safe_yaml 0.8.6 → 0.9.0

data/README.md

@@ -3,7 +3,9 @@ SafeYAML
 
 [![Build Status](https://travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)
 
-The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones recently](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [discovered in Rails](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
+The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [in Rails in early 2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
+
+**If you encounter any issues with SafeYAML, check out the 'Common Issues' section below.** If you don't see anything that addresses the problem you're experiencing, by all means, [create an issue](https://github.com/dtao/safe_yaml/issues/new)!
 
 Installation
 ------------
@@ -20,13 +22,23 @@ Or install it yourself as:
 
     $ gem install safe_yaml
 
-Purpose
--------
+Configuration
+-------------
+
+Configuring SafeYAML should be quick. In most cases, you will probably only have to think about two things:
+
+1. What do you want the `YAML` module's *default* behavior to be? Set the `SafeYAML::OPTIONS[:default_mode]` option to either `:safe` or `:unsafe` to control this. If you do neither, SafeYAML will default to `:safe` mode but will issue a warning the first time you call `YAML.load`.
+2. Do you want to allow symbols by default? Set the `SafeYAML::OPTIONS[:deserialize_symbols]` option to `true` or `false` to control this. The default is `false`, which means that SafeYAML will deserialize symbols in YAML documents as strings.
 
-Suppose your application were to contain some code like this:
+For more information on these and other options, see the "Usage" section down below.
+
+Explanation
+-----------
+
+Suppose your application were to use a popular open source library which contained code like this:
 
 ```ruby
-class ExploitableClassBuilder
+class ClassBuilder
   def []=(key, value)
     @class ||= Class.new
 
@@ -43,50 +55,47 @@ class ExploitableClassBuilder
 end
 ```
 
-Now, if you were to use `YAML.load` on user input anywhere in your application without the SafeYAML gem installed, an attacker could make a request with a carefully-crafted YAML string to execute arbitrary code (yes, including `system("unix command")`) on your servers.
+Now, if you were to use `YAML.load` on user input anywhere in your application without the SafeYAML gem installed, an attacker who suspected you were using this library could send a request with a carefully-crafted YAML string to execute arbitrary code (yes, including `system("unix command")`) on your servers.
 
-Observe:
+This simple example demonstrates the vulnerability:
 
 ```ruby
 yaml = <<-EOYAML
---- !ruby/hash:ExploitableClassBuilder
+--- !ruby/hash:ClassBuilder
 "foo; end; puts %(I'm in yr system!); def bar": "baz"
 EOYAML
 ```
 
     > YAML.load(yaml)
     I'm in yr system!
-    => #<ExploitableClassBuilder:0x007fdbbe2e25d8 @class=#<Class:0x007fdbbe2e2510>>
+    => #<ClassBuilder:0x007fdbbe2e25d8 @class=#<Class:0x007fdbbe2e2510>>
 
-With SafeYAML, that attacker would be thwarted:
+With SafeYAML, the same attacker would be thwarted:
 
     > require "safe_yaml"
     => true
-    > YAML.safe_load(yaml)
+    > YAML.load(yaml, :safe => true)
     => {"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}
 
 Usage
 -----
 
-`YAML.safe_load` will load YAML without allowing arbitrary object deserialization.
+When you require the safe_yaml gem in your project, `YAML.load` is patched to accept one additional (optional) `options` parameter. This changes the method signature as follows:
 
-`YAML.unsafe_load` will exhibit Ruby's built-in behavior: to allow the deserialization of arbitrary objects.
+- for Syck and Psych prior to Ruby 1.9.3: `YAML.load(yaml, options={})`
+- for Psych in 1.9.3 and later: `YAML.load(yaml, filename=nil, options={})`
 
-By default, when you require the safe_yaml gem in your project, `YAML.load` is patched to internally call `safe_load`. The patched method also accepts a `:safe` flag to specify which version to use:
+The most important option is the `:safe` option (default: `true`), which controls whether or not to deserialize arbitrary objects when parsing a YAML document. The other options, along with explanations, are as follows.
 
-```ruby
-# Ruby >= 1.9.3
-YAML.load(yaml, filename, :safe => true) # calls safe_load
-YAML.load(yaml, filename, :safe => false) # calls unsafe_load
+- `:deserialize_symbols` (default: `false`): Controls whether or not YAML will deserialize symbols. It is probably best to only enable this option where necessary, e.g. to make trusted libraries work. Symbols receive special treatment in Ruby and are not garbage collected, which means deserializing them indiscriminately may render your site vulnerable to a DOS attack (hence `false` as a default value).
 
-# Ruby < 1.9.3
-YAML.load(yaml, :safe => true) # calls safe_load
-YAML.load(yaml, :safe => false) # calls unsafe_load
-```
+- `:whitelisted_tags`: Accepts an array of YAML tags that designate trusted types, e.g., ones that can be deserialized without worrying about any resulting security vulnerabilities. When any of the given tags are encountered in a YAML document, the associated data will be parsed by the underlying YAML engine (Syck or Psych) for the version of Ruby you are using. See the "Whitelisting Trusted Types" section below for more information.
+
+- `:custom_initializers`: Similar to the `:whitelisted_tags` option, but allows you to provide your own initializers for specified tags rather than using Syck or Psyck. Accepts a hash with string tags for keys and lambdas for values.
 
-The default behavior can be switched to unsafe loading by calling `SafeYAML::OPTIONS[:default_mode] = :unsafe`. In this case, the `:safe` flag still has the same effect, but the defaults are reversed (so calling `YAML.load` will have the same behavior as if the safe_yaml gem weren't required).
+- `:raise_on_unknown_tag` (default: `false`): Represents the highest possible level of paranoia (not necessarily a bad thing); if the YAML engine encounters any tag other than ones that are automatically trusted by SafeYAML or that you've explicitly whitelisted, it will raise an exception. This may be a good choice if you expect to always be dealing with perfectly safe YAML and want your application to fail loudly upon encountering questionable data.
 
-This gem will also warn you whenever you use `YAML.load` without specifying the `:safe` option, or if you have not explicitly specified a default mode using the `:default_mode` option.
+All of the above options can be set at the global level via `SafeYAML::OPTIONS`. You can also set each one individually per call to `YAML.load`; an option explicitly passed to `load` will take precedence over an option specified globally.
 
 Supported Types
 ---------------
@@ -102,30 +111,36 @@ The way that SafeYAML works is by restricting the kinds of objects that can be d
 - Booleans
 - Nils
 
-Deserialization of symbols can also be enabled by setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` (for example, in an initializer). Be aware, however, that symbols in Ruby are not garbage-collected; therefore enabling symbol deserialization in your application may leave you vulnerable to [DOS attacks](http://en.wikipedia.org/wiki/Denial-of-service_attack).
+Again, deserialization of symbols can be enabled globally by setting `SafeYAML::OPTIONS[:deserialize_symbols] = true`, or in a specific call to `YAML.load([some yaml], :deserialize_symbols => true)`.
 
 Whitelisting Trusted Types
 --------------------------
 
-SafeYAML now also supports **whitelisting** certain YAML tags for trusted types. This is handy when your application may use YAML to serialize and deserialize certain types not listed above, which you know to be free of any deserialization-related vulnerabilities. You can whitelist tags via the `:whitelisted_tags` option:
+SafeYAML supports whitelisting certain YAML tags for trusted types. This is handy when your application uses YAML to serialize and deserialize certain types not listed above, which you know to be free of any deserialization-related vulnerabilities.
+
+The easiest way to whitelist types is by calling `SafeYAML.whitelist!`, which can accept a variable number of safe types, e.g.:
+
+```ruby
+SafeYAML.whitelist!(FrobDispenser, GobbleFactory)
+```
+
+You can also whitelist YAML *tags* via the `:whitelisted_tags` option:
 
 ```ruby
-# Using Syck (unfortunately, Syck and Psych use different tagging schemes)
+# Using Syck
 SafeYAML::OPTIONS[:whitelisted_tags] = ["tag:ruby.yaml.org,2002:object:OpenStruct"]
 
 # Using Psych
 SafeYAML::OPTIONS[:whitelisted_tags] = ["!ruby/object:OpenStruct"]
 ```
 
-When SafeYAML encounters whitelisted tags in a YAML document, it will default to the deserialization capabilities of the underlying YAML engine (i.e., either Syck or Psych).
-
-**However**, this feature will *not* allow would-be attackers to embed untrusted types within trusted types:
+And in case you were wondering: no, this feature will *not* allow would-be attackers to embed untrusted types within trusted types:
 
 ```ruby
 yaml = <<-EOYAML
 --- !ruby/object:OpenStruct 
 table: 
-  :backdoor: !ruby/hash:ExploitableClassBuilder 
+  :backdoor: !ruby/hash:ClassBuilder 
     "foo; end; puts %(I'm in yr system!); def bar": "baz"
 EOYAML
 ```
@@ -133,22 +148,17 @@ EOYAML
     > YAML.safe_load(yaml)
     => #<OpenStruct :backdoor={"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}>
 
-You may prefer, rather than quietly sanitizing and accepting YAML documents with unknown tags, to fail loudly when questionable data is encountered. In this case, you can also set the `:raise_on_unknown_tag` option to `true`:
-
-```ruby
-SafeYAML::OPTIONS[:raise_on_unknown_tag] = true
-```
-
-    > YAML.safe_load(yaml)
-    => RuntimeError: Unknown YAML tag '!ruby/hash:ExploitableClassBuilder'
-
-Pretty sweet, right?
-
 Known Issues
 ------------
 
-Be aware that some Ruby libraries, particularly those requiring inter-process communication, leverage YAML's object deserialization functionality and therefore may break or otherwise be impacted by SafeYAML. The following list includes known instances of SafeYAML's interaction with other Ruby gems:
+If you add SafeYAML to your project and start seeing any errors about missing keys, or you notice mysterious strings that look like `":foo"` (i.e., start with a colon), it's likely you're seeing errors from symbols being saved in YAML format. If you are able to modify the offending code, you might want to consider changing your YAML content to use plain vanilla strings instead of symbols. If not, you may need to set the `:deserialize_symbols` option to `true`, either in calls to `YAML.load` or--as a last resort--globally, with `SafeYAML::OPTIONS[:deserialize_symbols]`.
+
+Also be aware that some Ruby libraries, particularly those requiring inter-process communication, leverage YAML's object deserialization functionality and therefore may break or otherwise be impacted by SafeYAML. The following list includes known instances of SafeYAML's interaction with other Ruby gems:
 
+- [**ActiveRecord**](https://github.com/rails/rails/tree/master/activerecord): uses YAML to control serialization of model objects using the `serialize` class method. If you find that accessing serialized properties on your ActiveRecord models is causing errors, chances are you may need to:
+  1. set the `:deserialize_symbols` option to `true`,
+  2. whitelist some of the types in your serialized data via `SafeYAML.whitelist!` or the `:whitelisted_tags` option, or
+  3. both
 - [**Guard**](https://github.com/guard/guard): Uses YAML as a serialization format for notifications. The data serialized uses symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` is necessary to allow Guard to work.
 - [**sidekiq**](https://github.com/mperham/sidekiq): Uses a YAML configiuration file with symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` should allow it to work.
 
@@ -157,7 +167,9 @@ The above list will grow over time, as more issues are discovered.
 Caveat
 ------
 
-This gem is quite young, and so the API may (read: *will*) change in future versions. The goal of the gem is to make it as easy as possible to protect existing applications from object deserialization exploits. Any and all feedback is more than welcome.
+My intention is to eventually adopt [semantic versioning](http://semver.org/) with this gem, if it ever gets to version 1.0 (i.e., doesn't become obsolete by then). Since it isn't there yet, that means that API may well change from one version to the next. Please keep that in mind if you are using it in your application.
+
+To be clear: my *goal* is for SafeYAML to make it as easy as possible to protect existing applications from object deserialization exploits. Any and all feedback is more than welcome!
 
