safe_yaml 0.9.3 → 0.9.4

data/CHANGES.md

@@ -1,3 +1,13 @@
+0.9.4
+-----
+
+- corrected handling of symbols
+
+0.9.3
+-----
+
+- fixed permissions :(
+
 0.9.2
 -----
 

data/lib/safe_yaml/transform/to_symbol.rb

@@ -1,12 +1,16 @@
 module SafeYAML
   class Transform
     class ToSymbol
-      MATCHER = /\A:"?(\w+)"?\Z/.freeze
+      def transform?(value, options=SafeYAML::OPTIONS)
+        if options[:deserialize_symbols] && value =~ /\A:./
+          if value =~ /\A:(["'])(.*)\1\Z/
+            return true, $2.sub(/^:/, "").to_sym
+          else
+            return true, value.sub(/^:/, "").to_sym
+          end
+        end
 
-      def transform?(value, options=nil)
-        options ||= SafeYAML::OPTIONS
-        return false unless options[:deserialize_symbols] && MATCHER.match(value)
-        return true, $1.to_sym
+        return false
       end
     end
   end

data/lib/safe_yaml/version.rb

@@ -1,3 +1,3 @@
 module SafeYAML
-  VERSION = "0.9.3"
+  VERSION = "0.9.4"
 end

data/spec/transform/to_symbol_spec.rb

@@ -27,6 +27,14 @@ describe SafeYAML::Transform::ToSymbol do
     with_symbol_deserialization { subject.transform?(':"foo"')[0].should be_true }
   end
 
+  it "returns true when the value matches a valid String+Symbol with 's" do
+    with_symbol_deserialization { subject.transform?(":'foo'")[0].should be_true }
+  end
+
+  it "returns true when the value has special characters and is wrapped in a String" do
+    with_symbol_deserialization { subject.transform?(':"foo.bar"')[0].should be_true }
+  end
+
   it "returns false when symbol deserialization is disabled" do
     without_symbol_deserialization { subject.transform?(":foo").should be_false }
   end
@@ -40,10 +48,4 @@ describe SafeYAML::Transform::ToSymbol do
       subject.transform?("NOT A SYMBOL\n:foo").should be_false
     end
   end
-
-  it "returns false when the symbol does not end the line" do
-    with_symbol_deserialization do
-      subject.transform?(":foo\nNOT A SYMBOL").should be_false
-    end
-  end
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: safe_yaml
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.9.4
+  prerelease: 
 platform: ruby
 authors:
 - Dan Tao
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-06 00:00:00.000000000 Z
+date: 2013-07-09 00:00:00.000000000 Z
 dependencies: []
 description: Parse YAML safely, without that pesky arbitrary object deserialization
   vulnerability
@@ -63,26 +64,27 @@ files:
 homepage: http://dtao.github.com/safe_yaml/
 licenses:
 - MIT
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 1.8.25
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: SameYAML provides an alternative implementation of YAML.load suitable for
   accepting user input in Ruby applications.
 test_files:

checksums.yaml

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    NzIwZmQ5ODg1ODZjY2Q1YzMyNGFlNjE1N2QyZjczNDExMWQyZGNlNg==
-  data.tar.gz: !binary |-
-    OGU2MzA2YTgzZDVkYTY2NGM3NjMyNGQ3ZTUwOTFjN2M0ODMxYzdjMg==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    NDAzMDU0MWU3OTRhMjdmYzIzMmI1OWM4YzNiYTU5OGFkNDlkNDA4OGI3ZWIx
-    NDU4OWRlNmMxMDM0NWE3YjMxYmQxYjczMTZhNDNlYjZlZTRiZDRiZTg0NWQz
-    MmFiMzA1YjRkODY0NDIwOTAyYTQ1NjE0OTc5NjEwMjFmMDlkYzI=
-  data.tar.gz: !binary |-
-    NmEzYWQ5MjA1ZTNlZTAyOTdlYWFjYTU0NzNkZDJjMWEyZTgxODJlZTg1ZWQ3
-    MjY4YTAwYzU4ZTI0ZjJkNzZlZmQ4ZWM2ZGViYzI1MDRiZTI5Y2EyZDI2NDAx
-    ZGNjYjViNjkyYmMyNzgxZTc5ZDA4MzNmODVkODA4NGFlNzJkZGI=