safe_yaml 0.4 → 0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. data/Gemfile.lock +1 -1
  2. data/README.md +1 -0
  3. data/lib/safe_yaml/transform.rb +6 -0
  4. data/lib/safe_yaml/version.rb +1 -1
  5. data/lib/safe_yaml.rb +2 -2
  6. data/safe_yaml.gemspec +1 -1
  7. data/spec/shared_specs.rb +23 -12
  8. metadata +3 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- safe_yaml (0.3)
4
+ safe_yaml (0.4)
5
5
 
6
6
  GEM
7
7
  remote: http://rubygems.org/
data/README.md CHANGED
@@ -71,6 +71,7 @@ The way that SafeYAML works is by restricting the kinds of objects that can be d
71
71
  - Arrays
72
72
  - Strings
73
73
  - Numbers
74
+ - Dates
74
75
  - Booleans
75
76
  - Nils
76
77
 
data/lib/safe_yaml/transform.rb CHANGED
@@ -22,6 +22,8 @@ module SafeYAML
22
22
 
23
23
  FLOAT_MATCHER = /^(?:\d+(?:\.\d*)?$)|(?:^\.\d+$)/.freeze
24
24
 
25
+ DATE_MATCHER = /^\d{4}\-\d{2}\-\d{2}$/.freeze
26
+
25
27
  def self.to_proper_type(value)
26
28
  if value.is_a?(String)
27
29
  if PREDEFINED_VALUES.include?(value.downcase)
@@ -35,6 +37,10 @@ module SafeYAML
35
37
 
36
38
  elsif value.match(FLOAT_MATCHER)
37
39
  return value.to_f
40
+
41
+ elsif value.match(DATE_MATCHER)
42
+ date = Date.parse(value) rescue nil
43
+ return date if date
38
44
  end
39
45
  end
40
46
 
data/lib/safe_yaml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.4"
2
+ VERSION = "0.5"
3
3
  end
data/lib/safe_yaml.rb CHANGED
@@ -12,7 +12,7 @@ module YAML
12
12
  end
13
13
 
14
14
  def self.orig_load_file(filename)
15
- # https://github.com/tenderlove/psych/blob/master/lib/psych.rb#L298-300
15
+ # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
16
16
  File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f, filename }
17
17
  end
18
18
 
@@ -25,7 +25,7 @@ module YAML
25
25
  end
26
26
 
27
27
  def self.orig_load_file(filename)
28
- # https://github.com/tenderlove/psych/blob/master/lib/psych.rb#L298-300
28
+ # https://github.com/tenderlove/psych/blob/v1.2.0/lib/psych.rb#L228-230
29
29
  File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f }
30
30
  end
31
31
 
data/safe_yaml.gemspec CHANGED
@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
6
6
  gem.version = SafeYAML::VERSION
7
7
  gem.authors = "Dan Tao"
8
8
  gem.email = "daniel.tao@gmail.com"
9
- gem.description = %q{Parse YAML safely, without that pesky arbitrary code execution vulnerability.}
9
+ gem.description = %q{Parse YAML safely, without that pesky arbitrary code execution vulnerability}
10
10
  gem.summary = %q{SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.}
11
11
  gem.homepage = "http://github.com/dtao/safe_yaml"
12
12
 
data/spec/shared_specs.rb CHANGED
@@ -18,6 +18,16 @@ module SharedSpecs
18
18
  }
19
19
  end
20
20
 
21
+ it "translates sequences to arrays" do
22
+ parse <<-YAML
23
+ - foo
24
+ - bar
25
+ - baz
26
+ YAML
27
+
28
+ result.should == ["foo", "bar", "baz"]
29
+ end
30
+
21
31
  it "translates most values to strings" do
22
32
  parse "string: value"
23
33
  result.should == { "string" => "value" }
@@ -38,14 +48,9 @@ module SharedSpecs
38
48
  result.should == { "float" => 3.14 }
39
49
  end
40
50
 
41
- it "translates sequences to arrays" do
42
- parse <<-YAML
43
- - foo
44
- - bar
45
- - baz
46
- YAML
47
-
48
- result.should == ["foo", "bar", "baz"]
51
+ it "translates valid dates" do
52
+ parse "date: 2013-01-24"
53
+ result.should == { "date" => Date.parse("2013-01-24") }
49
54
  end
50
55
 
51
56
  it "translates valid true/false values to booleans" do
@@ -75,13 +80,15 @@ module SharedSpecs
75
80
  :bar: symbol
76
81
  1: integer
77
82
  3.14: float
83
+ 2013-01-24: date
78
84
  YAML
79
85
 
80
86
  result.should == {
81
87
  "foo" => "string",
82
88
  ":bar" => "symbol",
83
89
  1 => "integer",
84
- 3.14 => "float"
90
+ 3.14 => "float",
91
+ Date.parse("2013-01-24") => "date"
85
92
  }
86
93
  end
87
94
 
@@ -91,9 +98,10 @@ module SharedSpecs
91
98
  - :bar
92
99
  - 1
93
100
  - 3.14
101
+ - 2013-01-24
94
102
  YAML
95
103
 
96
- result.should == ["foo", ":bar", 1, 3.14]
104
+ result.should == ["foo", ":bar", 1, 3.14, Date.parse("2013-01-24")]
97
105
  end
98
106
 
99
107
  it "deals just fine with nested maps" do
@@ -137,13 +145,15 @@ module SharedSpecs
137
145
  :bar: symbol
138
146
  1: integer
139
147
  3.14: float
148
+ 2013-01-24: date
140
149
  YAML
141
150
 
142
151
  result.should == {
143
152
  "foo" => "string",
144
153
  :bar => "symbol",
145
154
  1 => "integer",
146
- 3.14 => "float"
155
+ 3.14 => "float",
156
+ Date.parse("2013-01-24") => "date"
147
157
  }
148
158
  end
149
159
 
@@ -153,9 +163,10 @@ module SharedSpecs
153
163
  - :bar
154
164
  - 1
155
165
  - 3.14
166
+ - 2013-01-24
156
167
  YAML
157
168
 
158
- result.should == ["foo", :bar, 1, 3.14]
169
+ result.should == ["foo", :bar, 1, 3.14, Date.parse("2013-01-24")]
159
170
  end
160
171
  end
161
172
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.4'
4
+ version: '0.5'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,9 +9,9 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-01-23 00:00:00.000000000 Z
12
+ date: 2013-01-24 00:00:00.000000000 Z
13
13
  dependencies: []
14
- description: Parse YAML safely, without that pesky arbitrary code execution vulnerability.
14
+ description: Parse YAML safely, without that pesky arbitrary code execution vulnerability
15
15
  email: daniel.tao@gmail.com
16
16
  executables: []
17
17
  extensions: []