 Requirements
 ------------

data/lib/safe_yaml.rb

@@ -10,46 +10,109 @@ require "safe_yaml/transform/to_nil"
 require "safe_yaml/transform/to_symbol"
 require "safe_yaml/transform"
 require "safe_yaml/resolver"
+require "safe_yaml/deep"
 
 module SafeYAML
   MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
   YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
 
-  DEFAULT_OPTIONS = {
+  DEFAULT_OPTIONS = Deep.freeze({
     :default_mode         => nil,
     :suppress_warnings    => false,
     :deserialize_symbols  => false,
     :whitelisted_tags     => [],
     :custom_initializers  => {},
     :raise_on_unknown_tag => false
-  }.freeze
+  })
 
-  OPTIONS = DEFAULT_OPTIONS.dup
+  OPTIONS = Deep.copy(DEFAULT_OPTIONS)
 
   module_function
   def restore_defaults!
-    OPTIONS.clear.merge!(DEFAULT_OPTIONS)
+    OPTIONS.clear.merge!(Deep.copy(DEFAULT_OPTIONS))
   end
 
-  def tag_safety_check!(tag)
+  def tag_safety_check!(tag, options)
     return if tag.nil?
-    if OPTIONS[:raise_on_unknown_tag] && !OPTIONS[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
+    if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
       raise "Unknown YAML tag '#{tag}'"
     end
   end
 
+  def whitelist!(*classes)
+    classes.each do |klass|
+      whitelist_class!(klass)
+    end
+  end
+
+  def whitelist_class!(klass)
+    raise "#{klass} not a Class" unless klass.is_a?(::Class)
+
+    klass_name = klass.name
+    raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
+
+    # Whitelist any built-in YAML tags supplied by Syck or Psych.
+    predefined_tag = predefined_tags[klass]
+    if predefined_tag
+      OPTIONS[:whitelisted_tags] << predefined_tag
+      return
+    end
+
+    # Exception is exceptional (har har).
+    tag_class  = klass < Exception ? "exception" : "object"
+
+    tag_prefix = case YAML_ENGINE
+                 when "psych" then "!ruby/#{tag_class}"
+                 when "syck"  then "tag:ruby.yaml.org,2002:#{tag_class}"
+                 else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
+                 end
+    OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
+  end
+
+  def predefined_tags
+    if @predefined_tags.nil?
+      @predefined_tags = {}
+
+      if YAML_ENGINE == "syck"
+        YAML.tagged_classes.each do |tag, klass|
+          @predefined_tags[klass] = tag
+        end
+
+      else
+        # Special tags appear to be hard-coded in Psych:
+        # https://github.com/tenderlove/psych/blob/v1.3.4/lib/psych/visitors/to_ruby.rb
+        # Fortunately, there aren't many that SafeYAML doesn't already support.
+        @predefined_tags.merge!({
+          Exception => "!ruby/exception",
+          Range     => "!ruby/range",
+          Regexp    => "!ruby/regexp",
+        })
+      end
+    end
+
+    @predefined_tags
+  end
+
   if YAML_ENGINE == "psych"
     def tag_is_explicitly_trusted?(tag)
       false
     end
 
   else
-    TRUSTED_TAGS = [
-      "tag:yaml.org,2002:str",
-      "tag:yaml.org,2002:int",
+    TRUSTED_TAGS = Set.new([
+      "tag:yaml.org,2002:binary",
+      "tag:yaml.org,2002:bool#no",
+      "tag:yaml.org,2002:bool#yes",
+      "tag:yaml.org,2002:float",
       "tag:yaml.org,2002:float#fix",
+      "tag:yaml.org,2002:int",
+      "tag:yaml.org,2002:map",
+      "tag:yaml.org,2002:null",
+      "tag:yaml.org,2002:seq",
+      "tag:yaml.org,2002:str",
+      "tag:yaml.org,2002:timestamp",
       "tag:yaml.org,2002:timestamp#ymd"
-    ].freeze
+    ]).freeze
 
     def tag_is_explicitly_trusted?(tag)
       TRUSTED_TAGS.include?(tag)
@@ -58,40 +121,62 @@ module SafeYAML
 end
 
 module YAML
-  def self.load_with_options(yaml, *filename_and_options)
-    options   = filename_and_options.last || {}
+  def self.load_with_options(yaml, *original_arguments)
+    filename, options = filename_and_options_from_arguments(original_arguments)
     safe_mode = safe_mode_from_options("load", options)
     arguments = [yaml]
-    arguments << filename_and_options.first if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-    safe_mode == :safe ? safe_load(*arguments) : unsafe_load(*arguments)
+
+    if safe_mode == :safe
+      arguments << filename if SafeYAML::YAML_ENGINE == "psych"
+      arguments << options_for_safe_load(options)
+      safe_load(*arguments)
+    else
+      arguments << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+      unsafe_load(*arguments)
+    end
   end
 
   def self.load_file_with_options(file, options={})
     safe_mode = safe_mode_from_options("load_file", options)
-    safe_mode == :safe ? safe_load_file(file) : unsafe_load_file(file)
+    if safe_mode == :safe
+      safe_load_file(file, options_for_safe_load(options))
+    else
+      unsafe_load_file(file)
+    end
   end
 
   if SafeYAML::YAML_ENGINE == "psych"
-    require "safe_yaml/safe_to_ruby_visitor"
+    require "safe_yaml/psych_handler"
     require "safe_yaml/psych_resolver"
-    def self.safe_load(yaml, filename=nil)
-      safe_resolver = SafeYAML::PsychResolver.new
-      tree = if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-        Psych.parse(yaml, filename)
+    require "safe_yaml/safe_to_ruby_visitor"
+
+    def self.safe_load(yaml, filename=nil, options={})
+      # If the user hasn't whitelisted any tags, we can go with this implementation which is
+      # significantly faster.
+      if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
+        safe_handler = SafeYAML::PsychHandler.new(options)
+        arguments_for_parse = [yaml]
+        arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
+        return safe_handler.result || false
+
       else
-        Psych.parse(yaml)
+        safe_resolver = SafeYAML::PsychResolver.new(options)
+        tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
+          Psych.parse(yaml, filename) :
+          Psych.parse(yaml)
+        return safe_resolver.resolve_node(tree)
       end
-      return safe_resolver.resolve_node(tree)
     end
 
