safe_yaml 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 330f4d149692c82b643b6c1715ee580b7613d569
4
+ data.tar.gz: 71a3662c45376b5d247ea41f55dd8e60ee763307
5
+ SHA512:
6
+ metadata.gz: d2827503520960753cf30adb7d7d10356a3cc35d1862304e1250a53471e33b7cbc4bb8aa483e39b612468a9c4aa2256b4b3d288bb7fdde0b2089732178ee2bcb
7
+ data.tar.gz: adfa5835e47678452d891289c74ef541845f3d5d77a68743ba7ab337fd4018cc052700ada3fedd3d4637241c7050198f60924df9b7a3ceb123f2896ff90b6660
@@ -29,9 +29,6 @@ matrix:
29
29
  - rvm: ruby-head
30
30
  - rvm: rbx-19mode
31
31
  - rvm: rbx-18mode
32
- - rvm: jruby-head
33
- - rvm: jruby-19mode
34
- - rvm: jruby-18mode
35
32
  - rvm: ree
36
33
 
37
34
  exclude:
@@ -1,7 +1,15 @@
1
1
  require "yaml"
2
+
3
+ # This needs to be defined up front in case any internal classes need to base
4
+ # their behavior off of this.
5
+ module SafeYAML
6
+ YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
7
+ end
8
+
2
9
  require "safe_yaml/parse/hexadecimal"
3
10
  require "safe_yaml/parse/sexagesimal"
4
11
  require "safe_yaml/parse/date"
12
+ require "safe_yaml/transform/transformation_map"
5
13
  require "safe_yaml/transform/to_boolean"
6
14
  require "safe_yaml/transform/to_date"
7
15
  require "safe_yaml/transform/to_float"
@@ -11,10 +19,10 @@ require "safe_yaml/transform/to_symbol"
11
19
  require "safe_yaml/transform"
12
20
  require "safe_yaml/resolver"
13
21
  require "safe_yaml/deep"
22
+ require "safe_yaml/syck_hack" if defined?(JRUBY_VERSION)
14
23
 
15
24
  module SafeYAML
16
25
  MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
17
- YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
18
26
 
19
27
  DEFAULT_OPTIONS = Deep.freeze({
20
28
  :default_mode => nil,
@@ -33,7 +41,7 @@ module SafeYAML
33
41
  end
34
42
 
35
43
  def tag_safety_check!(tag, options)
36
- return if tag.nil?
44
+ return if tag.nil? || tag == "!"
37
45
  if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
38
46
  raise "Unknown YAML tag '#{tag}'"
39
47
  end
@@ -0,0 +1,36 @@
1
+ # Hack to JRuby 1.8's YAML Parser Yecht
2
+ #
3
+ # This file is always loaded AFTER either syck or psych are already
4
+ # loaded. It then looks at what constants are available and creates
5
+ # a consistent view on all rubys.
6
+ #
7
+ # Taken from rubygems and modified.
8
+ # See https://github.com/rubygems/rubygems/blob/master/lib/rubygems/syck_hack.rb
9
+
10
+ module YAML
11
+ # In newer 1.9.2, there is a Syck toplevel constant instead of it
12
+ # being underneith YAML. If so, reference it back under YAML as
13
+ # well.
14
+ if defined? ::Syck
15
+ # for tests that change YAML::ENGINE
16
+ # 1.8 does not support the second argument to const_defined?
17
+ remove_const :Syck rescue nil
18
+
19
+ Syck = ::Syck
20
+
21
+ # JRuby's "Syck" is called "Yecht"
22
+ elsif defined? YAML::Yecht
23
+ Syck = YAML::Yecht
24
+ end
25
+ end
26
+
27
+ # Sometime in the 1.9 dev cycle, the Syck constant was moved from under YAML
28
+ # to be a toplevel constant. So gemspecs created under these versions of Syck
29
+ # will have references to Syck::DefaultKey.
30
+ #
31
+ # So we need to be sure that we reference Syck at the toplevel too so that
32
+ # we can always load these kind of gemspecs.
33
+ #
34
+ if !defined?(Syck)
35
+ Syck = YAML::Syck
36
+ end
@@ -1,18 +1,20 @@
1
1
  module SafeYAML
2
2
  class Transform
3
3
  class ToBoolean
4
- PREDEFINED_VALUES = {
4
+ include TransformationMap
5
+
6
+ set_predefined_values({
5
7
  "yes" => true,
6
8
  "on" => true,
7
9
  "true" => true,
8
10
  "no" => false,
9
11
  "off" => false,
10
12
  "false" => false
11
- }.freeze
13
+ })
12
14
 
