safe_yaml 0.5.2 → 0.6.1

data/.travis.yml

@@ -0,0 +1,25 @@
+language: ruby
+before_install:
+  - gem install bundler
+script: "bundle exec rake spec"
+rvm:
+  - ruby-head
+  - 2.0.0
+  - 1.9.3
+  - 1.9.2
+  - 1.8.7
+  - rbx-19mode
+  - rbx-18mode
+  - jruby-head
+  - jruby-19mode
+  - jruby-18mode
+  - ree
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: rbx-19mode
+    - rvm: rbx-18mode
+    - rvm: jruby-head
+    - rvm: jruby-19mode
+    - rvm: jruby-18mode
+    - rvm: ree

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Dan Tao
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,7 +1,7 @@
 SafeYAML
 ========
 
-The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the one recently discovered in Rails](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)).
+The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the one recently discovered in Rails](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) (or [this one](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html))).
 
 Installation
 ------------
@@ -18,8 +18,8 @@ Or install it yourself as:
 
     $ gem install safe_yaml
 
-Usage
------
+Purpose
+-------
 
 Suppose your application were to contain some code like this:
 
@@ -62,6 +62,25 @@ With SafeYAML, that attacker would be thwarted:
     > YAML.load(yaml)
     => {"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}
 
+Usage
+-----
+
+`YAML.safe_load` will load YAML without allowing arbitrary object deserialization.
+
+`YAML.unsafe_load` will exhibit Ruby's built-in behavior: to allow the deserialization of arbitrary objects.
+
+By default, when you require the safe_yaml gem in your project, `YAML.load` is patched to internally call `safe_load`. The patched method also accepts a `:safe` flag to specify which version to use:
+
+    # Ruby >= 1.9.3
+    YAML.load(yaml, filename, :safe => true) # calls safe_load
+    YAML.load(yaml, filename, :safe => false) # calls unsafe_load
+
+    # Ruby < 1.9.3
+    YAML.load(yaml, :safe => true) # calls safe_load
+    YAML.load(yaml, :safe => false) # calls unsafe_load
+
+The default behavior can be switched to unsafe loading by calling `YAML.enable_arbitrary_object_deserialization!`. In this case, the `:safe` flag still has the same effect, but the defaults are reversed (so calling `YAML.load` will have the same behavior as if the safe_yaml gem weren't required).
+
 Notes
 -----
 
@@ -76,11 +95,19 @@ The way that SafeYAML works is by restricting the kinds of objects that can be d
 - Booleans
 - Nils
 
-Additionally, symbols will also be deserialized if the `YAML.enable_symbol_parsing` option is set to `true`.
+Additionally, deserialization of symbols can be enabled by calling `YAML.enable_symbol_parsing!`.
 
-For scenarios where the data to be parsed is from a trusted source and it is still desirable to deserialize arbitrary Ruby objects, the original implementation of `YAML.load` is available as `YAML.orig_load`.
+Caveat
+------
+
+Obviously this gem is quite young, and so the API may (read: will) change in future versions. The goal of the gem is to make it as easy as possible to protect existing applications from object deserialization exploits. Any and all feedback is more than welcome.
 
 Requirements
 ------------
 
 SafeYAML requires Ruby 1.8.7 or newer and works with both [Syck](http://www.ruby-doc.org/stdlib-1.8.7/libdoc/yaml/rdoc/YAML.html) and [Psych](http://github.com/tenderlove/psych).
+
+Code Status
+-------------
+
+[![Build Status](https://secure.travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)

data/lib/safe_yaml/psych_handler.rb

@@ -5,14 +5,16 @@ module SafeYAML
     def initialize
       @anchors = {}
       @stack = []
+      @current_key = nil
+      @result = nil
     end
 
     def result
       @result
     end
 
-    def add_to_current_structure(value, anchor=nil)
-      value = Transform.to_proper_type(value)
+    def add_to_current_structure(value, anchor=nil, quoted=nil)
+      value = Transform.to_proper_type(value, quoted)
 
       @anchors[anchor] = value if anchor
 
@@ -60,7 +62,7 @@ module SafeYAML
     end
 
     def scalar(value, anchor, tag, plain, quoted, style)
-      add_to_current_structure(value, anchor)
+      add_to_current_structure(value, anchor, quoted)
     end
 
     def start_mapping(anchor, tag, implicit, style)

data/lib/safe_yaml/syck_resolver.rb

@@ -1,19 +1,23 @@
 module SafeYAML
   class SyckResolver
+    QUOTE_STYLES = [:quote1, :quote2]
+
     def resolve_node(node)
       case node.kind
       when :map
-        return resolve_map(node.value)
+        return resolve_map(node)
       when :seq
-        return resolve_seq(node.value)
+        return resolve_seq(node)
       when :scalar
-        return resolve_scalar(node.value)
+        return resolve_scalar(node)
       else
         raise "Don't know how to resolve a '#{node.kind}' node!"
       end
     end
 
-    def resolve_map(map)
+    def resolve_map(node)
+      map = node.value
+
       hash = {}
       map.each do |key_node, value_node|
         if resolve_node(key_node) == "<<"
@@ -22,15 +26,18 @@ module SafeYAML
           hash[resolve_node(key_node)] = resolve_node(value_node)
         end
       end
+
       return hash
     end
 
-    def resolve_seq(seq)
+    def resolve_seq(node)
+      seq = node.value
+
       seq.map { |node| resolve_node(node) }
     end
 
-    def resolve_scalar(scalar)
-      Transform.to_proper_type(scalar)
+    def resolve_scalar(node)
+      Transform.to_proper_type(node.value, QUOTE_STYLES.include?(node.instance_variable_get(:@style)))
     end
   end
 end

data/lib/safe_yaml/transform/to_date.rb

@@ -1,7 +1,7 @@
 module SafeYAML
   class Transform
     class ToDate
-      MATCHER = /^\d{4}\-\d{2}\-\d{2}$/.freeze
+      MATCHER = /\A\d{4}\-\d{2}\-\d{2}\Z/.freeze
 
       def transform?(value)
         return false unless MATCHER.match(value)

data/lib/safe_yaml/transform/to_float.rb

@@ -1,7 +1,7 @@
 module SafeYAML
   class Transform
     class ToFloat
-      MATCHER = /^(?:\d+(?:\.\d*)?$)|(?:^\.\d+$)/.freeze
+      MATCHER = /\A(?:\d+(?:\.\d*)?\Z)|(?:^\.\d+\Z)/.freeze
 
       def transform?(value)
         return false unless MATCHER.match(value)

data/lib/safe_yaml/transform/to_integer.rb

@@ -1,7 +1,7 @@
 module SafeYAML
   class Transform
     class ToInteger
-      MATCHER = /^\d+$/.freeze
+      MATCHER = /\A\d+\Z/.freeze
 
       def transform?(value)
         return false unless MATCHER.match(value)

data/lib/safe_yaml/transform/to_symbol.rb

@@ -1,10 +1,10 @@
 module SafeYAML
   class Transform
     class ToSymbol
-      MATCHER = /^:\w+$/.freeze
+      MATCHER = /\A:\w+\Z/.freeze
 
       def transform?(value)
-        return false if !Transform::OPTIONS[:enable_symbol_parsing] || !MATCHER.match(value)
+        return false unless SafeYAML::OPTIONS[:enable_symbol_parsing] && MATCHER.match(value)
         return true, value[1..-1].to_sym
       end
     end

data/lib/safe_yaml/transform/to_time.rb

@@ -3,7 +3,7 @@ module SafeYAML
     class ToTime
       # There isn't a missing '$' there; YAML itself seems to ignore everything at the end of a
       # string that otherwise resembles a time.
-      MATCHER = /^\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}(?:\.\d{1,5})?/.freeze
+      MATCHER = /\A\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}(?:\.\d{1,5})?/.freeze
 
       def transform?(value)
         return false unless MATCHER.match(value)

data/lib/safe_yaml/transform.rb

@@ -1,9 +1,5 @@
 module SafeYAML
   class Transform
-    OPTIONS = {
-      :enable_symbol_parsing => false
-    }
-
     TRANSFORMERS = [
       Transform::ToSymbol.new,
       Transform::ToInteger.new,
@@ -14,7 +10,9 @@ module SafeYAML
       Transform::ToTime.new
     ]
 