-    def self.safe_load_file(filename)
-      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f, filename }
+    def self.safe_load_file(filename, options={})
+      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load(f, filename, options) }
     end
 
     def self.unsafe_load_file(filename)
       if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
         # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
-        File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f, filename }
+        File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load(f, filename) }
       else
         # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
         self.unsafe_load File.open(filename)
@@ -102,19 +187,19 @@ module YAML
     require "safe_yaml/syck_resolver"
     require "safe_yaml/syck_node_monkeypatch"
 
-    def self.safe_load(yaml)
-      resolver = SafeYAML::SyckResolver.new
+    def self.safe_load(yaml, options={})
+      resolver = SafeYAML::SyckResolver.new(SafeYAML::OPTIONS.merge(options || {}))
       tree = YAML.parse(yaml)
       return resolver.resolve_node(tree)
     end
 
-    def self.safe_load_file(filename)
-      File.open(filename) { |f| self.safe_load f }
+    def self.safe_load_file(filename, options={})
+      File.open(filename) { |f| self.safe_load(f, options) }
     end
 
     def self.unsafe_load_file(filename)
       # https://github.com/indeyets/syck/blob/master/ext/ruby/lib/yaml.rb#L133-135
-      File.open(filename) { |f| self.unsafe_load f }
+      File.open(filename) { |f| self.unsafe_load(f) }
     end
   end
 
@@ -123,37 +208,20 @@ module YAML
     alias_method :load, :load_with_options
     alias_method :load_file, :load_file_with_options
 
-    def enable_symbol_parsing?
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:deserialize_symbols] option instead")
-      SafeYAML::OPTIONS[:deserialize_symbols]
-    end
-
-    def enable_symbol_parsing!
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:deserialize_symbols] option instead")
-      SafeYAML::OPTIONS[:deserialize_symbols] = true
-    end
-
-    def disable_symbol_parsing!
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:deserialize_symbols] option instead")
-      SafeYAML::OPTIONS[:deserialize_symbols] = false
-    end
-
-    def enable_arbitrary_object_deserialization?
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:default_mode] to either :safe or :unsafe")
-      SafeYAML::OPTIONS[:default_mode] == :unsafe
-    end
-
-    def enable_arbitrary_object_deserialization!
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:default_mode] to either :safe or :unsafe")
-      SafeYAML::OPTIONS[:default_mode] = :unsafe
-    end
+    private
+    def filename_and_options_from_arguments(arguments)
+      if arguments.count == 1
+        if arguments.first.is_a?(String)
+          return arguments.first, {}
+        else
+          return nil, arguments.first || {}
+        end
 
-    def disable_arbitrary_object_deserialization!
-      warn_of_deprecated_method("set the SafeYAML::OPTIONS[:default_mode] to either :safe or :unsafe")
-      SafeYAML::OPTIONS[:default_mode] = :safe
+      else
+        return arguments.first, arguments.last || {}
+      end
     end
 
-    private
     def safe_mode_from_options(method, options={})
       if options[:safe].nil?
         safe_mode = SafeYAML::OPTIONS[:default_mode] || :safe
@@ -167,9 +235,10 @@ module YAML
       options[:safe] ? :safe : :unsafe
     end
 
-    def warn_of_deprecated_method(message)
-      method = caller.first[/`([^']*)'$/, 1]
-      Kernel.warn("The method 'YAML.#{method}' is deprecated and will be removed in the next release of SafeYAML -- #{message}.")
+    def options_for_safe_load(base_options)
+      options = base_options.dup
+      options.delete(:safe)
+      options
     end
   end
 end

data/lib/safe_yaml/deep.rb

@@ -0,0 +1,34 @@
+module SafeYAML
+  class Deep
+    def self.freeze(object)
+      object.each do |*entry|
+        value = entry.last
+        case value
+        when String, Regexp
+          value.freeze
+        when Enumerable
+          Deep.freeze(value)
+        end
+      end
+
+      return object.freeze
+    end
+
+    def self.copy(object)
+      duplicate = object.dup rescue object
+
+      case object
+      when Array
+        (0...duplicate.count).each do |i|
+          duplicate[i] = Deep.copy(duplicate[i])
+        end
+      when Hash
+        duplicate.keys.each do |key|
+          duplicate[key] = Deep.copy(duplicate[key])
+        end
+      end
+
+      duplicate
+    end
+  end
+end

