RubyGems - safe_yaml - Versions diffs - 0.8.2 → 0.8.3 - Mend

safe_yaml 0.8.2 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/lib/safe_yaml/resolver.rb +4 -0
data/lib/safe_yaml/transform/to_integer.rb +7 -1
data/lib/safe_yaml/version.rb +1 -1
data/spec/safe_yaml_spec.rb +5 -0
data/spec/transform/to_integer_spec.rb +17 -1
metadata +40 -22

data/lib/safe_yaml/resolver.rb CHANGED Viewed

@@ -7,6 +7,10 @@ module SafeYAML
     end
     def resolve_node(node)
+      if not node
+        return node
+      end
       case self.get_node_type(node)
       when :root
         resolve_root(node)

data/lib/safe_yaml/transform/to_integer.rb CHANGED Viewed

@@ -1,9 +1,15 @@
 module SafeYAML
   class Transform
     class ToInteger
-      MATCHER = /\A\d+\Z/.freeze
+      OCTAL_MATCHER = /\A0[0-7]+\Z/.freeze
+      HEXADECIMAL_MATCHER = /\A0x[0-9a-f]+\Z/i.freeze
+      MATCHER = /\A[1-9]\d*\Z/.freeze
       def transform?(value)
+        if OCTAL_MATCHER.match(value) || HEXADECIMAL_MATCHER.match(value)
+          return true, Integer(value)
+        end
         return false unless MATCHER.match(value)
         return true, value.to_i
       end

data/lib/safe_yaml/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.8.2"
+  VERSION = "0.8.3"
 end

data/spec/safe_yaml_spec.rb CHANGED Viewed

@@ -239,6 +239,11 @@ describe YAML do
         "grandcustom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" }
       }
     end
+    it "returns false when parsing an empty document" do
+      result = YAML.safe_load ""
+      result.should == false
+    end
     context "with custom initializers defined" do
       before :each do

data/spec/transform/to_integer_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), "..", "spec_helper")
 describe SafeYAML::Transform::ToInteger do
   it "returns true when the value matches a valid Integer" do
-    subject.transform?("10")[0].should be_true
+    subject.transform?("10").should be_true
   end
   it "returns false when the value does not match a valid Integer" do
@@ -12,4 +12,20 @@ describe SafeYAML::Transform::ToInteger do
   it "returns false when the value spans multiple lines" do
     subject.transform?("10\nNOT AN INTEGER").should be_false
   end
+  it "correctly parses numbers in octal format" do
+    subject.transform?("010").should == [true, 8]
+  end
+  it "correctly parses numbers in hexadecimal format" do
+    subject.transform?("0x1FF").should == [true, 511]
+  end
+  it "defaults to a string for a number that resembles octal format but is not" do
+    subject.transform?("09").should be_false
+  end
+  it "defaults to a string for a number that resembles hexadecimal format but is not" do
+    subject.transform?("0x1G").should be_false
+  end
 end

metadata CHANGED Viewed

@@ -1,23 +1,32 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: safe_yaml
-version: !ruby/object:Gem::Version
-  version: 0.8.2
+version: !ruby/object:Gem::Version
+  hash: 57
   prerelease:
+  segments:
+  - 0
+  - 8
+  - 3
+  version: 0.8.3
 platform: ruby
-authors:
+authors:
 - Dan Tao
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-02-17 00:00:00.000000000 Z
+date: 2013-02-20 00:00:00 Z
 dependencies: []
-description: Parse YAML safely, without that pesky arbitrary object deserialization
-  vulnerability
+description: Parse YAML safely, without that pesky arbitrary object deserialization vulnerability
 email: daniel.tao@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - .gitignore
 - .travis.yml
 - Gemfile
@@ -55,32 +64,41 @@ files:
 - spec/transform/to_symbol_spec.rb
 - spec/transform/to_time_spec.rb
 homepage: http://dtao.github.com/safe_yaml/
-licenses:
+licenses:
 - MIT
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 57
+      segments:
+      - 1
+      - 8
+      - 7
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.25
 signing_key:
 specification_version: 3
-summary: SameYAML provides an alternative implementation of YAML.load suitable for
-  accepting user input in Ruby applications.
-test_files:
+summary: SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.
+test_files:
 - spec/exploit.1.9.2.yaml
 - spec/exploit.1.9.3.yaml
 - spec/psych_resolver_spec.rb