-    def self.to_proper_type(value)
+    def self.to_proper_type(value, quoted=false)
+      return value if quoted
+
       if value.is_a?(String)
         TRANSFORMERS.each do |transformer|
           success, transformed_value = transformer.transform?(value)

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.5.2"
+  VERSION = "0.6.1"
 end

data/lib/safe_yaml.rb

@@ -9,7 +9,34 @@ require "safe_yaml/transform/to_time"
 require "safe_yaml/transform"
 require "safe_yaml/version"
 
+module SafeYAML
+  OPTIONS = {
+    :enable_symbol_parsing => false,
+    :enable_arbitrary_object_deserialization => false
+  }
+end
+
 module YAML
+  def self.load_with_options(yaml, options={})
+    safe_mode = safe_mode_from_options("load", options)
+
+    arguments = [yaml]
+    if RUBY_VERSION >= "1.9.3"
+      arguments << options[:filename]
+    end
+
+    safe_mode ? safe_load(*arguments) : unsafe_load(*arguments)
+  end
+
+  def self.load_file_with_options(file, options={})
+    safe_mode = safe_mode_from_options("load_file", options)
+    safe_mode ? safe_load_file(file) : unsafe_load_file(file)
+  end
+
+  def self.load_with_filename_and_options(yaml, filename=nil, options={})
+    load_with_options(yaml, options.merge(:filename => filename))
+  end
+
   if RUBY_VERSION >= "1.9.3"
     require "safe_yaml/psych_handler"
     def self.safe_load(yaml, filename=nil)
@@ -18,9 +45,13 @@ module YAML
       return safe_handler.result
     end
 
-    def self.orig_load_file(filename)
+    def self.safe_load_file(filename)
+      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f, filename }
+    end
+
+    def self.unsafe_load_file(filename)
       # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
-      File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f, filename }
+      File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f, filename }
     end
 
   elsif RUBY_VERSION == "1.9.2"
@@ -31,9 +62,13 @@ module YAML
       return safe_handler.result
     end
 
-    def self.orig_load_file(filename)
+    def self.safe_load_file(filename)
+      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f }
+    end
+
+    def self.unsafe_load_file(filename)
       # https://github.com/tenderlove/psych/blob/v1.2.0/lib/psych.rb#L228-230
-      File.open(filename, 'r:bom|utf-8') { |f| self.orig_load f }
+      File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f }
     end
 
   else
@@ -44,22 +79,62 @@ module YAML
       return safe_resolver.resolve_node(tree)
     end
 
-    def self.orig_load_file(filename)
+    def self.safe_load_file(filename)
+      File.open(filename) { |f| self.safe_load f }
+    end
+
+    def self.unsafe_load_file(filename)
       # https://github.com/indeyets/syck/blob/master/ext/ruby/lib/yaml.rb#L133-135
-      File.open(filename) { |f| self.orig_load f }
+      File.open(filename) { |f| self.unsafe_load f }
     end
   end
 
   class << self
-    alias_method :orig_load, :load
-    alias_method :load, :safe_load
+    alias_method :unsafe_load, :load
 
-    def enable_symbol_parsing
-      SafeYAML::Transform::OPTIONS[:enable_symbol_parsing]
+    if RUBY_VERSION >= "1.9.3"
+      alias_method :load, :load_with_filename_and_options
+    else
+      alias_method :load, :load_with_options
     end
 
