safe_yaml 0.8.1 → 0.8.2

data/lib/safe_yaml.rb

@@ -27,6 +27,26 @@ module SafeYAML
   def restore_defaults!
     OPTIONS.clear.merge!(DEFAULT_OPTIONS)
   end
+
+  def tag_safety_check!(tag)
+    return if tag.nil?
+    if OPTIONS[:raise_on_unknown_tag] && !OPTIONS[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
+      raise "Unknown YAML tag '#{tag}'"
+    end
+  end
+
+  if YAML_ENGINE == "psych"
+    def tag_is_explicitly_trusted?(tag)
+      false
+    end
+
+  else
+    TRUSTED_TAGS = ["tag:yaml.org,2002:str"].freeze
+
+    def tag_is_explicitly_trusted?(tag)
+      TRUSTED_TAGS.include?(tag)
+    end
+  end
 end
 
 module YAML

data/lib/safe_yaml/resolver.rb

@@ -60,9 +60,7 @@ module SafeYAML
 
     def get_and_check_node_tag(node)
       tag = self.get_node_tag(node)
-      if !!tag && @raise_on_unknown_tag && !tag_is_whitelisted?(tag)
-        raise "Unknown YAML tag '#{tag}'"
-      end
+      SafeYAML.tag_safety_check!(tag)
       tag
     end
 

data/lib/safe_yaml/syck_node_monkeypatch.rb

@@ -3,7 +3,7 @@ monkeypatch = <<-EORUBY
     def safe_transform
       if self.type_id
         return unsafe_transform if SafeYAML::OPTIONS[:whitelisted_tags].include?(self.type_id)
-        raise "Unknown YAML tag '#{self.type_id}'" if SafeYAML::OPTIONS[:raise_on_unknown_tag]
+        SafeYAML.tag_safety_check!(self.type_id)
       end
 
       SafeYAML::SyckResolver.new.resolve_node(self)

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.8.1"
+  VERSION = "0.8.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.8.2
   prerelease: 
 platform: ruby
 authors: