safe_yaml 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/CHANGES.md +5 -0
- data/lib/safe_yaml/parse/date.rb +2 -0
- data/lib/safe_yaml/store.rb +39 -0
- data/lib/safe_yaml/version.rb +1 -1
- data/spec/store_spec.rb +57 -0
- metadata +10 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b7f3a4c3a01072ac60acedf5e31aeaeb2bdd2351
|
|
4
|
+
data.tar.gz: 42d514af94d97f883fc45ac685cd763ee479a2a3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f96d1730de67f843d1f45ee0806007b9041351e739b6af14596b0e8df7387f6e74d8f6912162fc83cc5b959ac53ed02afd88c115c64d743274948dfcdbfa4550
|
|
7
|
+
data.tar.gz: 13db92095eee835579880064ee7c986f369a9a9b66225ff0e8d1054d5e2a35e04bb237a9c0f82e8406fe5a66a761af14e2ed61b214381559c1397d87e59fedc8
|
data/.gitignore
CHANGED
data/CHANGES.md
CHANGED
data/lib/safe_yaml/parse/date.rb
CHANGED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require 'safe_yaml/load'
|
|
2
|
+
require 'yaml/store'
|
|
3
|
+
|
|
4
|
+
module SafeYAML
|
|
5
|
+
|
|
6
|
+
class Store < YAML::Store
|
|
7
|
+
|
|
8
|
+
# Override YAML::Store#initialize to accept additional option
|
|
9
|
+
# +safe_yaml_opts+.
|
|
10
|
+
def initialize(file_name, yaml_opts = {}, safe_yaml_opts = {})
|
|
11
|
+
@safe_yaml_opts = safe_yaml_opts
|
|
12
|
+
super(file_name, yaml_opts)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
# Override YAML::Store#load to use SafeYAML.load instead of
|
|
16
|
+
# YAML.load (via #safe_yaml_load).
|
|
17
|
+
#--
|
|
18
|
+
# PStore#load is private, while YAML::Store#load is public.
|
|
19
|
+
#++
|
|
20
|
+
def load(content)
|
|
21
|
+
table = safe_yaml_load(content)
|
|
22
|
+
table == false ? {} : table
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
if SafeYAML::YAML_ENGINE == 'psych'
|
|
28
|
+
def safe_yaml_load(content)
|
|
29
|
+
SafeYAML.load(content, nil, @safe_yaml_opts)
|
|
30
|
+
end
|
|
31
|
+
else
|
|
32
|
+
def safe_yaml_load(content)
|
|
33
|
+
SafeYAML.load(content, @safe_yaml_opts)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
data/lib/safe_yaml/version.rb
CHANGED
data/spec/store_spec.rb
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
require 'safe_yaml/store'
|
|
4
|
+
|
|
5
|
+
describe SafeYAML::Store do
|
|
6
|
+
|
|
7
|
+
let(:file) { 'spec/store.yaml' }
|
|
8
|
+
let(:content) { "--- \nfoo: 42\n:bar: \"party\"\n" }
|
|
9
|
+
|
|
10
|
+
before do
|
|
11
|
+
# Rewrite file on every test, as its contents are potentially modified by
|
|
12
|
+
# SafeYAML::Store#transaction
|
|
13
|
+
File.open(file, 'w') { |f| f.write(content) }
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def expect_safe_load(options = {})
|
|
17
|
+
load_args = [content, options]
|
|
18
|
+
load_args.insert(1, nil) if SafeYAML::YAML_ENGINE == 'psych'
|
|
19
|
+
|
|
20
|
+
expect(SafeYAML).to receive(:load).with(*load_args).and_call_original
|
|
21
|
+
expect(YAML).not_to receive(:load)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
let(:init_args) { [file] }
|
|
25
|
+
subject { described_class.new(*init_args) }
|
|
26
|
+
|
|
27
|
+
it 'should be a YAML::Store' do
|
|
28
|
+
expect(subject).to be_a(YAML::Store)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