-    def enable_symbol_parsing=(value)
-      SafeYAML::Transform::OPTIONS[:enable_symbol_parsing] = value
+    alias_method :load_file, :load_file_with_options
+
+    def enable_symbol_parsing?
+      SafeYAML::OPTIONS[:enable_symbol_parsing]
+    end
+
+    def enable_symbol_parsing!
+      SafeYAML::OPTIONS[:enable_symbol_parsing] = true
+    end
+
+    def disable_symbol_parsing!
+      SafeYAML::OPTIONS[:enable_symbol_parsing] = false
+    end
+
+    def enable_arbitrary_object_deserialization?
+      SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization]
+    end
+
+    def enable_arbitrary_object_deserialization!
+      SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = true
+    end
+
+    def disable_arbitrary_object_deserialization!
+      SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = false
+    end
+  end
+
+  private
+  def self.safe_mode_from_options(method, options={})
+    safe_mode = options[:safe]
+
+    if safe_mode.nil?
+      mode = SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] ? "unsafe" : "safe"
+      Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{mode} mode."
+      safe_mode = !SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization]
     end
+
+    safe_mode
   end
 end

data/run_specs_all_ruby_versions.sh

@@ -10,3 +10,6 @@ rake spec
 
 rvm use 1.9.3@safe_yaml
 rake spec
+
+rvm use 2.0.0@safe_yaml
+rake spec

data/safe_yaml.gemspec

@@ -6,10 +6,10 @@ Gem::Specification.new do |gem|
   gem.version       = SafeYAML::VERSION
   gem.authors       = "Dan Tao"
   gem.email         = "daniel.tao@gmail.com"
-  gem.description   = %q{Parse YAML safely, without that pesky arbitrary code execution vulnerability}
+  gem.description   = %q{Parse YAML safely, without that pesky arbitrary object deserialization vulnerability}
   gem.summary       = %q{SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.}
   gem.homepage      = "http://dtao.github.com/safe_yaml/"
-
+  gem.license       = "MIT"
   gem.files         = `git ls-files`.split($\)
   gem.test_files    = gem.files.grep(%r{^spec/})
   gem.require_paths = ["lib"]

data/spec/safe_yaml_spec.rb

@@ -3,42 +3,50 @@ require File.join(File.dirname(__FILE__), "spec_helper")
 require "exploitable_back_door"
 
 describe YAML do
+  # Essentially stolen from:
+  # https://github.com/rails/rails/blob/3-2-stable/activesupport/lib/active_support/core_ext/kernel/reporting.rb#L10-25
+  def silence_warnings
+    $VERBOSE = nil; yield
+  ensure
+    $VERBOSE = true
+  end
+
   before :each do
-    YAML.enable_symbol_parsing = false
+    YAML.disable_symbol_parsing!
   end
 
-  describe "orig_load" do
+  describe "unsafe_load" do
     if RUBY_VERSION >= "1.9.3"
       it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
-        backdoor = YAML.orig_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
+        backdoor = YAML.unsafe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
         backdoor.should be_exploited_through_setter
       end
 
       it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
-        backdoor = YAML.orig_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+        backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
         backdoor.should be_exploited_through_init_with
       end
     end
 
     it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
-      backdoor = YAML.orig_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+      backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
       backdoor.should be_exploited_through_ivars
     end
   end
 
-  describe "load" do
+  describe "safe_load" do
     it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
-      object = YAML.load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
+      object = YAML.safe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
       object.should_not be_a(ExploitableBackDoor)
     end
 
     it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
-      object = YAML.load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
+      object = YAML.safe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
       object.should_not be_a(ExploitableBackDoor)
     end
 
     it "loads a plain ol' YAML document just fine" do
-      result = YAML.load <<-YAML.unindent
+      result = YAML.safe_load <<-YAML.unindent
         foo:
           number: 1
           string: Hello, there!
@@ -59,7 +67,7 @@ describe YAML do
     end
 
     it "works for YAML documents with anchors and aliases" do
-      result = YAML.load <<-YAML
+      result = YAML.safe_load <<-YAML
         - &id001 {}
         - *id001
         - *id001
@@ -69,7 +77,7 @@ describe YAML do
     end
 
     it "works for YAML documents with sections" do
-      result = YAML.load <<-YAML
+      result = YAML.safe_load <<-YAML
         mysql: &mysql
           adapter: mysql
           pool: 30
@@ -102,34 +110,150 @@ describe YAML do
     end
   end
 
