safe_yaml 0.9.1 → 0.9.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/.travis.yml +5 -0
  2. data/CHANGES.md +104 -0
  3. data/lib/safe_yaml.rb +2 -1
  4. data/lib/safe_yaml/safe_to_ruby_visitor.rb +2 -2
  5. data/lib/safe_yaml/transform/to_integer.rb +7 -7
  6. data/lib/safe_yaml/version.rb +1 -1
  7. data/spec/safe_yaml_spec.rb +18 -0
  8. data/spec/transform/to_integer_spec.rb +4 -0
  9. metadata +10 -7
  10. checksums.yaml +0 -7
data/.travis.yml CHANGED
@@ -40,3 +40,8 @@ matrix:
40
40
  env: YAMLER=syck
41
41
  - rvm: jruby-18mode
42
42
  env: YAMLER=syck
43
+
44
+ branches:
45
+ only:
46
+ - master
47
+
data/CHANGES.md ADDED
@@ -0,0 +1,104 @@
1
+ 0.9.2
2
+ -----
3
+
4
+ - fixed error w/ parsing "!" when whitelisting tags
5
+ - fixed parsing of the number 0 (d'oh!)
6
+
7
+ 0.9.1
8
+ -----
9
+
10
+ - added Yecht support (JRuby)
11
+ - more bug fixes
12
+
13
+ 0.9.0
14
+ -----
15
+
16
+ - added `whitelist!` method for easily whitelisting tags
17
+ - added support for call-specific options
18
+ - removed deprecated methods
19
+
20
+ 0.8.6
21
+ -----
22
+
23
+ - fixed bug in float matcher
24
+
25
+ 0.8.5
26
+ -----
27
+
28
+ - performance improvements
29
+ - made less verbose by default
30
+ - bug fixes
31
+
32
+ 0.8.4
33
+ -----
34
+
35
+ - enhancements to parsing of integers, floats, and dates
36
+ - updated built-in whitelist
37
+ - more bug fixes
38
+
39
+ 0.8.3
40
+ -----
41
+
42
+ - fixed exception on parsing empty document
43
+ - fixed handling of octal & hexadecimal numbers
44
+
45
+ 0.8.2
46
+ -----
47
+
48
+ - bug fixes
49
+
50
+ 0.8.1
51
+ -----
52
+
53
+ - added `:raise_on_unknown_tag` option
54
+ - renamed `reset_defaults!` to `restore_defaults!`
55
+
56
+ 0.8
57
+ ---
58
+
59
+ - added tag whitelisting
60
+ - more API changes
61
+
62
+ 0.7
63
+ ---
64
+
65
+ - separated YAML engine support from Ruby version
66
+ - added support for binary scalars
67
+ - numerous bug fixes and enhancements
68
+
69
+ 0.6
70
+ ---
71
+
72
+ - several API changes
73
+ - added `SafeYAML::OPTIONS` for specifying default behavior
74
+
75
+ 0.5
76
+ ---
77
+
78
+ Added support for dates
79
+
80
+ 0.4
81
+ ---
82
+
83
+ - efficiency improvements
84
+ - made `YAML.load` use `YAML.safe_load` by default
85
+ - made symbol deserialization optional
86
+
87
+ 0.3
88
+ ---
89
+
90
+ Added Syck support
91
+
92
+ 0.2
93
+ ---
94
+
95
+ Added support for:
96
+
97
+ - anchors & aliases
98
+ - booleans
99
+ - nils
100
+
101
+ 0.1
102
+ ---
103
+
104
+ Initial release
data/lib/safe_yaml.rb CHANGED
@@ -6,6 +6,8 @@ module SafeYAML
6
6
  YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
7
7
  end
8
8
 
9
+ require "set"
10
+ require "safe_yaml/deep"
9
11
  require "safe_yaml/parse/hexadecimal"
10
12
  require "safe_yaml/parse/sexagesimal"
11
13
  require "safe_yaml/parse/date"
@@ -18,7 +20,6 @@ require "safe_yaml/transform/to_nil"
18
20
  require "safe_yaml/transform/to_symbol"
19
21
  require "safe_yaml/transform"
20
22
  require "safe_yaml/resolver"
21
- require "safe_yaml/deep"
22
23
  require "safe_yaml/syck_hack" if defined?(JRUBY_VERSION)
23
24
 
24
25
  module SafeYAML
data/lib/safe_yaml/safe_to_ruby_visitor.rb CHANGED
@@ -7,8 +7,8 @@ module SafeYAML
7
7
 
8
8
  def accept(node)
9
9
  if node.tag
10
- return super if @resolver.tag_is_whitelisted?(node.tag)
11
- raise "Unknown YAML tag '#{node.tag}'" if @resolver.options[:raise_on_unknown_tag]
10
+ SafeYAML.tag_safety_check!(node.tag, @resolver.options)
11
+ return super
12
12
  end
13
13
 
14
14
  @resolver.resolve_node(node)
data/lib/safe_yaml/transform/to_integer.rb CHANGED
@@ -1,16 +1,16 @@
1
1
  module SafeYAML
2
2
  class Transform
3
3
  class ToInteger
4
- MATCHERS = [
5
- /\A[-+]?[1-9][0-9_]*\Z/.freeze, # decimal
6
- /\A0[0-7]+\Z/.freeze, # octal
7
- /\A0x[0-9a-f]+\Z/i.freeze, # hexadecimal
8
- /\A0b[01_]+\Z/.freeze # binary
9
- ].freeze
4
+ MATCHERS = Deep.freeze([
5
+ /\A[-+]?[1-9][0-9_,]*\Z/, # decimal
6
+ /\A0[0-7]+\Z/, # octal
7
+ /\A0x[0-9a-f]+\Z/i, # hexadecimal
8
+ /\A0b[01_]+\Z/ # binary
9
+ ])
10
10
 
11
11
  def transform?(value)
12
12
  MATCHERS.each do |matcher|
13
- return true, Integer(value) if matcher.match(value)
13
+ return true, Integer(value.gsub(",", "")) if matcher.match(value)
14
14
  end
15
15
  try_edge_cases?(value)
16
16
  end
data/lib/safe_yaml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.9.1"
2
+ VERSION = "0.9.2"
3
3
  end
data/spec/safe_yaml_spec.rb CHANGED
@@ -390,6 +390,24 @@ describe YAML do
390
390
  expect { result = YAML.safe_load "--- ! 'foo'" }.to_not raise_error
391
391
  result.should == "foo"
392
392
  end
393
+
394
+ context "with whitelisted custom class" do
395
+ class SomeClass
396
+ attr_accessor :foo
397
+ end
398
+ let(:instance) { SomeClass.new }
399
+
400
+ before do
401
+ SafeYAML::whitelist!(SomeClass)
402
+ instance.foo = 'with trailing whitespace: '
403
+ end
404
+
405
+ it "does not raise an exception on the non-specific '!' tag" do
406
+ result = nil
407
+ expect { result = YAML.safe_load(instance.to_yaml) }.to_not raise_error
408
+ result.foo.should == 'with trailing whitespace: '
409
+ end
410
+ end
393
411
  end
394
412
  end
395
413
 
data/spec/transform/to_integer_spec.rb CHANGED
@@ -13,6 +13,10 @@ describe SafeYAML::Transform::ToInteger do
13
13
  subject.transform?("10\nNOT AN INTEGER").should be_false
14
14
  end
15
15
 
16
+ it "allows commas in the number" do
17
+ subject.transform?("1,000").should == [true, 1000]
18
+ end
19
+
16
20
  it "correctly parses numbers in octal format" do
17
21
  subject.transform?("010").should == [true, 8]
18
22
  end
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.1
4
+ version: 0.9.2
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Dan Tao
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-04-19 00:00:00.000000000 Z
12
+ date: 2013-05-28 00:00:00.000000000 Z
12
13
  dependencies: []
13
14
  description: Parse YAML safely, without that pesky arbitrary object deserialization
14
15
  vulnerability
@@ -19,6 +20,7 @@ extra_rdoc_files: []
19
20
  files:
20
21
  - .gitignore
21
22
  - .travis.yml
23
+ - CHANGES.md
22
24
  - Gemfile
23
25
  - LICENSE.txt
24
26
  - README.md
@@ -62,26 +64,27 @@ files:
62
64
  homepage: http://dtao.github.com/safe_yaml/
63
65
  licenses:
64
66
  - MIT
65
- metadata: {}
66
67
  post_install_message:
67
68
  rdoc_options: []
68
69
  require_paths:
69
70
  - lib
70
71
  required_ruby_version: !ruby/object:Gem::Requirement
72
+ none: false
71
73
  requirements:
72
- - - '>='
74
+ - - ! '>='
73
75
  - !ruby/object:Gem::Version
74
76
  version: 1.8.7
75
77
  required_rubygems_version: !ruby/object:Gem::Requirement
78
+ none: false
76
79
  requirements:
77
- - - '>='
80
+ - - ! '>='
78
81
  - !ruby/object:Gem::Version
79
82
  version: '0'
80
83
  requirements: []
81
84
  rubyforge_project:
82
- rubygems_version: 2.0.3
85
+ rubygems_version: 1.8.25
83
86
  signing_key:
84
- specification_version: 4
87
+ specification_version: 3
85
88
  summary: SameYAML provides an alternative implementation of YAML.load suitable for
86
89
  accepting user input in Ruby applications.
87
90
  test_files:
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 330f4d149692c82b643b6c1715ee580b7613d569
4
- data.tar.gz: 71a3662c45376b5d247ea41f55dd8e60ee763307
5
- SHA512:
6
- metadata.gz: d2827503520960753cf30adb7d7d10356a3cc35d1862304e1250a53471e33b7cbc4bb8aa483e39b612468a9c4aa2256b4b3d288bb7fdde0b2089732178ee2bcb
7
- data.tar.gz: adfa5835e47678452d891289c74ef541845f3d5d77a68743ba7ab337fd4018cc052700ada3fedd3d4637241c7050198f60924df9b7a3ceb123f2896ff90b6660