Module: SafeYAML
- Defined in:
- lib/safe_yaml.rb,
lib/safe_yaml/deep.rb,
lib/safe_yaml/version.rb,
lib/safe_yaml/resolver.rb,
lib/safe_yaml/transform.rb,
lib/safe_yaml/parse/date.rb,
lib/safe_yaml/psych_handler.rb,
lib/safe_yaml/syck_resolver.rb,
lib/safe_yaml/psych_resolver.rb,
lib/safe_yaml/transform/to_nil.rb,
lib/safe_yaml/parse/hexadecimal.rb,
lib/safe_yaml/parse/sexagesimal.rb,
lib/safe_yaml/transform/to_date.rb,
lib/safe_yaml/transform/to_float.rb,
lib/safe_yaml/transform/to_symbol.rb,
lib/safe_yaml/safe_to_ruby_visitor.rb,
lib/safe_yaml/transform/to_boolean.rb,
lib/safe_yaml/transform/to_integer.rb
Defined Under Namespace
Classes: Deep, Parse, PsychHandler, PsychResolver, Resolver, SafeToRubyVisitor, SyckResolver, Transform
Constant Summary
collapse
- MULTI_ARGUMENT_YAML_LOAD =
YAML.method(:load).arity != 1
- YAML_ENGINE =
defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
- DEFAULT_OPTIONS =
Deep.freeze({
:default_mode => nil,
:suppress_warnings => false,
:deserialize_symbols => false,
:whitelisted_tags => [],
:custom_initializers => {},
:raise_on_unknown_tag => false
})
- OPTIONS =
Deep.copy(DEFAULT_OPTIONS)
- TRUSTED_TAGS =
Set.new([
"tag:yaml.org,2002:binary",
"tag:yaml.org,2002:bool#no",
"tag:yaml.org,2002:bool#yes",
"tag:yaml.org,2002:float",
"tag:yaml.org,2002:float#fix",
"tag:yaml.org,2002:int",
"tag:yaml.org,2002:map",
"tag:yaml.org,2002:null",
"tag:yaml.org,2002:seq",
"tag:yaml.org,2002:str",
"tag:yaml.org,2002:timestamp",
"tag:yaml.org,2002:timestamp#ymd"
]).freeze
- VERSION =
"0.9.0"
Class Method Summary
collapse
Instance Method Summary
collapse
Class Method Details
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# File 'lib/safe_yaml.rb', line 72
def predefined_tags
if @predefined_tags.nil?
@predefined_tags = {}
if YAML_ENGINE == "syck"
YAML.tagged_classes.each do |tag, klass|
@predefined_tags[klass] = tag
end
else
@predefined_tags.merge!({
Exception => "!ruby/exception",
Range => "!ruby/range",
Regexp => "!ruby/regexp",
})
end
end
@predefined_tags
end
|
.restore_defaults! ⇒ Object
.tag_safety_check!(tag, options) ⇒ Object
35
36
37
38
39
40
|
# File 'lib/safe_yaml.rb', line 35
def tag_safety_check!(tag, options)
return if tag.nil?
if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
raise "Unknown YAML tag '#{tag}'"
end
end
|
.whitelist!(*classes) ⇒ Object
42
43
44
45
46
|
# File 'lib/safe_yaml.rb', line 42
def whitelist!(*classes)
classes.each do |klass|
whitelist_class!(klass)
end
end
|
.whitelist_class!(klass) ⇒ Object
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# File 'lib/safe_yaml.rb', line 48
def whitelist_class!(klass)
raise "#{klass} not a Class" unless klass.is_a?(::Class)
klass_name = klass.name
raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
predefined_tag = predefined_tags[klass]
if predefined_tag
OPTIONS[:whitelisted_tags] << predefined_tag
return
end
tag_class = klass < Exception ? "exception" : "object"
tag_prefix = case YAML_ENGINE
when "psych" then "!ruby/#{tag_class}"
when "syck" then "tag:ruby.yaml.org,2002:#{tag_class}"
else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
end
OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
end
|
Instance Method Details
#tag_is_explicitly_trusted?(tag) ⇒ Boolean
97
98
99
|
# File 'lib/safe_yaml.rb', line 97
def tag_is_explicitly_trusted?(tag)
false
end
|