-  describe "orig_load_file" do
+  describe "unsafe_load_file" do
     if RUBY_VERSION >= "1.9.3"
       it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
-        backdoor = YAML.orig_load_file "spec/exploit.1.9.3.yaml"
+        backdoor = YAML.unsafe_load_file "spec/exploit.1.9.3.yaml"
         backdoor.should be_exploited_through_setter
       end
 
       it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
-        backdoor = YAML.orig_load_file "spec/exploit.1.9.2.yaml"
+        backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
         backdoor.should be_exploited_through_init_with
       end
     end
 
     it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
-      backdoor = YAML.orig_load_file "spec/exploit.1.9.2.yaml"
+      backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
       backdoor.should be_exploited_through_ivars
     end
   end
 
-  describe "load_file" do
+  describe "safe_load_file" do
     it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
-      object = YAML.load_file "spec/exploit.1.9.3.yaml"
+      object = YAML.safe_load_file "spec/exploit.1.9.3.yaml"
       object.should_not be_a(ExploitableBackDoor)
     end
 
     it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
-      object = YAML.load_file "spec/exploit.1.9.2.yaml"
+      object = YAML.safe_load_file "spec/exploit.1.9.2.yaml"
       object.should_not be_a(ExploitableBackDoor)
     end
   end
+
+  describe "load" do
+    let (:arguments) {
+      if RUBY_VERSION >= "1.9.3"
+        ["foo: bar", nil]
+      else
+        ["foo: bar"]
+      end
+    }
+
+    it "issues a warning if the :safe option is omitted" do
+      silence_warnings do
+        Kernel.should_receive(:warn)
+        YAML.load(*arguments)
+      end
+    end
+
+    it "doesn't issue a warning as long as the :safe option is specified" do
+      Kernel.should_not_receive(:warn)
+      YAML.load(*(arguments + [{:safe => true}]))
+    end
+
+    it "defaults to safe mode if the :safe option is omitted" do
+      silence_warnings do
+        YAML.should_receive(:safe_load).with(*arguments)
+        YAML.load(*arguments)
+      end
+    end
+
+    it "calls #safe_load if the :safe option is set to true" do
+      YAML.should_receive(:safe_load).with(*arguments)
+      YAML.load(*(arguments + [{:safe => true}]))
+    end
+
+    it "calls #unsafe_load if the :safe option is set to false" do
+      YAML.should_receive(:unsafe_load).with(*arguments)
+      YAML.load(*(arguments + [{:safe => false}]))
+    end
+
+    context "with arbitrary object deserialization enabled by default" do
+      before :each do
+        YAML.enable_arbitrary_object_deserialization!
+      end
+
+      after :each do
+        YAML.disable_arbitrary_object_deserialization!
+      end
+
+      it "defaults to unsafe mode if the :safe option is omitted" do
+        silence_warnings do
+          YAML.should_receive(:unsafe_load).with(*arguments)
+          YAML.load(*arguments)
+        end
+      end
+
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load).with(*arguments)
+        YAML.load(*(arguments + [{:safe => true}]))
+      end
+    end
+  end
+
+  describe "load_file" do
+    let(:filename) { "spec/exploit.1.9.2.yaml" } # doesn't really matter
+
+    it "issues a warning if the :safe option is omitted" do
+      silence_warnings do
+        Kernel.should_receive(:warn)
+        YAML.load_file(filename)
+      end
+    end
+
+    it "doesn't issue a warning as long as the :safe option is specified" do
+      Kernel.should_not_receive(:warn)
+      YAML.load_file(filename, :safe => true)
+    end
+
+    it "defaults to safe mode if the :safe option is omitted" do
+      silence_warnings do
+        YAML.should_receive(:safe_load_file).with(filename)
+        YAML.load_file(filename)
+      end
+    end
+
+    it "calls #safe_load_file if the :safe option is set to true" do
+      YAML.should_receive(:safe_load_file).with(filename)
+      YAML.load_file(filename, :safe => true)
+    end
+
+    it "calls #unsafe_load_file if the :safe option is set to false" do
+      YAML.should_receive(:unsafe_load_file).with(filename)
+      YAML.load_file(filename, :safe => false)
+    end
+
+    context "with arbitrary object deserialization enabled by default" do
+      before :each do
+        YAML.enable_arbitrary_object_deserialization!
+      end
+
+      after :each do
+        YAML.disable_arbitrary_object_deserialization!
+      end
+
+      it "defaults to unsafe mode if the :safe option is omitted" do
+        silence_warnings do
+          YAML.should_receive(:unsafe_load_file).with(filename)
+          YAML.load_file(filename)
+        end
+      end
+
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load_file).with(filename)
+        YAML.load_file(filename, :safe => true)
+      end
+    end
+  end
 end