data/lib/safe_yaml/psych_handler.rb

@@ -0,0 +1,92 @@
+require "psych"
+require "base64"
+
+module SafeYAML
+  class PsychHandler < Psych::Handler
+    def initialize(options)
+      @options      = SafeYAML::OPTIONS.merge(options || {})
+      @initializers = @options[:custom_initializers] || {}
+      @anchors      = {}
+      @stack        = []
+      @current_key  = nil
+      @result       = nil
+    end
+
+    def result
+      @result
+    end
+
+    def add_to_current_structure(value, anchor=nil, quoted=nil, tag=nil)
+      value = Transform.to_proper_type(value, quoted, tag, @options)
+
+      @anchors[anchor] = value if anchor
+
+      if @result.nil?
+        @result = value
+        @current_structure = @result
+        return
+      end
+
+      if @current_structure.respond_to?(:<<)
+        @current_structure << value
+
+      elsif @current_structure.respond_to?(:[]=)
+        if @current_key.nil?
+          @current_key = value
+
+        else
+          if @current_key == "<<"
+            @current_structure.merge!(value)
+          else
+            @current_structure[@current_key] = value
+          end
+
+          @current_key = nil
+        end
+
+      else
+        raise "Don't know how to add to a #{@current_structure.class}!"
+      end
+    end
+
+    def end_current_structure
+      @stack.pop
+      @current_structure = @stack.last
+    end
+
+    def streaming?
+      false
+    end
+
+    # event handlers
+    def alias(anchor)
+      add_to_current_structure(@anchors[anchor])
+    end
+
+    def scalar(value, anchor, tag, plain, quoted, style)
+      add_to_current_structure(value, anchor, quoted, tag)
+    end
+
+    def start_mapping(anchor, tag, implicit, style)
+      map = @initializers.include?(tag) ? @initializers[tag].call : {}
+      self.add_to_current_structure(map, anchor)
+      @current_structure = map
+      @stack.push(map)
+    end
+
+    def end_mapping
+      self.end_current_structure()
+    end
+
+    def start_sequence(anchor, tag, implicit, style)
+      seq = @initializers.include?(tag) ? @initializers[tag].call : []
+      self.add_to_current_structure(seq, anchor)
+      @current_structure = seq
+      @stack.push(seq)
+    end
+
+    def end_sequence
+      self.end_current_structure()
+    end
+  end
+end

data/lib/safe_yaml/psych_resolver.rb

@@ -8,8 +8,8 @@ module SafeYAML
       Psych::Nodes::Alias    => :alias
     }.freeze
 
-    def initialize
-      super()
+    def initialize(options={})
+      super
       @aliased_nodes = {}
     end
 

data/lib/safe_yaml/resolver.rb

@@ -1,16 +1,16 @@
 module SafeYAML
   class Resolver
-    def initialize
-      @whitelist            = SafeYAML::OPTIONS[:whitelisted_tags] || []
-      @initializers         = SafeYAML::OPTIONS[:custom_initializers] || {}
-      @raise_on_unknown_tag = SafeYAML::OPTIONS[:raise_on_unknown_tag]
+    def initialize(options)
+      @options              = SafeYAML::OPTIONS.merge(options || {})
+      @whitelist            = @options[:whitelisted_tags] || []
+      @initializers         = @options[:custom_initializers] || {}
+      @raise_on_unknown_tag = @options[:raise_on_unknown_tag]
     end
 
     def resolve_node(node)
-      if not node
-        return node
-      end
-      
+      return node if !node
+      return self.native_resolve(node) if tag_is_whitelisted?(self.get_node_tag(node))
+
       case self.get_node_type(node)
       when :root
         resolve_root(node)
@@ -28,12 +28,9 @@ module SafeYAML
     end
 
     def resolve_map(node)
-      tag = get_and_check_node_tag(node)
-      return self.native_resolve(node) if tag_is_whitelisted?(tag)
-
+      tag  = get_and_check_node_tag(node)
       hash = @initializers.include?(tag) ? @initializers[tag].call : {}
-
-      map = normalize_map(self.get_node_value(node))
+      map  = normalize_map(self.get_node_value(node))
 
       # Take the "<<" key nodes first, as these are meant to approximate a form of inheritance.
       inheritors = map.select { |key_node, value_node| resolve_node(key_node) == "<<" }
@@ -59,12 +56,12 @@ module SafeYAML
     end
 
     def resolve_scalar(node)
-      Transform.to_proper_type(self.get_node_value(node), self.value_is_quoted?(node), get_and_check_node_tag(node))
+      Transform.to_proper_type(self.get_node_value(node), self.value_is_quoted?(node), get_and_check_node_tag(node), @options)
     end
 
     def get_and_check_node_tag(node)
       tag = self.get_node_tag(node)
-      SafeYAML.tag_safety_check!(tag)
+      SafeYAML.tag_safety_check!(tag, @options)
       tag
     end
 
@@ -72,6 +69,10 @@ module SafeYAML
       @whitelist.include?(tag)
     end
 
+    def options
+      @options
+    end
+
     private
     def normalize_map(map)
       # Syck creates Hashes from maps.

data/lib/safe_yaml/safe_to_ruby_visitor.rb

@@ -8,7 +8,7 @@ module SafeYAML
     def accept(node)
       if node.tag
         return super if @resolver.tag_is_whitelisted?(node.tag)
-        raise "Unknown YAML tag '#{node.tag}'" if SafeYAML::OPTIONS[:raise_on_unknown_tag]
+        raise "Unknown YAML tag '#{node.tag}'" if @resolver.options[:raise_on_unknown_tag]
       end
 
       @resolver.resolve_node(node)

data/lib/safe_yaml/syck_node_monkeypatch.rb

@@ -1,12 +1,34 @@
+# This is, admittedly, pretty insane. Fundamentally the challenge here is this: if we want to allow
+# whitelisting of tags (while still leveraging Syck's internal functionality), then we have to
+# change how Syck::Node#transform works. But since we (SafeYAML) do not control instantiation of
+# Syck::Node objects, we cannot, for example, subclass Syck::Node and override #tranform the "easy"
+# way. So the only choice is to monkeypatch, like this. And the only way to make this work
+# recursively with potentially call-specific options (that my feeble brain can think of) is to set
+# pseudo-global options on the first call and unset them once the recursive stack has fully unwound.
+
 monkeypatch = <<-EORUBY
   class Node
-    def safe_transform
-      if self.type_id
-        return unsafe_transform if SafeYAML::OPTIONS[:whitelisted_tags].include?(self.type_id)
-        SafeYAML.tag_safety_check!(self.type_id)
-      end
+    @@safe_transform_depth     = 0
+    @@safe_transform_whitelist = nil
+
+    def safe_transform(options={})
+      begin
+        @@safe_transform_depth += 1
+        @@safe_transform_whitelist ||= options[:whitelisted_tags]
 
-      SafeYAML::SyckResolver.new.resolve_node(self)
+        if self.type_id
+          SafeYAML.tag_safety_check!(self.type_id, options)
+          return unsafe_transform if @@safe_transform_whitelist.include?(self.type_id)
+        end
+
+        SafeYAML::SyckResolver.new.resolve_node(self)
+
+      ensure
+        @@safe_transform_depth -= 1
+        if @@safe_transform_depth == 0
+          @@safe_transform_whitelist = nil
+        end
+      end
     end
 
     alias_method :unsafe_transform, :transform

data/lib/safe_yaml/syck_resolver.rb

@@ -1,6 +1,9 @@
 module SafeYAML
   class SyckResolver < Resolver
-    QUOTE_STYLES = [:quote1, :quote2].freeze
+    QUOTE_STYLES = [
+      :quote1,
+      :quote2
+    ].freeze
 
     NODE_TYPES = {
       Hash   => :map,
@@ -8,12 +11,12 @@ module SafeYAML
       String => :scalar
     }.freeze
 
-    def initialize
-      super()
+    def initialize(options={})
+      super
     end
 
     def native_resolve(node)
-      node.transform
+      node.transform(self.options)
     end
 
     def get_node_type(node)

data/lib/safe_yaml/transform.rb

@@ -11,12 +11,15 @@ module SafeYAML
       Transform::ToDate.new
     ]
 
-    def self.to_guessed_type(value, quoted=false)
+    def self.to_guessed_type(value, quoted=false, options=nil)
       return value if quoted
 
       if value.is_a?(String)
         TRANSFORMERS.each do |transformer|
-          success, transformed_value = transformer.transform?(value)
+          success, transformed_value = transformer.method(:transform?).arity == 1 ?
+            transformer.transform?(value) :
+            transformer.transform?(value, options)
+
           return transformed_value if success
         end
       end
@@ -24,14 +27,14 @@ module SafeYAML
       value
     end
 
-    def self.to_proper_type(value, quoted=false, tag=nil)
+    def self.to_proper_type(value, quoted=false, tag=nil, options=nil)
       case tag
       when "tag:yaml.org,2002:binary", "x-private:binary", "!binary"
         decoded = Base64.decode64(value)
         decoded = decoded.force_encoding(value.encoding) if decoded.respond_to?(:force_encoding)
         decoded
       else
-        self.to_guessed_type(value, quoted)
+        self.to_guessed_type(value, quoted, options)
       end
     end
   end

data/lib/safe_yaml/transform/to_symbol.rb

@@ -3,8 +3,9 @@ module SafeYAML
     class ToSymbol
       MATCHER = /\A:"?(\w+)"?\Z/.freeze
 
-      def transform?(value)
-        return false unless SafeYAML::OPTIONS[:deserialize_symbols] && MATCHER.match(value)
+      def transform?(value, options=nil)
+        options ||= SafeYAML::OPTIONS
+        return false unless options[:deserialize_symbols] && MATCHER.match(value)
         return true, $1.to_sym
       end
     end

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.8.6"
+  VERSION = "0.9.0"
 end

data/spec/resolver_specs.rb

@@ -169,26 +169,20 @@ module ResolverSpecs
         end
       end
 
-      # This does in fact appear to be a Ruby version thing as opposed to a YAML engine thing.
       context "for Ruby version #{RUBY_VERSION}" do
-        if RUBY_VERSION >= "1.8.7"
-          it "translates valid time values" do
-            parse "time: 2013-01-29 05:58:00 -0800"
-            result.should == { "time" => Time.utc(2013, 1, 29, 13, 58, 0) }
-          end
-
-          it "applies the same transformation to elements in sequences" do
-            parse "- 2013-01-29 05:58:00 -0800"
-            result.should == [Time.utc(2013, 1, 29, 13, 58, 0)]
-          end
-
-          # On Ruby 2.0.0-rc1, even YAML.load overflows the stack on this input.
-          if RUBY_VERSION != "2.0.0"
-            it "applies the same transformation to keys" do
-              parse "2013-01-29 05:58:00 -0800: time"
-              result.should == { Time.utc(2013, 1, 29, 13, 58, 0) => "time" }
-            end
-          end
+        it "translates valid time values" do
+          parse "time: 2013-01-29 05:58:00 -0800"
+          result.should == { "time" => Time.utc(2013, 1, 29, 13, 58, 0) }
+        end
+
+        it "applies the same transformation to elements in sequences" do
+          parse "- 2013-01-29 05:58:00 -0800"
+          result.should == [Time.utc(2013, 1, 29, 13, 58, 0)]
+        end
+
+        it "applies the same transformation to keys" do
+          parse "2013-01-29 05:58:00 -0800: time"
+          result.should == { Time.utc(2013, 1, 29, 13, 58, 0) => "time" }
         end
       end
 

data/spec/safe_yaml_spec.rb

@@ -11,10 +11,23 @@ describe YAML do
     $VERBOSE = true
   end
 
+  def safe_load_round_trip(object, options={})
+    yaml = object.to_yaml
+    if SafeYAML::YAML_ENGINE == "psych"
+      YAML.safe_load(yaml, nil, options)
+    else
+      YAML.safe_load(yaml, options)
+    end
+  end
+
   before :each do
     SafeYAML.restore_defaults!
   end
 
+  after :each do
+    SafeYAML.restore_defaults!
+  end
+
   describe "unsafe_load" do
     if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.3"
       it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
@@ -35,11 +48,7 @@ describe YAML do
 
     context "with special whitelisted tags defined" do
       before :each do
-        if SafeYAML::YAML_ENGINE == "psych"
-          SafeYAML::OPTIONS[:whitelisted_tags] = ["!ruby/object:OpenStruct"]
-        else
-          SafeYAML::OPTIONS[:whitelisted_tags] = ["tag:ruby.yaml.org,2002:object:OpenStruct"]
-        end
+        SafeYAML::whitelist!(OpenStruct)
       end
 
       it "effectively ignores the whitelist (since everything is whitelisted)" do
@@ -69,18 +78,27 @@ describe YAML do
 
     context "for YAML engine #{SafeYAML::YAML_ENGINE}" do
       if SafeYAML::YAML_ENGINE == "psych"
-        let(:arguments) {
-          if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-            ["foo: bar", nil]
-          else
-            ["foo: bar"]
+        let(:options) { nil }
+        let(:arguments) { ["foo: bar", nil, options] }
+
+        context "when no tags are whitelisted" do
+          it "constructs a SafeYAML::PsychHandler to resolve nodes as they're parsed, for optimal performance" do
+            Psych::Parser.should_receive(:new).with an_instance_of(SafeYAML::PsychHandler)
+            # This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
+            YAML.safe_load(*arguments) rescue nil
           end
-        }
+        end
+
+        context "when whitelisted tags are specified" do
+          let(:options) {
+            { :whitelisted_tags => ["foo"] }
+          }
 