it 'should be a SafeYAML::Store' do
|
|
32
|
+
expect(subject).to be_a(SafeYAML::Store)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
it 'should use SafeYAML.load instead of YAML.load' do
|
|
36
|
+
expect_safe_load
|
|
37
|
+
expect(subject.transaction { subject['foo'] }).to eq(42)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
it 'preserves default SafeYAML behavior' do
|
|
41
|
+
expect(subject.transaction { subject[:bar] }).to eq(nil)
|
|
42
|
+
expect(subject.transaction { subject[':bar'] }).to eq('party')
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
describe 'with options' do
|
|
47
|
+
|
|
48
|
+
let(:init_args) { super().insert(2, :deserialize_symbols => true) }
|
|
49
|
+
|
|
50
|
+
it 'should accept options for SafeYAML.load' do
|
|
51
|
+
expect_safe_load(:deserialize_symbols => true)
|
|
52
|
+
expect(subject.transaction { subject[:bar] }).to eq('party')
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safe_yaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Tao
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-02-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Parse YAML safely
|
|
14
14
|
email: daniel.tao@gmail.com
|
|
@@ -17,8 +17,8 @@ executables:
|
|
|
17
17
|
extensions: []
|
|
18
18
|
extra_rdoc_files: []
|
|
19
19
|
files:
|
|
20
|
-
-
|
|
21
|
-
-
|
|
20
|
+
- .gitignore
|
|
21
|
+
- .travis.yml
|
|
22
22
|
- CHANGES.md
|
|
23
23
|
- Gemfile
|
|
24
24
|
- LICENSE.txt
|
|
@@ -37,6 +37,7 @@ files:
|
|
|
37
37
|
- lib/safe_yaml/psych_resolver.rb
|
|
38
38
|
- lib/safe_yaml/resolver.rb
|
|
39
39
|
- lib/safe_yaml/safe_to_ruby_visitor.rb
|
|
40
|
+
- lib/safe_yaml/store.rb
|
|
40
41
|
- lib/safe_yaml/syck_hack.rb
|
|
41
42
|
- lib/safe_yaml/syck_node_monkeypatch.rb
|
|
42
43
|
- lib/safe_yaml/syck_resolver.rb
|
|
@@ -60,6 +61,7 @@ files:
|
|
|
60
61
|
- spec/resolver_specs.rb
|
|
61
62
|
- spec/safe_yaml_spec.rb
|
|
62
63
|
- spec/spec_helper.rb
|
|
64
|
+
- spec/store_spec.rb
|
|
63
65
|
- spec/support/exploitable_back_door.rb
|
|
64
66
|
- spec/syck_resolver_spec.rb
|
|
65
67
|
- spec/transform/base64_spec.rb
|
|
@@ -78,17 +80,17 @@ require_paths:
|
|
|
78
80
|
- lib
|
|
79
81
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
80
82
|
requirements:
|
|
81
|
-
- -
|
|
83
|
+
- - '>='
|
|
82
84
|
- !ruby/object:Gem::Version
|
|
83
85
|
version: 1.8.7
|
|
84
86
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
85
87
|
requirements:
|
|
86
|
-
- -
|
|
88
|
+
- - '>='
|
|
87
89
|
- !ruby/object:Gem::Version
|
|
88
90
|
version: '0'
|
|
89
91
|
requirements: []
|
|
90
92
|
rubyforge_project:
|
|
91
|
-
rubygems_version: 2.
|
|
93
|
+
rubygems_version: 2.6.14
|
|
92
94
|
signing_key:
|
|
93
95
|
specification_version: 4
|
|
94
96
|
summary: SameYAML provides an alternative implementation of YAML.load suitable for
|
|
@@ -103,6 +105,7 @@ test_files:
|
|
|
103
105
|
- spec/resolver_specs.rb
|
|
104
106
|
- spec/safe_yaml_spec.rb
|
|
105
107
|
- spec/spec_helper.rb
|
|
108
|
+
- spec/store_spec.rb
|
|
106
109
|
- spec/support/exploitable_back_door.rb
|
|
107
110
|
- spec/syck_resolver_spec.rb
|
|
108
111
|
- spec/transform/base64_spec.rb
|