13
15
  def transform?(value)
14
- key = value.downcase
15
- return PREDEFINED_VALUES.include?(key), PREDEFINED_VALUES[key]
16
+ return false if value.length > 5
17
+ return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
16
18
  end
17
19
  end
18
20
  end
@@ -1,15 +1,17 @@
1
1
  module SafeYAML
2
2
  class Transform
3
3
  class ToNil
4
- PREDEFINED_VALUES = {
4
+ include TransformationMap
5
+
6
+ set_predefined_values({
5
7
  "" => nil,
6
8
  "~" => nil,
7
9
  "null" => nil,
8
- }.freeze
10
+ })
9
11
 
10
12
  def transform?(value)
11
- key = value.downcase
12
- return PREDEFINED_VALUES.include?(key), PREDEFINED_VALUES[key]
13
+ return false if value.length > 4
14
+ return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
13
15
  end
14
16
  end
15
17
  end
@@ -0,0 +1,47 @@
1
+ module SafeYAML
2
+ class Transform
3
+ module TransformationMap
4
+ def self.included(base)
5
+ base.extend(ClassMethods)
6
+ end
7
+
8
+ class CaseAgnosticMap < Hash
9
+ def initialize(*args)
10
+ super
11
+ end
12
+
13
+ def include?(key)
14
+ super(key.downcase)
15
+ end
16
+
17
+ def [](key)
18
+ super(key.downcase)
19
+ end
20
+
21
+ # OK, I actually don't think it's all that important that this map be
22
+ # frozen.
23
+ def freeze
24
+ self
25
+ end
26
+ end
27
+
28
+ module ClassMethods
29
+ def set_predefined_values(predefined_values)
30
+ if SafeYAML::YAML_ENGINE == "syck"
31
+ expanded_map = predefined_values.inject({}) do |hash, (key, value)|
32
+ hash[key] = value
33
+ hash[key.capitalize] = value
34
+ hash[key.upcase] = value
35
+ hash
36
+ end
37
+ else
38
+ expanded_map = CaseAgnosticMap.new
39
+ expanded_map.merge!(predefined_values)
40
+ end
41
+
42
+ self.const_set(:PREDEFINED_VALUES, expanded_map.freeze)
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.9.0"
2
+ VERSION = "0.9.1"
3
3
  end
@@ -9,6 +9,12 @@ module ResolverSpecs
9
9
  @result = resolver.resolve_node(tree)
10
10
  end
11
11
 
12
+ # Isn't this how I should've been doing it all along?
13
+ def parse_and_test(yaml)
14
+ parse(yaml)
15
+ @result.should == YAML.unsafe_load(yaml)
16
+ end
17
+
12
18
  context "by default" do
13
19
  it "translates maps to hashes" do
14
20
  parse <<-YAML
@@ -78,6 +84,35 @@ module ResolverSpecs
78
84
  result.should == [nil] * 3
79
85
  end
80
86
 