-        it "uses Psych internally to parse YAML" do
-          Psych.should_receive(:parse).with(*arguments)
-          # This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
-          YAML.safe_load(*arguments) rescue nil
+          it "instead uses Psych to construct a full tree before examining the nodes" do
+            Psych.should_receive(:parse)
+            # This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
+            YAML.safe_load(*arguments) rescue nil
+          end
         end
       end
 
@@ -281,11 +299,7 @@ describe YAML do
 
     context "with special whitelisted tags defined" do
       before :each do
-        if SafeYAML::YAML_ENGINE == "psych"
-          SafeYAML::OPTIONS[:whitelisted_tags] = ["!ruby/object:OpenStruct"]
-        else
-          SafeYAML::OPTIONS[:whitelisted_tags] = ["tag:ruby.yaml.org,2002:object:OpenStruct"]
-        end
+        SafeYAML::whitelist!(OpenStruct)
 
         # Necessary for deserializing OpenStructs properly.
         SafeYAML::OPTIONS[:deserialize_symbols] = true
@@ -372,6 +386,56 @@ describe YAML do
         end
       end
     end
+
+    context "when options are passed direclty to #load which differ from the defaults" do
+      let(:default_options) { {} }
+
+      before :each do
+        SafeYAML::OPTIONS.merge!(default_options)
+      end
+
+      context "(for example, when symbol deserialization is enabled by default)" do
+        let(:default_options) { { :deserialize_symbols => true } }
+
+        it "goes with the default option when it is not overridden" do
+          silence_warnings do
+            YAML.load(":foo: bar").should == { :foo => "bar" }
+          end
+        end
+
+        it "allows the default option to be overridden on a per-call basis" do
+          silence_warnings do
+            YAML.load(":foo: bar", :deserialize_symbols => false).should == { ":foo" => "bar" }
+            YAML.load(":foo: bar", :deserialize_symbols => true).should == { :foo => "bar" }
+          end
+        end
+      end
+
+      context "(or, for example, when certain tags are whitelisted)" do
+        let(:default_options) {
+          {
+            :deserialize_symbols => true,
+            :whitelisted_tags => SafeYAML::YAML_ENGINE == "psych" ?
+              ["!ruby/object:OpenStruct"] :
+              ["tag:ruby.yaml.org,2002:object:OpenStruct"]
+          }
+        }
+
+        it "goes with the default option when it is not overridden" do
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
+          result.should be_a(OpenStruct)
+          result.foo.should == "bar"
+        end
+
+        it "allows the default option to be overridden on a per-call basis" do
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :whitelisted_tags => [])
+          result.should == { "table" => { :foo => "bar" } }
+
+          result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :deserialize_symbols => false, :whitelisted_tags => [])
+          result.should == { "table" => { ":foo" => "bar" } }
+        end
+      end
+    end
   end
 
   describe "unsafe_load_file" do
@@ -408,11 +472,13 @@ describe YAML do
   end
 
   describe "load" do
+    let(:options) { {} }
+
     let (:arguments) {
       if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-        ["foo: bar", nil]
+        ["foo: bar", nil, options]
       else
-        ["foo: bar"]
+        ["foo: bar", options]
       end
     }
 
@@ -430,7 +496,31 @@ describe YAML do
       end
     end
 
-    it "issues a warning if the :safe option is omitted" do
+    context "when the :safe options is specified" do
+      let(:safe_mode) { true }
+      let(:options) { { :safe => safe_mode } }
+
+      it "doesn't issue a warning" do
+        Kernel.should_not_receive(:warn)
+        YAML.load(*arguments)
+      end
+
+      it "calls #safe_load if the :safe option is set to true" do
+        YAML.should_receive(:safe_load)
+        YAML.load(*arguments)
+      end
+
+      context "when the :safe option is set to false" do
+        let(:safe_mode) { false }
+
+        it "calls #unsafe_load if the :safe option is set to false" do
+          YAML.should_receive(:unsafe_load)
+          YAML.load(*arguments)
+        end
+      end
+    end
+
+    it "issues a warning when the :safe option is omitted" do
       silence_warnings do
         Kernel.should_receive(:warn)
         YAML.load(*arguments)
@@ -444,43 +534,28 @@ describe YAML do
       end
     end
 
-    it "doesn't issue a warning as long as the :safe option is specified" do
-      Kernel.should_not_receive(:warn)
-      YAML.load(*(arguments + [{:safe => true}]))
-    end
-
     it "defaults to safe mode if the :safe option is omitted" do
       silence_warnings do
-        YAML.should_receive(:safe_load).with(*arguments)
+        YAML.should_receive(:safe_load)
         YAML.load(*arguments)
       end
     end
 
