safe_yaml 0.8.2 → 0.8.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/safe_yaml/resolver.rb +4 -0
  2. data/lib/safe_yaml/transform/to_integer.rb +7 -1
  3. data/lib/safe_yaml/version.rb +1 -1
  4. data/spec/safe_yaml_spec.rb +5 -0
  5. data/spec/transform/to_integer_spec.rb +17 -1
  6. metadata +40 -22
data/lib/safe_yaml/resolver.rb CHANGED
@@ -7,6 +7,10 @@ module SafeYAML
7
7
  end
8
8
 
9
9
  def resolve_node(node)
10
+ if not node
11
+ return node
12
+ end
13
+
10
14
  case self.get_node_type(node)
11
15
  when :root
12
16
  resolve_root(node)
data/lib/safe_yaml/transform/to_integer.rb CHANGED
@@ -1,9 +1,15 @@
1
1
  module SafeYAML
2
2
  class Transform
3
3
  class ToInteger
4
- MATCHER = /\A\d+\Z/.freeze
4
+ OCTAL_MATCHER = /\A0[0-7]+\Z/.freeze
5
+ HEXADECIMAL_MATCHER = /\A0x[0-9a-f]+\Z/i.freeze
6
+ MATCHER = /\A[1-9]\d*\Z/.freeze
5
7
 
6
8
  def transform?(value)
9
+ if OCTAL_MATCHER.match(value) || HEXADECIMAL_MATCHER.match(value)
10
+ return true, Integer(value)
11
+ end
12
+
7
13
  return false unless MATCHER.match(value)
8
14
  return true, value.to_i
9
15
  end
data/lib/safe_yaml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.8.2"
2
+ VERSION = "0.8.3"
3
3
  end
data/spec/safe_yaml_spec.rb CHANGED
@@ -239,6 +239,11 @@ describe YAML do
239
239
  "grandcustom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" }
240
240
  }
241
241
  end
242
+
243
+ it "returns false when parsing an empty document" do
244
+ result = YAML.safe_load ""
245
+ result.should == false
246
+ end
242
247
 
243
248
  context "with custom initializers defined" do
244
249
  before :each do
data/spec/transform/to_integer_spec.rb CHANGED
@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), "..", "spec_helper")
2
2
 
3
3
  describe SafeYAML::Transform::ToInteger do
4
4
  it "returns true when the value matches a valid Integer" do
5
- subject.transform?("10")[0].should be_true
5
+ subject.transform?("10").should be_true
6
6
  end
7
7
 
8
8
  it "returns false when the value does not match a valid Integer" do
@@ -12,4 +12,20 @@ describe SafeYAML::Transform::ToInteger do
12
12
  it "returns false when the value spans multiple lines" do
13
13
  subject.transform?("10\nNOT AN INTEGER").should be_false
14
14
  end
15
+
16
+ it "correctly parses numbers in octal format" do
17
+ subject.transform?("010").should == [true, 8]
18
+ end
19
+
20
+ it "correctly parses numbers in hexadecimal format" do
21
+ subject.transform?("0x1FF").should == [true, 511]
22
+ end
23
+
24
+ it "defaults to a string for a number that resembles octal format but is not" do
25
+ subject.transform?("09").should be_false
26
+ end
27
+
28
+ it "defaults to a string for a number that resembles hexadecimal format but is not" do
29
+ subject.transform?("0x1G").should be_false
30
+ end
15
31
  end
metadata CHANGED
@@ -1,23 +1,32 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
- version: !ruby/object:Gem::Version
4
- version: 0.8.2
3
+ version: !ruby/object:Gem::Version
4
+ hash: 57
5
5
  prerelease:
6
+ segments:
7
+ - 0
8
+ - 8
9
+ - 3
10
+ version: 0.8.3
6
11
  platform: ruby
7
- authors:
12
+ authors:
8
13
  - Dan Tao
9
14
  autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
- date: 2013-02-17 00:00:00.000000000 Z
17
+
18
+ date: 2013-02-20 00:00:00 Z
13
19
  dependencies: []
14
- description: Parse YAML safely, without that pesky arbitrary object deserialization
15
- vulnerability
20
+
21
+ description: Parse YAML safely, without that pesky arbitrary object deserialization vulnerability
16
22
  email: daniel.tao@gmail.com
17
23
  executables: []
24
+
18
25
  extensions: []
26
+
19
27
  extra_rdoc_files: []
20
- files:
28
+
29
+ files:
21
30
  - .gitignore
22
31
  - .travis.yml
23
32
  - Gemfile
@@ -55,32 +64,41 @@ files:
55
64
  - spec/transform/to_symbol_spec.rb
56
65
  - spec/transform/to_time_spec.rb
57
66
  homepage: http://dtao.github.com/safe_yaml/
58
- licenses:
67
+ licenses:
59
68
  - MIT
60
69
  post_install_message:
61
70
  rdoc_options: []
62
- require_paths:
71
+
72
+ require_paths:
63
73
  - lib
64
- required_ruby_version: !ruby/object:Gem::Requirement
74
+ required_ruby_version: !ruby/object:Gem::Requirement
65
75
  none: false
66
- requirements:
67
- - - ! '>='
68
- - !ruby/object:Gem::Version
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ hash: 57
80
+ segments:
81
+ - 1
82
+ - 8
83
+ - 7
69
84
  version: 1.8.7
70
- required_rubygems_version: !ruby/object:Gem::Requirement
85
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
86
  none: false
72
- requirements:
73
- - - ! '>='
74
- - !ruby/object:Gem::Version
75
- version: '0'
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ hash: 3
91
+ segments:
92
+ - 0
93
+ version: "0"
76
94
  requirements: []
95
+
77
96
  rubyforge_project:
78
97
  rubygems_version: 1.8.25
79
98
  signing_key:
80
99
  specification_version: 3
81
- summary: SameYAML provides an alternative implementation of YAML.load suitable for
82
- accepting user input in Ruby applications.
83
- test_files:
100
+ summary: SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.
101
+ test_files:
84
102
  - spec/exploit.1.9.2.yaml
85
103
  - spec/exploit.1.9.3.yaml
86
104
  - spec/psych_resolver_spec.rb