safe_yaml 0.9.5 → 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +9 -4
  3. data/Rakefile +7 -0
  4. data/lib/safe_yaml.rb +3 -1
  5. data/lib/safe_yaml/psych_handler.rb +10 -0
  6. data/lib/safe_yaml/transform/to_nil.rb +1 -1
  7. data/lib/safe_yaml/version.rb +1 -1
  8. data/spec/issue48.yml +6 -0
  9. data/spec/safe_yaml_spec.rb +34 -5
  10. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8e55d5619e0fb2c1a1e958e26e649b6d9d6791a3
4
- data.tar.gz: fa788dcc6987cd96121f0a86c16259fa93190fd8
3
+ metadata.gz: a0e318fdb562f8333d33d6d693e838d454a9753a
4
+ data.tar.gz: 4cae1fb4f5f15d42ae0762c35ae9aa543ddf3dc6
5
5
  SHA512:
6
- metadata.gz: ed8fb12f633219518a56774fc91efa7cd452dec771f4e16b1483d038dd768d53c749e1e241b81d20f474c619cfc4ba7fb92a041907f83d4888b71967d946ebc0
7
- data.tar.gz: 2d3c97331b122aea731c23c8219ec20b94928897b1f4a983bf857fdc67b58b2a4202a90f07fb609f2572a7506f08b86eb6d44fd6ed1a6f1cd575a19a4eb13c8a
6
+ metadata.gz: 4c61eacf1e4e4f2f6d28d64e88ff7b504150e5516ea01a594d9efef2e50abeb2f9623e2c2a2f58a67ad8297aa8bcc9ddaf70c6e3d0c7de248a630d2b1873bb36
7
+ data.tar.gz: 8f61f556e31238feeefba576f2503b0369a3591219f2daa9fb81dae80747050f1b80cea51979c7b44cb43f168b993942c31723682d0291d3751393276fda63df
data/CHANGES.md CHANGED
@@ -1,10 +1,15 @@
1
+ 0.9.6
2
+ -----
3
+
4
+ - fixed handling of files with trailing content (after closing `---`)
5
+
1
6
  0.9.5
2
7
  -----
3
8
 
4
9
  - fixed permissions AGAIN
5
10
 
6
- 0.9.4 (yanked)
7
- --------------
11
+ 0.9.4
12
+ -----
8
13
 
9
14
  - corrected handling of symbols
10
15
 
@@ -13,8 +18,8 @@
13
18
 
14
19
  - fixed permissions :(
15
20
 
16
- 0.9.2 (yanked)
17
- --------------
21
+ 0.9.2
22
+ -----
18
23
 
19
24
  - fixed error w/ parsing "!" when whitelisting tags
20
25
  - fixed parsing of the number 0 (d'oh!)
data/Rakefile CHANGED
@@ -4,3 +4,10 @@ desc "Run specs"
4
4
  RSpec::Core::RakeTask.new(:spec) do |t|
5
5
  t.rspec_opts = %w(--color)
6
6
  end
7
+
8
+ namespace :spec do
9
+ desc "Run only specs tagged 'solo'"
10
+ RSpec::Core::RakeTask.new(:solo) do |t|
11
+ t.rspec_opts = %w(--color --tag solo)
12
+ end
13
+ end
data/lib/safe_yaml.rb CHANGED
@@ -160,6 +160,8 @@ module YAML
160
160
  require "safe_yaml/safe_to_ruby_visitor"
161
161
 
162
162
  def self.safe_load(yaml, filename=nil, options={})
163
+ return false if yaml =~ /\A\s*\Z/
164
+
163
165
  # If the user hasn't whitelisted any tags, we can go with this implementation which is
164
166
  # significantly faster.
165
167
  if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
@@ -167,7 +169,7 @@ module YAML
167
169
  arguments_for_parse = [yaml]
168
170
  arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
169
171
  Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
170
- return safe_handler.result || false
172
+ return safe_handler.result
171
173
 
172
174
  else
173
175
  safe_resolver = SafeYAML::PsychResolver.new(options)
data/lib/safe_yaml/psych_handler.rb CHANGED
@@ -44,6 +44,16 @@ module SafeYAML
44
44
  @current_key = nil
45
45
  end
46
46
 