87
+ it "matches the behavior of the underlying YAML engine w/ respect to capitalization of boolean values" do
88
+ parse_and_test <<-YAML
89
+ - true
90
+ - True
91
+ - TRUE
92
+ - tRue
93
+ - TRue
94
+ - False
95
+ - FALSE
96
+ - fAlse
97
+ - FALse
98
+ YAML
99
+
100
+ # using Syck: [true, true, true, "tRue", "TRue", false, false, "fAlse", "FALse"]
101
+ # using Psych: all booleans
102
+ end
103
+
104
+ it "matches the behavior of the underlying YAML engine w/ respect to capitalization of nil values" do
105
+ parse_and_test <<-YAML
106
+ - Null
107
+ - NULL
108
+ - nUll
109
+ - NUll
110
+ YAML
111
+
112
+ # using Syck: [nil, nil, "nUll", "NUll"]
113
+ # using Psych: all nils
114
+ end
115
+
81
116
  it "translates quoted empty strings to strings (not nil)" do
82
117
  parse "foo: ''"
83
118
  result.should == { "foo" => "" }
@@ -384,6 +384,12 @@ describe YAML do
384
384
  "hash" => {}
385
385
  }
386
386
  end
387
+
388
+ it "does not raise an exception on the non-specific '!' tag" do
389
+ result = nil
390
+ expect { result = YAML.safe_load "--- ! 'foo'" }.to_not raise_error
391
+ result.should == "foo"
392
+ end
387
393
  end
388
394
  end
389
395
 
metadata CHANGED
@@ -1,15 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
5
- prerelease:
4
+ version: 0.9.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - Dan Tao
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2013-03-23 00:00:00.000000000 Z
11
+ date: 2013-04-19 00:00:00.000000000 Z
13
12
  dependencies: []
14
13
  description: Parse YAML safely, without that pesky arbitrary object deserialization
15
14
  vulnerability
@@ -33,6 +32,7 @@ files:
33
32
  - lib/safe_yaml/psych_resolver.rb
34
33
  - lib/safe_yaml/resolver.rb
35
34
  - lib/safe_yaml/safe_to_ruby_visitor.rb
35
+ - lib/safe_yaml/syck_hack.rb
36
36
  - lib/safe_yaml/syck_node_monkeypatch.rb
37
37
  - lib/safe_yaml/syck_resolver.rb
38
38
  - lib/safe_yaml/transform.rb
@@ -42,6 +42,7 @@ files:
42
42
  - lib/safe_yaml/transform/to_integer.rb
43
43
  - lib/safe_yaml/transform/to_nil.rb
44
44
  - lib/safe_yaml/transform/to_symbol.rb
45
+ - lib/safe_yaml/transform/transformation_map.rb
45
46
  - lib/safe_yaml/version.rb
46
47
  - run_specs_all_ruby_versions.sh
47
48
  - safe_yaml.gemspec
@@ -61,27 +62,26 @@ files:
61
62
  homepage: http://dtao.github.com/safe_yaml/
62
63
  licenses:
63
64
  - MIT
65
+ metadata: {}
64
66
  post_install_message:
65
67
  rdoc_options: []
66
68
  require_paths:
67
69
  - lib
68
70
  required_ruby_version: !ruby/object:Gem::Requirement
69
- none: false
70
71
  requirements:
71
- - - ! '>='
72
+ - - '>='
72
73
  - !ruby/object:Gem::Version
73
74
  version: 1.8.7
74
75
  required_rubygems_version: !ruby/object:Gem::Requirement
75
- none: false
76
76
  requirements:
77
- - - ! '>='
77
+ - - '>='
78
78
  - !ruby/object:Gem::Version
79
79
  version: '0'
80
80
  requirements: []
81
81
  rubyforge_project:
82
- rubygems_version: 1.8.25
82
+ rubygems_version: 2.0.3
83
83
  signing_key:
84
- specification_version: 3
84
+ specification_version: 4
85
85
  summary: SameYAML provides an alternative implementation of YAML.load suitable for
86
86
  accepting user input in Ruby applications.
87
87
  test_files: