RubyGems - safe_yaml - Versions diffs - 0.9.1 → 0.9.2 - Mend

safe_yaml 0.9.1 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/.travis.yml +5 -0
data/CHANGES.md +104 -0
data/lib/safe_yaml.rb +2 -1
data/lib/safe_yaml/safe_to_ruby_visitor.rb +2 -2
data/lib/safe_yaml/transform/to_integer.rb +7 -7
data/lib/safe_yaml/version.rb +1 -1
data/spec/safe_yaml_spec.rb +18 -0
data/spec/transform/to_integer_spec.rb +4 -0
metadata +10 -7
checksums.yaml +0 -7

data/.travis.yml CHANGED

@@ -40,3 +40,8 @@ matrix:
       env: YAMLER=syck
     - rvm: jruby-18mode
       env: YAMLER=syck
+branches:
+  only:
+    - master

data/CHANGES.md ADDED

@@ -0,0 +1,104 @@
+0.9.2
+-----
+- fixed error w/ parsing "!" when whitelisting tags
+- fixed parsing of the number 0 (d'oh!)
+0.9.1
+-----
+- added Yecht support (JRuby)
+- more bug fixes
+0.9.0
+-----
+- added `whitelist!` method for easily whitelisting tags
+- added support for call-specific options
+- removed deprecated methods
+0.8.6
+-----
+- fixed bug in float matcher
+0.8.5
+-----
+- performance improvements
+- made less verbose by default
+- bug fixes
+0.8.4
+-----
+- enhancements to parsing of integers, floats, and dates
+- updated built-in whitelist
+- more bug fixes
+0.8.3
+-----
+- fixed exception on parsing empty document
+- fixed handling of octal & hexadecimal numbers
+0.8.2
+-----
+- bug fixes
+0.8.1
+-----
+- added `:raise_on_unknown_tag` option
+- renamed `reset_defaults!` to `restore_defaults!`
+0.8
+---
+- added tag whitelisting
+- more API changes
+0.7
+---
+- separated YAML engine support from Ruby version
+- added support for binary scalars
+- numerous bug fixes and enhancements
+0.6
+---
+- several API changes
+- added `SafeYAML::OPTIONS` for specifying default behavior
+0.5
+---
+Added support for dates
+0.4
+---
+- efficiency improvements
+- made `YAML.load` use `YAML.safe_load` by default
+- made symbol deserialization optional
+0.3
+---
+Added Syck support
+0.2
+---
+Added support for:
+- anchors & aliases
+- booleans
+- nils
+0.1
+---
+Initial release

data/lib/safe_yaml.rb CHANGED

@@ -6,6 +6,8 @@ module SafeYAML
   YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
 end
+require "set"
+require "safe_yaml/deep"
 require "safe_yaml/parse/hexadecimal"
 require "safe_yaml/parse/sexagesimal"
 require "safe_yaml/parse/date"
@@ -18,7 +20,6 @@ require "safe_yaml/transform/to_nil"
 require "safe_yaml/transform/to_symbol"
 require "safe_yaml/transform"
 require "safe_yaml/resolver"
-require "safe_yaml/deep"
 require "safe_yaml/syck_hack" if defined?(JRUBY_VERSION)
 module SafeYAML

data/lib/safe_yaml/safe_to_ruby_visitor.rb CHANGED

@@ -7,8 +7,8 @@ module SafeYAML
     def accept(node)
       if node.tag
-        return super if @resolver.tag_is_whitelisted?(node.tag)
-        raise "Unknown YAML tag '#{node.tag}'" if @resolver.options[:raise_on_unknown_tag]
+        SafeYAML.tag_safety_check!(node.tag, @resolver.options)
+        return super
       end
       @resolver.resolve_node(node)

data/lib/safe_yaml/transform/to_integer.rb CHANGED

@@ -1,16 +1,16 @@
 module SafeYAML
   class Transform
     class ToInteger
-      MATCHERS = [
-        /\A[-+]?[1-9][0-9_]*\Z/.freeze, # decimal
-        /\A0[0-7]+\Z/.freeze,           # octal
-        /\A0x[0-9a-f]+\Z/i.freeze,      # hexadecimal
-        /\A0b[01_]+\Z/.freeze           # binary
-      ].freeze
+      MATCHERS = Deep.freeze([
+        /\A[-+]?[1-9][0-9_,]*\Z/, # decimal
+        /\A0[0-7]+\Z/,            # octal
+        /\A0x[0-9a-f]+\Z/i,       # hexadecimal
+        /\A0b[01_]+\Z/            # binary
+      ])
       def transform?(value)
         MATCHERS.each do |matcher|
-          return true, Integer(value) if matcher.match(value)
+          return true, Integer(value.gsub(",", "")) if matcher.match(value)
         end
         try_edge_cases?(value)
       end

data/lib/safe_yaml/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.9.1"
+  VERSION = "0.9.2"
 end

data/spec/safe_yaml_spec.rb CHANGED

@@ -390,6 +390,24 @@ describe YAML do
           expect { result = YAML.safe_load "--- ! 'foo'" }.to_not raise_error
           result.should == "foo"
         end
+        context "with whitelisted custom class" do
+          class SomeClass
+            attr_accessor :foo
+          end
+          let(:instance) { SomeClass.new }
+          before do
+            SafeYAML::whitelist!(SomeClass)
+            instance.foo = 'with trailing whitespace: '
+          end
+          it "does not raise an exception on the non-specific '!' tag" do
+            result = nil
+            expect { result = YAML.safe_load(instance.to_yaml) }.to_not raise_error
+            result.foo.should == 'with trailing whitespace: '
+          end
+        end
       end
     end

data/spec/transform/to_integer_spec.rb CHANGED

@@ -13,6 +13,10 @@ describe SafeYAML::Transform::ToInteger do
     subject.transform?("10\nNOT AN INTEGER").should be_false
   end
+  it "allows commas in the number" do
+    subject.transform?("1,000").should == [true, 1000]
+  end
   it "correctly parses numbers in octal format" do
     subject.transform?("010").should == [true, 8]
   end

metadata CHANGED

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
+  prerelease:
 platform: ruby
 authors:
 - Dan Tao
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-04-19 00:00:00.000000000 Z
+date: 2013-05-28 00:00:00.000000000 Z
 dependencies: []
 description: Parse YAML safely, without that pesky arbitrary object deserialization
   vulnerability
@@ -19,6 +20,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .travis.yml
+- CHANGES.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -62,26 +64,27 @@ files:
 homepage: http://dtao.github.com/safe_yaml/
 licenses:
 - MIT
-metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.3
+rubygems_version: 1.8.25
 signing_key:
-specification_version: 4
+specification_version: 3
 summary: SameYAML provides an alternative implementation of YAML.load suitable for
   accepting user input in Ruby applications.
 test_files:

checksums.yaml DELETED

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 330f4d149692c82b643b6c1715ee580b7613d569
-  data.tar.gz: 71a3662c45376b5d247ea41f55dd8e60ee763307
-SHA512:
-  metadata.gz: d2827503520960753cf30adb7d7d10356a3cc35d1862304e1250a53471e33b7cbc4bb8aa483e39b612468a9c4aa2256b4b3d288bb7fdde0b2089732178ee2bcb
-  data.tar.gz: adfa5835e47678452d891289c74ef541845f3d5d77a68743ba7ab337fd4018cc052700ada3fedd3d4637241c7050198f60924df9b7a3ceb123f2896ff90b6660