47
+ elsif @current_structure.nil?
48
+ # It appears that a YAML document may containing trailing text that should not be considered
49
+ # part of the serialized data. See issue 48:
50
+ #
51
+ # https://github.com/dtao/safe_yaml/issues/48
52
+ #
53
+ # I need to investigate this a bit further; but for now just explicitly ignoring nil should
54
+ # fix the issue (since in theory the only scenario where this would happen is after the
55
+ # serialized structure has "closed").
56
+
47
57
  else
48
58
  raise "Don't know how to add to a #{@current_structure.class}!"
49
59
  end
data/lib/safe_yaml/transform/to_nil.rb CHANGED
@@ -6,7 +6,7 @@ module SafeYAML
6
6
  set_predefined_values({
7
7
  "" => nil,
8
8
  "~" => nil,
9
- "null" => nil,
9
+ "null" => nil
10
10
  })
11
11
 
12
12
  def transform?(value)
data/lib/safe_yaml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.9.5"
2
+ VERSION = "0.9.6"
3
3
  end
data/spec/issue48.yml ADDED
@@ -0,0 +1,6 @@
1
+ ---
2
+ title: Blah
3
+ key: value
4
+ ---
5
+
6
+ Hey, here are some words!
data/spec/safe_yaml_spec.rb CHANGED
@@ -115,6 +115,8 @@ describe YAML do
115
115
  result = YAML.safe_load <<-YAML.unindent
116
116
  foo:
117
117
  number: 1
118
+ boolean: true
119
+ nil: ~
118
120
  string: Hello, there!
119
121
  symbol: :blah
120
122
  sequence:
@@ -124,9 +126,11 @@ describe YAML do
124
126
 
125
127
  result.should == {
126
128
  "foo" => {
127
- "number" => 1,
128
- "string" => "Hello, there!",
129
- "symbol" => ":blah",
129
+ "number" => 1,
130
+ "boolean" => true,
131
+ "nil" => nil,
132
+ "string" => "Hello, there!",
133
+ "symbol" => ":blah",
130
134
  "sequence" => ["hi", "bye"]
131
135
  }
132
136
  }
@@ -255,8 +259,18 @@ describe YAML do
255
259
  end
256
260
 
257
261
  it "returns false when parsing an empty document" do
258
- result = YAML.safe_load ""
259
- result.should == false
262
+ [
263
+ YAML.safe_load(""),
264
+ YAML.safe_load(" "),
265
+ YAML.safe_load("\n")
266
+ ].should == [false, false, false]
267
+ end
268
+
269
+ it "returns nil when parsing a single value representing nil" do
270
+ [
271
+ YAML.safe_load("~"),
272
+ YAML.safe_load("null")
273
+ ].should == [nil, nil]
260
274
  end
261
275
 
262
276
  context "with custom initializers defined" do
@@ -633,6 +647,21 @@ describe YAML do
633
647
  YAML.load_file(filename, :safe => true)
634
648
  end
635
649
  end
650
+
651
+ it "handles files starting with --- (see issue #48)" do
652
+ YAML.load_file("spec/issue48.yml", :safe => true).should == {
653
+ "title" => "Blah",
654
+ "key" => "value"
655
+ }
656
+ end
657
+
658
+ it "handles content starting with --- (see issue #48)" do
659
+ yaml = File.read("spec/issue48.yml")
660
+ YAML.load(yaml, :safe => true).should == {
661
+ "title" => "Blah",
662
+ "key" => "value"
663
+ }
664
+ end
636
665
  end
637
666
 
638
667
  describe "whitelist!" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.5
4
+ version: 0.9.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Tao
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-08-07 00:00:00.000000000 Z
11
+ date: 2013-09-16 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Parse YAML safely, without that pesky arbitrary object deserialization
14
14
  vulnerability
@@ -49,6 +49,7 @@ files:
49
49
  - safe_yaml.gemspec
50
50
  - spec/exploit.1.9.2.yaml
51
51
  - spec/exploit.1.9.3.yaml
52
+ - spec/issue48.yml
52
53
  - spec/psych_resolver_spec.rb
53
54
  - spec/resolver_specs.rb
54
55
  - spec/safe_yaml_spec.rb
@@ -80,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
80
81
  version: '0'
81
82
  requirements: []
82
83
  rubyforge_project:
83
- rubygems_version: 2.0.6
84
+ rubygems_version: 2.0.0.rc.2
84
85
  signing_key:
85
86
  specification_version: 4
86
87
  summary: SameYAML provides an alternative implementation of YAML.load suitable for
@@ -88,6 +89,7 @@ summary: SameYAML provides an alternative implementation of YAML.load suitable f
88
89
  test_files:
89
90
  - spec/exploit.1.9.2.yaml
90
91
  - spec/exploit.1.9.3.yaml
92
+ - spec/issue48.yml
91
93
  - spec/psych_resolver_spec.rb
92
94
  - spec/resolver_specs.rb
93
95
  - spec/safe_yaml_spec.rb