Class: SafeYAML::LibyamlChecker

Inherits:

Object

• Object
• SafeYAML::LibyamlChecker

Defined in:

lib/safe_yaml/libyaml_checker.rb

Constant Summary

LIBYAML_VERSION =

Psych::LIBYAML_VERSION rescue nil

SAFE_LIBYAML_VERSION =

Do proper version comparison (e.g. so 0.1.10 is >= 0.1.6)

Gem::Version.new("0.1.6")

KNOWN_PATCHED_LIBYAML_VERSIONS =

Set.new([
  # http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2525.html
  "0.1.4-2ubuntu0.12.04.3",
  "0.1.4-2ubuntu0.12.10.3",
  "0.1.4-2ubuntu0.13.10.3",
  "0.1.4-3ubuntu3",

  # https://security-tracker.debian.org/tracker/CVE-2014-2525
  "0.1.3-1+deb6u4",
  "0.1.4-2+deb7u4",
  "0.1.4-3.2"
]).freeze

Class Method Summary

• .libyaml_patched? ⇒ Boolean
• .libyaml_version_ok? ⇒ Boolean

Class Method Details

.libyaml_patched? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/safe_yaml/libyaml_checker.rb', line 29

def self.libyaml_patched?
  return false if (`which dpkg` rescue '').empty?
  libyaml_version = `dpkg -s libyaml-0-2`.match(/^Version: (.*)$/)
  return false if libyaml_version.nil?
  KNOWN_PATCHED_LIBYAML_VERSIONS.include?(libyaml_version[1])
end

.libyaml_version_ok? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/safe_yaml/libyaml_checker.rb', line 23

def self.libyaml_version_ok?
  return true if YAML_ENGINE != "psych" || defined?(JRUBY_VERSION)
  return true if Gem::Version.new(LIBYAML_VERSION || "0") >= SAFE_LIBYAML_VERSION
  return libyaml_patched?
end