safe_yaml 0.4 → 0.5

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- safe_yaml (0.3)
4
+ safe_yaml (0.4)
5
5
 
6
6
  GEM
7
7
  remote: http://rubygems.org/
data/README.md CHANGED
@@ -71,6 +71,7 @@ The way that SafeYAML works is by restricting the kinds of objects that can be d
71
71
  - Arrays
72
72
  - Strings
73
73
  - Numbers
74
+ - Dates
74
75
  - Booleans
75
76
  - Nils
76
77
 
@@ -22,6 +22,8 @@ module SafeYAML
22
22
 
23
23
  FLOAT_MATCHER = /^(?:\d+(?:\.\d*)?$)|(?:^\.\d+$)/.freeze
24
24
 
25
+ DATE_MATCHER = /^\d{4}\-\d{2}\-\d{2}$/.freeze
26
+
25
27
  def self.to_proper_type(value)
26
28
  if value.is_a?(String)
27
29
  if PREDEFINED_VALUES.include?(value.downcase)
@@ -35,6 +37,10 @@ module SafeYAML
35
37
 
36
38
  elsif value.match(FLOAT_MATCHER)
37
39
  return value.to_f
40
+
41
+ elsif value.match(DATE_MATCHER)
42
+ date = Date.parse(value) rescue nil
43
+ return date if date
38
44
  end
39
45
  end
40
46
 
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.4"
2
+ VERSION = "0.5"
3
3
  end
data/lib/safe_yaml.rb CHANGED
@@ -12,7 +12,7 @@ module YAML
12
12
  end
13
13
 
14
14
  def self.orig_load_file(filename)
15
- # https://github.com/tenderlove/psych/blob/master/lib/psych.rb#L298-300
15
+ # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
16
16
  File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f, filename }
17
17
  end
18
18
 
@@ -25,7 +25,7 @@ module YAML
25
25
  end
26
26
 
27
27
  def self.orig_load_file(filename)
28
- # https://github.com/tenderlove/psych/blob/master/lib/psych.rb#L298-300
28
+ # https://github.com/tenderlove/psych/blob/v1.2.0/lib/psych.rb#L228-230
29
29
  File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f }
30
30
  end
31
31
 
data/safe_yaml.gemspec CHANGED
@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
6
6
  gem.version = SafeYAML::VERSION
7
7
  gem.authors = "Dan Tao"
8
8
  gem.email = "daniel.tao@gmail.com"
9
- gem.description = %q{Parse YAML safely, without that pesky arbitrary code execution vulnerability.}
9
+ gem.description = %q{Parse YAML safely, without that pesky arbitrary code execution vulnerability}
10
10
  gem.summary = %q{SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.}
11
11
  gem.homepage = "http://github.com/dtao/safe_yaml"
12
12
 
data/spec/shared_specs.rb CHANGED
@@ -18,6 +18,16 @@ module SharedSpecs
18
18
  }
19
19
  end
20
20
 
21
+ it "translates sequences to arrays" do
22
+ parse <<-YAML
23
+ - foo
24
+ - bar
25
+ - baz
26
+ YAML
27
+
28
+ result.should == ["foo", "bar", "baz"]
29
+ end
30
+
21
31
  it "translates most values to strings" do
22
32
  parse "string: value"
23
33
  result.should == { "string" => "value" }
@@ -38,14 +48,9 @@ module SharedSpecs
38
48
  result.should == { "float" => 3.14 }
39
49
  end
40
50
 
41
- it "translates sequences to arrays" do
42
- parse <<-YAML
43
- - foo
44
- - bar
45
- - baz
46
- YAML
47
-
48
- result.should == ["foo", "bar", "baz"]
51
+ it "translates valid dates" do
52
+ parse "date: 2013-01-24"
53
+ result.should == { "date" => Date.parse("2013-01-24") }
49
54
  end
50
55
 
51
56
  it "translates valid true/false values to booleans" do
@@ -75,13 +80,15 @@ module SharedSpecs
75
80
  :bar: symbol
76
81
  1: integer
77
82
  3.14: float
83
+ 2013-01-24: date
78
84
  YAML
79
85
 
80
86
  result.should == {
81
87
  "foo" => "string",
82
88
  ":bar" => "symbol",
83
89
  1 => "integer",
84
- 3.14 => "float"
90
+ 3.14 => "float",
91
+ Date.parse("2013-01-24") => "date"
85
92
  }
86
93
  end
87
94
 
@@ -91,9 +98,10 @@ module SharedSpecs
91
98
  - :bar
92
99
  - 1
93
100
  - 3.14
101
+ - 2013-01-24
94
102
  YAML
95
103
 
96
- result.should == ["foo", ":bar", 1, 3.14]
104
+ result.should == ["foo", ":bar", 1, 3.14, Date.parse("2013-01-24")]
97
105
  end
98
106
 
99
107
  it "deals just fine with nested maps" do
@@ -137,13 +145,15 @@ module SharedSpecs
137
145
  :bar: symbol
138
146
  1: integer
139
147
  3.14: float
148
+ 2013-01-24: date
140
149
  YAML
141
150
 
142
151
  result.should == {
143
152
  "foo" => "string",
144
153
  :bar => "symbol",
145
154
  1 => "integer",
146
- 3.14 => "float"
155
+ 3.14 => "float",
156
+ Date.parse("2013-01-24") => "date"
147
157
  }
148
158
  end
149
159
 
@@ -153,9 +163,10 @@ module SharedSpecs
153
163
  - :bar
154
164
  - 1
155
165
  - 3.14
166
+ - 2013-01-24
156
167
  YAML
157
168
 
158
- result.should == ["foo", :bar, 1, 3.14]
169
+ result.should == ["foo", :bar, 1, 3.14, Date.parse("2013-01-24")]
159
170
  end
160
171
  end
161
172
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.4'
4
+ version: '0.5'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,9 +9,9 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-01-23 00:00:00.000000000 Z
12
+ date: 2013-01-24 00:00:00.000000000 Z
13
13
  dependencies: []
14
- description: Parse YAML safely, without that pesky arbitrary code execution vulnerability.
14
+ description: Parse YAML safely, without that pesky arbitrary code execution vulnerability
15
15
  email: daniel.tao@gmail.com
16
16
  executables: []
17
17
  extensions: []