seq
78
- @stack.push(seq)
79
- end
80
-
81
- def end_sequence
82
- @stack.pop
83
- @current_structure = @stack.last
84
- end
85
- end
86
- end
data/spec/handler_spec.rb DELETED
@@ -1,108 +0,0 @@
1
- require File.join(File.dirname(__FILE__), "spec_helper")
2
-
3
- require "handler"
4
-
5
- describe SafeYAML::Handler do
6
- let(:handler) { SafeYAML::Handler.new }
7
- let(:parser) { Psych::Parser.new(handler) }
8
- let(:result) { handler.result }
9
-
10
- def parse(yaml)
11
- parser.parse(yaml.unindent)
12
- end
13
-
14
- it "translates most values to strings" do
15
- parser.parse "key: value"
16
- result.should == { "key" => "value" }
17
- end
18
-
19
- it "translates values starting with ':' to symbols" do
20
- parser.parse ":key: value"
21
- result.should == { :key => "value" }
22
- end
23
-
24
- it "translates valid integral numbers to integers" do
25
- parser.parse "integer: 1"
26
- result.should == { "integer" => 1 }
27
- end
28
-
29
- it "translates valid decimal numbers to floats" do
30
- parser.parse "float: 3.14"
31
- result.should == { "float" => 3.14 }
32
- end
33
-
34
- it "applies the same transformations to values as to keys" do
35
- parse <<-YAML
36
- string: value
37
- symbol: :value
38
- integer: 1
39
- float: 3.14
40
- YAML
41
-
42
- result.should == {
43
- "string" => "value",
44
- "symbol" => :value,
45
- "integer" => 1,
46
- "float" => 3.14
47
- }
48
- end
49
-
50
- it "translates sequences to arrays" do
51
- parse <<-YAML
52
- - foo
53
- - bar
54
- - baz
55
- YAML
56
-
57
- result.should == ["foo", "bar", "baz"]
58
- end
59
-
60
- it "applies the same transformations to elements in sequences as to all values" do
61
- parse <<-YAML
62
- - string
63
- - :symbol
64
- - 1
65
- - 3.14
66
- YAML
67
-
68
- result.should == ["string", :symbol, 1, 3.14]
69
- end
70
-
71
- it "translates maps to hashes" do
72
- parse <<-YAML
73
- foo: blah
74
- bar: glah
75
- baz: flah
76
- YAML
77
-
78
- result.should == {
79
- "foo" => "blah",
80
- "bar" => "glah",
81
- "baz" => "flah"
82
- }
83
- end
84
-
85
- it "applies the same transformations to values in hashes as to all values" do
86
- parse <<-YAML
87
- foo: :symbol
88
- bar: 1
89
- baz: 3.14
90
- YAML
91
-
92
- result.should == {
93
- "foo" => :symbol,
94
- "bar" => 1,
95
- "baz" => 3.14
96
- }
97
- end
98
-
99
- it "deals just fine with nested maps" do
100
- parse <<-YAML
101
- foo:
102
- bar:
103
- marco: polo
104
- YAML
105
-
106
- result.should == { "foo" => { "bar" => { "marco" => "polo" } } }
107
- end
108
- end