safe_yaml 0.7.0 → 0.7.1

data/.travis.yml

@@ -1,7 +1,12 @@
-language: ruby
+language:
+  ruby
+
 before_install:
-  - gem install bundler
-script: "bundle exec rake spec"
+  gem install bundler
+
+script:
+  bundle exec rake spec
+
 rvm:
   - ruby-head
   - 2.0.0
@@ -14,6 +19,11 @@ rvm:
   - jruby-19mode
   - jruby-18mode
   - ree
+
+env:
+  - YAMLER=syck
+  - YAMLER=psych
+
 matrix:
   allow_failures:
     - rvm: ruby-head
@@ -22,4 +32,14 @@ matrix:
     - rvm: jruby-head
     - rvm: jruby-19mode
     - rvm: jruby-18mode
-    - rvm: ree
+    - rvm: ree
+
+  exclude:
+    - rvm: 1.8.7
+      env: YAMLER=psych
+    - rvm: jruby-head
+      env: YAMLER=syck
+    - rvm: jruby-19mode
+      env: YAMLER=syck
+    - rvm: jruby-18mode
+      env: YAMLER=syck

data/Gemfile

@@ -6,4 +6,5 @@ group :development do
   gem "heredoc_unindent"
   gem "rake"
   gem "rspec"
+  gem "travis-lint"
 end

data/lib/safe_yaml/syck_resolver.rb

@@ -22,13 +22,15 @@ module SafeYAML
 
       # Take the "<<" key nodes first, as these are meant to approximate a form of inheritance.
       inheritors = map.keys.select { |node| resolve_node(node) == "<<" }
-      inheritors.each do |key|
-        value_node = map.delete(key)
+      inheritors.each do |key_node|
+        value_node = map[key_node]
         hash.merge!(resolve_node(value_node))
       end
 
       # All that's left should be normal (non-"<<") nodes.
-      map.each do |key_node, value_node|
+      normal_keys = map.keys.reject { |node| resolve_node(node) == "<<" }
+      normal_keys.each do |key_node|
+        value_node = map[key_node]
         hash[resolve_node(key_node)] = resolve_node(value_node)
       end
 

data/lib/safe_yaml/transform/to_float.rb

@@ -1,7 +1,7 @@
 module SafeYAML
   class Transform
     class ToFloat
-      MATCHER = /\A(?:\d+(?:\.\d*)?\Z)|(?:^\.\d+\Z)/.freeze
+      MATCHER = /\A\d*\.\d+\Z/.freeze
 
       def transform?(value)
         return false unless MATCHER.match(value)

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.7.0"
+  VERSION = "0.7.1"
 end

data/spec/safe_yaml_spec.rb

@@ -182,6 +182,27 @@ describe YAML do
         }
       end
     end
+
+    it "works with multi-level inheritance" do
+      result = YAML.safe_load <<-YAML
+        defaults: &defaults
+          foo: foo
+          bar: bar
+          baz: baz
+        custom: &custom
+          <<: *defaults
+          bar: custom_bar
+          baz: custom_baz
+        grandcustom: &grandcustom
+          <<: *custom
+      YAML
+
+      result.should == {
+        "defaults"    => { "foo" => "foo", "bar" => "bar", "baz" => "baz" },
+        "custom"      => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" },
+        "grandcustom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" }
+      }
+    end
   end
 
   describe "unsafe_load_file" do

data/spec/spec_helper.rb

@@ -1,10 +1,10 @@
-HERE = File.dirname(__FILE__)
-ROOT = File.join(HERE, "..")
+HERE = File.dirname(__FILE__) unless defined?(HERE)
+ROOT = File.join(HERE, "..") unless defined?(ROOT)
 
 $LOAD_PATH << File.join(ROOT, "lib")
 $LOAD_PATH << File.join(HERE, "support")
 
-if ENV["YAMLER"]
+if ENV["YAMLER"] && defined?(YAML::ENGINE)
   require "yaml"
   YAML::ENGINE.yamler = ENV["YAMLER"]
   puts "Running specs in Ruby #{RUBY_VERSION} with '#{YAML::ENGINE.yamler}' YAML engine."

metadata

@@ -1,32 +1,23 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: safe_yaml
-version: !ruby/object:Gem::Version 
-  hash: 3
+version: !ruby/object:Gem::Version
+  version: 0.7.1
   prerelease: 
-  segments: 
-  - 0
-  - 7
-  - 0
-  version: 0.7.0
 platform: ruby
-authors: 
+authors:
 - Dan Tao
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2013-02-08 00:00:00 Z
+date: 2013-02-11 00:00:00.000000000 Z
 dependencies: []
-
-description: Parse YAML safely, without that pesky arbitrary object deserialization vulnerability
+description: Parse YAML safely, without that pesky arbitrary object deserialization
+  vulnerability
 email: daniel.tao@gmail.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
 - .travis.yml
 - Gemfile
@@ -61,41 +52,32 @@ files:
 - spec/transform/to_symbol_spec.rb
 - spec/transform/to_time_spec.rb
 homepage: http://dtao.github.com/safe_yaml/
-licenses: 
+licenses:
 - MIT
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
 rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
-summary: SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.
-test_files: 
+summary: SameYAML provides an alternative implementation of YAML.load suitable for
+  accepting user input in Ruby applications.
+test_files:
 - spec/exploit.1.9.2.yaml
 - spec/exploit.1.9.3.yaml
 - spec/psych_handler_spec.rb