-    it "calls #safe_load if the :safe option is set to true" do
-      YAML.should_receive(:safe_load).with(*arguments)
-      YAML.load(*(arguments + [{:safe => true}]))
-    end
-
-    it "calls #unsafe_load if the :safe option is set to false" do
-      YAML.should_receive(:unsafe_load).with(*arguments)
-      YAML.load(*(arguments + [{:safe => false}]))
-    end
-
-    context "with arbitrary object deserialization enabled by default" do
+    context "with the default mode set to :unsafe" do
       before :each do
         SafeYAML::OPTIONS[:default_mode] = :unsafe
       end
 
       it "defaults to unsafe mode if the :safe option is omitted" do
         silence_warnings do
-          YAML.should_receive(:unsafe_load).with(*arguments)
+          YAML.should_receive(:unsafe_load)
           YAML.load(*arguments)
         end
       end
 
       it "calls #safe_load if the :safe option is set to true" do
-        YAML.should_receive(:safe_load).with(*arguments)
-        YAML.load(*(arguments + [{:safe => true}]))
+        YAML.should_receive(:safe_load)
+        YAML.load(*(arguments + [{ :safe => true }]))
       end
     end
   end
@@ -502,18 +577,18 @@ describe YAML do
 
     it "defaults to safe mode if the :safe option is omitted" do
       silence_warnings do
-        YAML.should_receive(:safe_load_file).with(filename)
+        YAML.should_receive(:safe_load_file)
         YAML.load_file(filename)
       end
     end
 
     it "calls #safe_load_file if the :safe option is set to true" do
-      YAML.should_receive(:safe_load_file).with(filename)
+      YAML.should_receive(:safe_load_file)
       YAML.load_file(filename, :safe => true)
     end
 
     it "calls #unsafe_load_file if the :safe option is set to false" do
-      YAML.should_receive(:unsafe_load_file).with(filename)
+      YAML.should_receive(:unsafe_load_file)
       YAML.load_file(filename, :safe => false)
     end
 
@@ -524,15 +599,80 @@ describe YAML do
 
       it "defaults to unsafe mode if the :safe option is omitted" do
         silence_warnings do
-          YAML.should_receive(:unsafe_load_file).with(filename)
+          YAML.should_receive(:unsafe_load_file)
           YAML.load_file(filename)
         end
       end
 
       it "calls #safe_load if the :safe option is set to true" do
-        YAML.should_receive(:safe_load_file).with(filename)
+        YAML.should_receive(:safe_load_file)
         YAML.load_file(filename, :safe => true)
       end
     end
   end
+
+  describe "whitelist!" do
+    context "not a class" do
+      it "should raise" do
+        expect { SafeYAML::whitelist! :foo }.to raise_error(/not a Class/)
+        SafeYAML::OPTIONS[:whitelisted_tags].should be_empty
+      end
+    end
+
+    context "anonymous class" do
+      it "should raise" do
+        expect { SafeYAML::whitelist! Class.new }.to raise_error(/cannot be anonymous/)
+        SafeYAML::OPTIONS[:whitelisted_tags].should be_empty
+      end
+    end
+
+    context "with a Class as its argument" do
+      it "should configure correctly" do
+        expect { SafeYAML::whitelist! OpenStruct }.to_not raise_error
+        SafeYAML::OPTIONS[:whitelisted_tags].grep(/OpenStruct\Z/).should_not be_empty
+      end
+
+      it "successfully deserializes the specified class" do
+        SafeYAML.whitelist!(OpenStruct)
+
+        # necessary for properly assigning OpenStruct attributes
+        SafeYAML::OPTIONS[:deserialize_symbols] = true
+
+        result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
+        result.should be_a(OpenStruct)
+        result.foo.should == "bar"
+      end
+
+      it "works for ranges" do
+        SafeYAML.whitelist!(Range)
+        safe_load_round_trip(1..10).should == (1..10)
+      end
+
+      it "works for regular expressions" do
+        SafeYAML.whitelist!(Regexp)
+        safe_load_round_trip(/foo/).should == /foo/
+      end
+
+      it "works for multiple classes" do
+        SafeYAML.whitelist!(Range, Regexp)
+        safe_load_round_trip([(1..10), /bar/]).should == [(1..10), /bar/]
+      end
+
+      it "works for arbitrary Exception subclasses" do
+        class CustomException < Exception
+          attr_reader :custom_message
+
+          def initialize(custom_message)
+            @custom_message = custom_message
+          end
+        end
+
+        SafeYAML.whitelist!(CustomException)
+
+        ex = safe_load_round_trip(CustomException.new("blah"))
+        ex.should be_a(CustomException)
+        ex.custom_message.should == "blah"
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.8.6
+  version: 0.9.0
+  prerelease: 
 platform: ruby
 authors:
 - Dan Tao
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-17 00:00:00.000000000 Z
+date: 2013-03-23 00:00:00.000000000 Z
 dependencies: []
 description: Parse YAML safely, without that pesky arbitrary object deserialization
   vulnerability
@@ -24,9 +25,11 @@ files:
 - README.md
 - Rakefile
 - lib/safe_yaml.rb
+- lib/safe_yaml/deep.rb
 - lib/safe_yaml/parse/date.rb
 - lib/safe_yaml/parse/hexadecimal.rb
 - lib/safe_yaml/parse/sexagesimal.rb
+- lib/safe_yaml/psych_handler.rb
 - lib/safe_yaml/psych_resolver.rb
 - lib/safe_yaml/resolver.rb
 - lib/safe_yaml/safe_to_ruby_visitor.rb
@@ -58,26 +61,27 @@ files:
 homepage: http://dtao.github.com/safe_yaml/
 licenses:
 - MIT
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.0
+rubygems_version: 1.8.25
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: SameYAML provides an alternative implementation of YAML.load suitable for
   accepting user input in Ruby applications.
 test_files:

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: cacc423c7a4bb7bafd942e34978dc51e317bb483
-  data.tar.gz: 540a9ddba02abd5993e1f0901907983b4aea7088
-SHA512:
-  metadata.gz: 348b33b5126f29f523580988749fa8c260a560868d07f2bb1dccd5ea723aaf761aa26a2c19be1a8c102092edf4402b780ffaa49090b6c28f721a7e6fc27e3ab4
-  data.tar.gz: a66a0b50feec1e5db74382340ce36ff1ef909fa27f74f44d702a9e2e131e8285a7700978bc4b8ed6b2e1ab63e960c93fcdce2385bf635c289a9bc14a243b430d