data/spec/shared_specs.rb

@@ -70,6 +70,11 @@ module SharedSpecs
           result.should == [nil] * 3
         end
 
+        it "translates quoted empty strings to strings (not nil)" do
+          parse "foo: ''"
+          result.should == { "foo" => "" }
+        end
+
         it "deals just fine with nested maps" do
           parse <<-YAML
             foo:
@@ -132,16 +137,19 @@ module SharedSpecs
             result.should == { "time" => Time.new(2013, 1, 29, 5, 58, 0, "-08:00") }
           end
 
-          it "applies the same transformation to keys" do
-            parse "2013-01-29 05:58:00 -0800: time"
-            result.should == { Time.new(2013, 1, 29, 5, 58, 0, "-08:00") => "time" }
-          end
-
           it "applies the same transformation to elements in sequences" do
             parse "- 2013-01-29 05:58:00 -0800"
             result.should == [Time.new(2013, 1, 29, 5, 58, 0, "-08:00")]
           end
 
+          # On Ruby 2.0.0-rc1, even YAML.load overflows the stack on this input.
+          if RUBY_VERSION != "2.0.0"
+            it "applies the same transformation to keys" do
+              parse "2013-01-29 05:58:00 -0800: time"
+              result.should == { Time.new(2013, 1, 29, 5, 58, 0, "-08:00") => "time" }
+            end
+          end
+
         else
           it "does not deserialize times" do
             parse "time: 2013-01-29 05:58:00 -0800"
@@ -152,7 +160,11 @@ module SharedSpecs
 
       context "with symbol parsing enabled" do
         before :each do
-          YAML.enable_symbol_parsing = true
+          YAML.enable_symbol_parsing!
+        end
+
+        after :each do
+          YAML.disable_symbol_parsing!
         end
 
         it "translates values starting with ':' to symbols" do
@@ -162,13 +174,11 @@ module SharedSpecs
 
         it "applies the same transformation to keys" do
           parse ":bar: symbol"
-
           result.should == { :bar  => "symbol" }
         end
 
         it "applies the same transformation to elements in sequences" do
           parse "- :bar"
-
           result.should == [:bar]
         end
       end

data/spec/transform/to_date_spec.rb

@@ -0,0 +1,19 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+describe SafeYAML::Transform::ToDate do
+  it "returns true when the value matches a valid Date" do
+    subject.transform?("2013-01-01")[0].should == true
+  end
+
+  it "returns false when the value does not match a valid Date" do
+    subject.transform?("foobar").should be_false
+  end
+
+  it "returns false when the value does not end with a Date" do
+    subject.transform?("2013-01-01\nNOT A DATE").should be_false
+  end
+
+  it "returns false when the value does not begin with a Date" do
+    subject.transform?("NOT A DATE\n2013-01-01").should be_false
+  end
+end

data/spec/transform/to_float_spec.rb

@@ -0,0 +1,15 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+describe SafeYAML::Transform::ToFloat do
+  it "returns true when the value matches a valid Float" do
+    subject.transform?("20.00").should be_true
+  end
+
+  it "returns false when the value does not match a valid Float" do
+    subject.transform?("foobar").should be_false
+  end
+
+  it "returns false when the value spans multiple lines" do
+    subject.transform?("20.00\nNOT A FLOAT").should be_false
+  end
+end

