safe_yaml 0.9.3 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/CHANGES.md CHANGED
@@ -1,3 +1,13 @@
1
+ 0.9.4
2
+ -----
3
+
4
+ - corrected handling of symbols
5
+
6
+ 0.9.3
7
+ -----
8
+
9
+ - fixed permissions :(
10
+
1
11
  0.9.2
2
12
  -----
3
13
 
@@ -1,12 +1,16 @@
1
1
  module SafeYAML
2
2
  class Transform
3
3
  class ToSymbol
4
- MATCHER = /\A:"?(\w+)"?\Z/.freeze
4
+ def transform?(value, options=SafeYAML::OPTIONS)
5
+ if options[:deserialize_symbols] && value =~ /\A:./
6
+ if value =~ /\A:(["'])(.*)\1\Z/
7
+ return true, $2.sub(/^:/, "").to_sym
8
+ else
9
+ return true, value.sub(/^:/, "").to_sym
10
+ end
11
+ end
5
12
 
6
- def transform?(value, options=nil)
7
- options ||= SafeYAML::OPTIONS
8
- return false unless options[:deserialize_symbols] && MATCHER.match(value)
9
- return true, $1.to_sym
13
+ return false
10
14
  end
11
15
  end
12
16
  end
@@ -1,3 +1,3 @@
1
1
  module SafeYAML
2
- VERSION = "0.9.3"
2
+ VERSION = "0.9.4"
3
3
  end
@@ -27,6 +27,14 @@ describe SafeYAML::Transform::ToSymbol do
27
27
  with_symbol_deserialization { subject.transform?(':"foo"')[0].should be_true }
28
28
  end
29
29
 
30
+ it "returns true when the value matches a valid String+Symbol with 's" do
31
+ with_symbol_deserialization { subject.transform?(":'foo'")[0].should be_true }
32
+ end
33
+
34
+ it "returns true when the value has special characters and is wrapped in a String" do
35
+ with_symbol_deserialization { subject.transform?(':"foo.bar"')[0].should be_true }
36
+ end
37
+
30
38
  it "returns false when symbol deserialization is disabled" do
31
39
  without_symbol_deserialization { subject.transform?(":foo").should be_false }
32
40
  end
@@ -40,10 +48,4 @@ describe SafeYAML::Transform::ToSymbol do
40
48
  subject.transform?("NOT A SYMBOL\n:foo").should be_false
41
49
  end
42
50
  end
43
-
44
- it "returns false when the symbol does not end the line" do
45
- with_symbol_deserialization do
46
- subject.transform?(":foo\nNOT A SYMBOL").should be_false
47
- end
48
- end
49
51
  end
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.3
4
+ version: 0.9.4
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Dan Tao
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-06-06 00:00:00.000000000 Z
12
+ date: 2013-07-09 00:00:00.000000000 Z
12
13
  dependencies: []
13
14
  description: Parse YAML safely, without that pesky arbitrary object deserialization
14
15
  vulnerability
@@ -63,26 +64,27 @@ files:
63
64
  homepage: http://dtao.github.com/safe_yaml/
64
65
  licenses:
65
66
  - MIT
66
- metadata: {}
67
67
  post_install_message:
68
68
  rdoc_options: []
69
69
  require_paths:
70
70
  - lib
71
71
  required_ruby_version: !ruby/object:Gem::Requirement
72
+ none: false
72
73
  requirements:
73
74
  - - ! '>='
74
75
  - !ruby/object:Gem::Version
75
76
  version: 1.8.7
76
77
  required_rubygems_version: !ruby/object:Gem::Requirement
78
+ none: false
77
79
  requirements:
78
80
  - - ! '>='
79
81
  - !ruby/object:Gem::Version
80
82
  version: '0'
81
83
  requirements: []
82
84
  rubyforge_project:
83
- rubygems_version: 2.0.3
85
+ rubygems_version: 1.8.25
84
86
  signing_key:
85
- specification_version: 4
87
+ specification_version: 3
86
88
  summary: SameYAML provides an alternative implementation of YAML.load suitable for
87
89
  accepting user input in Ruby applications.
88
90
  test_files:
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NzIwZmQ5ODg1ODZjY2Q1YzMyNGFlNjE1N2QyZjczNDExMWQyZGNlNg==
5
- data.tar.gz: !binary |-
6
- OGU2MzA2YTgzZDVkYTY2NGM3NjMyNGQ3ZTUwOTFjN2M0ODMxYzdjMg==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- NDAzMDU0MWU3OTRhMjdmYzIzMmI1OWM4YzNiYTU5OGFkNDlkNDA4OGI3ZWIx
10
- NDU4OWRlNmMxMDM0NWE3YjMxYmQxYjczMTZhNDNlYjZlZTRiZDRiZTg0NWQz
11
- MmFiMzA1YjRkODY0NDIwOTAyYTQ1NjE0OTc5NjEwMjFmMDlkYzI=
12
- data.tar.gz: !binary |-
13
- NmEzYWQ5MjA1ZTNlZTAyOTdlYWFjYTU0NzNkZDJjMWEyZTgxODJlZTg1ZWQ3
14
- MjY4YTAwYzU4ZTI0ZjJkNzZlZmQ4ZWM2ZGViYzI1MDRiZTI5Y2EyZDI2NDAx
15
- ZGNjYjViNjkyYmMyNzgxZTc5ZDA4MzNmODVkODA4NGFlNzJkZGI=