RubyGems - safe_yaml - Versions diffs - 1.0.0 → 1.0.1 - Mend

safe_yaml 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +7 -7
data/README.md +1 -0
data/lib/safe_yaml/transform/to_date.rb +2 -0
data/lib/safe_yaml/version.rb +1 -1
data/spec/transform/to_date_spec.rb +19 -0
metadata +20 -27

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: bf7e5c41614da36f8ccd36e18b855f8e29c4060e
-  data.tar.gz: a0c48508dea39d200aea9f5fb689a6957c9ba235
-SHA512:
-  metadata.gz: b67c8e20aea0cc1898e5af8ff8b5e8e98e4ae522b6d18a692b2649faea810b674967af561c027f160316977964fc235c99bd5fc2ee41930f610ad4d96c7bc7f5
-  data.tar.gz: 6c524eb43f7878a8e01c0db24680d939531313328d62a424d49cf75776bcef66854e5c5589dd9fef5dd47633c013635c24ece5e04ab5c2d8a19f2c3ea926e6ba
+---
+SHA1:
+  metadata.gz: 5a072651152f97592749563e45a793b71928ed80
+  data.tar.gz: 0de35cc4fefc6f0f98d81c5ef1284382e47c8e3c
+SHA512:
+  metadata.gz: 4b3b766d2e7b1d211d8645a57ab3dfefd253cebd29fb7981f792e7194fd66b61d8fc21213088b67420481d1baeb12aad35b024f0d19cf3164c2c756151b45b75
+  data.tar.gz: 457535a8deac214dd3e898d2f38ed654c2c854d76572644d2255ef4fa2040fdd4c1d509c9c197983e84e687dd77f6ac0bcd5686032a4067cf72161fdcd998cbf

data/README.md CHANGED

@@ -2,6 +2,7 @@ SafeYAML
 ========
 [![Build Status](https://travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)
+[![Gem Version](https://badge.fury.io/rb/safe_yaml.png)](http://badge.fury.io/rb/safe_yaml)
 The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [in Rails in early 2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).

data/lib/safe_yaml/transform/to_date.rb CHANGED

@@ -5,6 +5,8 @@ module SafeYAML
         return true, Date.parse(value) if Parse::Date::DATE_MATCHER.match(value)
         return true, Parse::Date.value(value) if Parse::Date::TIME_MATCHER.match(value)
         false
+      rescue ArgumentError
+        return true, value
       end
     end
   end

data/lib/safe_yaml/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

data/spec/transform/to_date_spec.rb CHANGED

@@ -38,4 +38,23 @@ describe SafeYAML::Transform::ToDate do
     result.should == Time.utc(2012, 11, 30, 23, 33, 45)
     result.gmt_offset.should == Time.now.gmt_offset
   end
+  it "returns strings for invalid dates" do
+    subject.transform?("0000-00-00").should == [true, "0000-00-00"]
+    subject.transform?("2013-13-01").should == [true, "2013-13-01"]
+    subject.transform?("2014-01-32").should == [true, "2014-01-32"]
+  end
+  it "returns strings for invalid date/times" do
+    subject.transform?("0000-00-00 00:00:00 -0000").should == [true, "0000-00-00 00:00:00 -0000"]
+    subject.transform?("2013-13-01 21:59:43 -05:00").should == [true, "2013-13-01 21:59:43 -05:00"]
+    subject.transform?("2013-01-32 21:59:43 -05:00").should == [true, "2013-01-32 21:59:43 -05:00"]
+    subject.transform?("2013-01-30 25:59:43 -05:00").should == [true, "2013-01-30 25:59:43 -05:00"]
+    subject.transform?("2013-01-30 21:69:43 -05:00").should == [true, "2013-01-30 21:69:43 -05:00"]
+    # Interesting. It seems that in some older Ruby versions, the below actually parses successfully
+    # w/ DateTime.parse; but it fails w/ YAML.load. Whom to follow???
+    # subject.transform?("2013-01-30 21:59:63 -05:00").should == [true, "2013-01-30 21:59:63 -05:00"]
+  end
 end

metadata CHANGED

@@ -1,26 +1,21 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: safe_yaml
-version: !ruby/object:Gem::Version
-  version: 1.0.0
+version: !ruby/object:Gem::Version
+  version: 1.0.1
 platform: ruby
-authors:
+authors:
 - Dan Tao
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-27 00:00:00 Z
+date: 2014-01-10 00:00:00.000000000 Z
 dependencies: []
 description: Parse YAML safely
 email: daniel.tao@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - .gitignore
 - .travis.yml
 - CHANGES.md
@@ -70,33 +65,31 @@ files:
 - spec/transform/to_symbol_spec.rb
 - spec/yaml_spec.rb
 homepage: https://github.com/dtao/safe_yaml
-licenses:
+licenses:
 - MIT
 metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
 rubygems_version: 2.0.14
 signing_key:
 specification_version: 4
-summary: SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.
-test_files:
+summary: SameYAML provides an alternative implementation of YAML.load suitable for
+  accepting user input in Ruby applications.
+test_files:
 - spec/exploit.1.9.2.yaml
 - spec/exploit.1.9.3.yaml
 - spec/issue48.txt