safe_yaml 0.8.4 → 0.8.5

data/lib/safe_yaml.rb

@@ -17,6 +17,7 @@ module SafeYAML
 
   DEFAULT_OPTIONS = {
     :default_mode         => nil,
+    :suppress_warnings    => false,
     :deserialize_symbols  => false,
     :whitelisted_tags     => [],
     :custom_initializers  => {},
@@ -156,7 +157,10 @@ module YAML
     def safe_mode_from_options(method, options={})
       if options[:safe].nil?
         safe_mode = SafeYAML::OPTIONS[:default_mode] || :safe
-        Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{safe_mode} mode." if SafeYAML::OPTIONS[:default_mode].nil?
+        if SafeYAML::OPTIONS[:default_mode].nil? && !SafeYAML::OPTIONS[:suppress_warnings]
+          Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{safe_mode} mode."
+          SafeYAML::OPTIONS[:suppress_warnings] = true
+        end
         return safe_mode
       end
 

data/lib/safe_yaml/transform/to_float.rb

@@ -16,8 +16,11 @@ module SafeYAML
         ".NAN"  => NaN,
       }.freeze
 
+      MATCHER = /\A[-+]?(?:\d[\d_]*)?\.[\d_]*(?:[eE][-+][\d]+)?\Z/.freeze
+
       def transform?(value)
-        return true, Float(value) rescue try_edge_cases?(value)
+        return true, Float(value) if MATCHER.match(value)
+        try_edge_cases?(value)
       end
 
       def try_edge_cases?(value)

data/lib/safe_yaml/transform/to_integer.rb

@@ -1,8 +1,18 @@
 module SafeYAML
   class Transform
     class ToInteger
+      MATCHERS = [
+        /\A[-+]?[1-9][0-9_]*\Z/.freeze, # decimal
+        /\A0[0-7]+\Z/.freeze,           # octal
+        /\A0x[0-9a-f]+\Z/i.freeze,      # hexadecimal
+        /\A0b[01_]+\Z/.freeze           # binary
+      ].freeze
+
       def transform?(value)
-        return true, Integer(value) rescue try_edge_cases?(value)
+        MATCHERS.each do |matcher|
+          return true, Integer(value) if matcher.match(value)
+        end
+        try_edge_cases?(value)
       end
 
       def try_edge_cases?(value)

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.8.4"
+  VERSION = "0.8.5"
 end

data/spec/resolver_specs.rb

@@ -182,9 +182,12 @@ module ResolverSpecs
             result.should == [Time.utc(2013, 1, 29, 13, 58, 0)]
           end
 
-          it "applies the same transformation to keys" do
-            parse "2013-01-29 05:58:00 -0800: time"
-            result.should == { Time.utc(2013, 1, 29, 13, 58, 0) => "time" }
+          # On Ruby 2.0.0-rc1, even YAML.load overflows the stack on this input.
+          if RUBY_VERSION != "2.0.0"
+            it "applies the same transformation to keys" do
+              parse "2013-01-29 05:58:00 -0800: time"
+              result.should == { Time.utc(2013, 1, 29, 13, 58, 0) => "time" }
+            end
           end
         end
       end

data/spec/safe_yaml_spec.rb

@@ -12,7 +12,7 @@ describe YAML do
   end
 
   before :each do
-    SafeYAML::OPTIONS[:deserialize_symbols] = false
+    SafeYAML.restore_defaults!
   end
 
   describe "unsafe_load" do
@@ -42,10 +42,6 @@ describe YAML do
         end
       end
 
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "effectively ignores the whitelist (since everything is whitelisted)" do
         result = YAML.unsafe_load <<-YAML.unindent
           --- !ruby/object:OpenStruct 
@@ -260,10 +256,6 @@ describe YAML do
         end
       end
 
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "will use a custom initializer to instantiate an array-like class upon deserialization" do
         result = YAML.safe_load <<-YAML.unindent
           --- !set
@@ -299,10 +291,6 @@ describe YAML do
         SafeYAML::OPTIONS[:deserialize_symbols] = true
       end
 
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "will allow objects to be deserialized for whitelisted tags" do
         result = YAML.safe_load("--- !ruby/object:OpenStruct\ntable:\n  foo: bar\n")
         result.should be_a(OpenStruct)
@@ -429,10 +417,6 @@ describe YAML do
     }
 
     context "as long as a :default_mode has been specified" do
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "doesn't issue a warning for safe mode, since an explicit mode has been set" do
         SafeYAML::OPTIONS[:default_mode] = :safe
         Kernel.should_not_receive(:warn)
@@ -453,6 +437,13 @@ describe YAML do
       end
     end
 
+    it "only issues a warning once (to avoid spamming an app's output)" do
+      silence_warnings do
+        Kernel.should_receive(:warn).once
+        2.times { YAML.load(*arguments) }
+      end
+    end
+
     it "doesn't issue a warning as long as the :safe option is specified" do
       Kernel.should_not_receive(:warn)
       YAML.load(*(arguments + [{:safe => true}]))
@@ -480,10 +471,6 @@ describe YAML do
         SafeYAML::OPTIONS[:default_mode] = :unsafe
       end
 
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "defaults to unsafe mode if the :safe option is omitted" do
         silence_warnings do
           YAML.should_receive(:unsafe_load).with(*arguments)
@@ -535,10 +522,6 @@ describe YAML do
         SafeYAML::OPTIONS[:default_mode] = :unsafe
       end
 
-      after :each do
-        SafeYAML.restore_defaults!
-      end
-
       it "defaults to unsafe mode if the :safe option is omitted" do
         silence_warnings do
           YAML.should_receive(:unsafe_load_file).with(filename)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.8.4
+  version: 0.8.5
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-26 00:00:00.000000000 Z
+date: 2013-03-11 00:00:00.000000000 Z
 dependencies: []
 description: Parse YAML safely, without that pesky arbitrary object deserialization
   vulnerability