data/spec/transform/to_integer_spec.rb

@@ -0,0 +1,15 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+describe SafeYAML::Transform::ToInteger do
+  it "returns true when the value matches a valid Integer" do
+    subject.transform?("10")[0].should be_true
+  end
+
+  it "returns false when the value does not match a valid Integer" do
+    subject.transform?("foobar").should be_false
+  end
+
+  it "returns false when the value spans multiple lines" do
+    subject.transform?("10\nNOT AN INTEGER").should be_false
+  end
+end

data/spec/transform/to_symbol_spec.rb

@@ -0,0 +1,45 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+describe SafeYAML::Transform::ToSymbol do
+  def with_symbol_parsing_value(value)
+    symbol_parsing_flag = YAML.enable_symbol_parsing?
+    SafeYAML::OPTIONS[:enable_symbol_parsing] = value
+
+    yield
+
+  ensure
+    SafeYAML::OPTIONS[:enable_symbol_parsing] = symbol_parsing_flag
+  end
+
+  def with_symbol_parsing(&block)
+    with_symbol_parsing_value(true, &block)
+  end
+
+  def without_symbol_parsing(&block)
+    with_symbol_parsing_value(false, &block)
+  end
+
+  it "returns true when the value matches a valid Symbol" do
+    with_symbol_parsing { subject.transform?(":foo")[0].should be_true }
+  end
+
+  it "returns false when symbol parsing is disabled" do
+    without_symbol_parsing { subject.transform?(":foo").should be_false }
+  end
+
+  it "returns false when the value does not match a valid Symbol" do
+    with_symbol_parsing { subject.transform?("foo").should be_false }
+  end
+
+  it "returns false when the symbol does not begin the line" do
+    with_symbol_parsing do
+      subject.transform?("NOT A SYMBOL\n:foo").should be_false
+    end
+  end
+
+  it "returns false when the symbol does not end the line" do
+    with_symbol_parsing do
+      subject.transform?(":foo\nNOT A SYMBOL").should be_false
+    end
+  end
+end

data/spec/transform/to_time_spec.rb

@@ -0,0 +1,18 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+describe SafeYAML::Transform::ToTime do
+  # YAML don't parse times prior to 1.9.
+  if RUBY_VERSION >= "1.9.2"
+    it "returns true when the value matches a valid Time" do
+      subject.transform?("2013-01-01 10:00:00")[0].should == true
+    end
+  end
+
+  it "returns false when the value does not match a valid Time" do
+    subject.transform?("not a time").should be_false
+  end
+
+  it "returns false when the beginning of a line does not match a Time" do
+    subject.transform?("NOT A TIME\n2013-01-01 10:00:00").should be_false
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.6.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,16 +9,19 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-29 00:00:00.000000000 Z
+date: 2013-02-02 00:00:00.000000000 Z
 dependencies: []
-description: Parse YAML safely, without that pesky arbitrary code execution vulnerability
+description: Parse YAML safely, without that pesky arbitrary object deserialization
+  vulnerability
 email: daniel.tao@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
 - Gemfile
+- LICENSE.txt
 - README.md
 - Rakefile
 - lib/safe_yaml.rb
@@ -43,8 +46,14 @@ files:
 - spec/spec_helper.rb
 - spec/support/exploitable_back_door.rb
 - spec/syck_resolver_spec.rb
+- spec/transform/to_date_spec.rb
+- spec/transform/to_float_spec.rb
+- spec/transform/to_integer_spec.rb
+- spec/transform/to_symbol_spec.rb
+- spec/transform/to_time_spec.rb
 homepage: http://dtao.github.com/safe_yaml/
-licenses: []
+licenses:
+- MIT
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -63,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: SameYAML provides an alternative implementation of YAML.load suitable for
@@ -77,3 +86,8 @@ test_files:
 - spec/spec_helper.rb
 - spec/support/exploitable_back_door.rb
 - spec/syck_resolver_spec.rb
+- spec/transform/to_date_spec.rb
+- spec/transform/to_float_spec.rb
+- spec/transform/to_integer_spec.rb
+- spec/transform/to_symbol_spec.rb
+- spec/transform/to_time_spec.rb