safe_yaml 0.9.3 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGES.md +10 -0
- data/lib/safe_yaml/transform/to_symbol.rb +9 -5
- data/lib/safe_yaml/version.rb +1 -1
- data/spec/transform/to_symbol_spec.rb +8 -6
- metadata +7 -5
- checksums.yaml +0 -15
data/CHANGES.md
CHANGED
@@ -1,12 +1,16 @@
|
|
1
1
|
module SafeYAML
|
2
2
|
class Transform
|
3
3
|
class ToSymbol
|
4
|
-
|
4
|
+
def transform?(value, options=SafeYAML::OPTIONS)
|
5
|
+
if options[:deserialize_symbols] && value =~ /\A:./
|
6
|
+
if value =~ /\A:(["'])(.*)\1\Z/
|
7
|
+
return true, $2.sub(/^:/, "").to_sym
|
8
|
+
else
|
9
|
+
return true, value.sub(/^:/, "").to_sym
|
10
|
+
end
|
11
|
+
end
|
5
12
|
|
6
|
-
|
7
|
-
options ||= SafeYAML::OPTIONS
|
8
|
-
return false unless options[:deserialize_symbols] && MATCHER.match(value)
|
9
|
-
return true, $1.to_sym
|
13
|
+
return false
|
10
14
|
end
|
11
15
|
end
|
12
16
|
end
|
data/lib/safe_yaml/version.rb
CHANGED
@@ -27,6 +27,14 @@ describe SafeYAML::Transform::ToSymbol do
|
|
27
27
|
with_symbol_deserialization { subject.transform?(':"foo"')[0].should be_true }
|
28
28
|
end
|
29
29
|
|
30
|
+
it "returns true when the value matches a valid String+Symbol with 's" do
|
31
|
+
with_symbol_deserialization { subject.transform?(":'foo'")[0].should be_true }
|
32
|
+
end
|
33
|
+
|
34
|
+
it "returns true when the value has special characters and is wrapped in a String" do
|
35
|
+
with_symbol_deserialization { subject.transform?(':"foo.bar"')[0].should be_true }
|
36
|
+
end
|
37
|
+
|
30
38
|
it "returns false when symbol deserialization is disabled" do
|
31
39
|
without_symbol_deserialization { subject.transform?(":foo").should be_false }
|
32
40
|
end
|
@@ -40,10 +48,4 @@ describe SafeYAML::Transform::ToSymbol do
|
|
40
48
|
subject.transform?("NOT A SYMBOL\n:foo").should be_false
|
41
49
|
end
|
42
50
|
end
|
43
|
-
|
44
|
-
it "returns false when the symbol does not end the line" do
|
45
|
-
with_symbol_deserialization do
|
46
|
-
subject.transform?(":foo\nNOT A SYMBOL").should be_false
|
47
|
-
end
|
48
|
-
end
|
49
51
|
end
|
metadata
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_yaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.4
|
5
|
+
prerelease:
|
5
6
|
platform: ruby
|
6
7
|
authors:
|
7
8
|
- Dan Tao
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2013-
|
12
|
+
date: 2013-07-09 00:00:00.000000000 Z
|
12
13
|
dependencies: []
|
13
14
|
description: Parse YAML safely, without that pesky arbitrary object deserialization
|
14
15
|
vulnerability
|
@@ -63,26 +64,27 @@ files:
|
|
63
64
|
homepage: http://dtao.github.com/safe_yaml/
|
64
65
|
licenses:
|
65
66
|
- MIT
|
66
|
-
metadata: {}
|
67
67
|
post_install_message:
|
68
68
|
rdoc_options: []
|
69
69
|
require_paths:
|
70
70
|
- lib
|
71
71
|
required_ruby_version: !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
72
73
|
requirements:
|
73
74
|
- - ! '>='
|
74
75
|
- !ruby/object:Gem::Version
|
75
76
|
version: 1.8.7
|
76
77
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
78
|
+
none: false
|
77
79
|
requirements:
|
78
80
|
- - ! '>='
|
79
81
|
- !ruby/object:Gem::Version
|
80
82
|
version: '0'
|
81
83
|
requirements: []
|
82
84
|
rubyforge_project:
|
83
|
-
rubygems_version:
|
85
|
+
rubygems_version: 1.8.25
|
84
86
|
signing_key:
|
85
|
-
specification_version:
|
87
|
+
specification_version: 3
|
86
88
|
summary: SameYAML provides an alternative implementation of YAML.load suitable for
|
87
89
|
accepting user input in Ruby applications.
|
88
90
|
test_files:
|
checksums.yaml
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
---
|
2
|
-
!binary "U0hBMQ==":
|
3
|
-
metadata.gz: !binary |-
|
4
|
-
NzIwZmQ5ODg1ODZjY2Q1YzMyNGFlNjE1N2QyZjczNDExMWQyZGNlNg==
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
OGU2MzA2YTgzZDVkYTY2NGM3NjMyNGQ3ZTUwOTFjN2M0ODMxYzdjMg==
|
7
|
-
!binary "U0hBNTEy":
|
8
|
-
metadata.gz: !binary |-
|
9
|
-
NDAzMDU0MWU3OTRhMjdmYzIzMmI1OWM4YzNiYTU5OGFkNDlkNDA4OGI3ZWIx
|
10
|
-
NDU4OWRlNmMxMDM0NWE3YjMxYmQxYjczMTZhNDNlYjZlZTRiZDRiZTg0NWQz
|
11
|
-
MmFiMzA1YjRkODY0NDIwOTAyYTQ1NjE0OTc5NjEwMjFmMDlkYzI=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
NmEzYWQ5MjA1ZTNlZTAyOTdlYWFjYTU0NzNkZDJjMWEyZTgxODJlZTg1ZWQ3
|
14
|
-
MjY4YTAwYzU4ZTI0ZjJkNzZlZmQ4ZWM2ZGViYzI1MDRiZTI5Y2EyZDI2NDAx
|
15
|
-
ZGNjYjViNjkyYmMyNzgxZTc5ZDA4MzNmODVkODA4NGFlNzJkZGI=
|