Module: Gem::SafeYAML

Defined in:
lib/rubygems/safe_yaml.rb

Overview

This module is used for safely loading YAML specs from a gem. The `safe_load` method defined on this module is specifically designed for loading Gem specifications. For loading other YAML safely, please see Psych.safe_load

Constant Summary collapse

WHITELISTED_CLASSES =
%w(
  Symbol
  Time
  Date
  Gem::Dependency
  Gem::Platform
  Gem::Requirement
  Gem::Specification
  Gem::Version
  Gem::Version::Requirement
  YAML::Syck::DefaultKey
  Syck::DefaultKey
).freeze
WHITELISTED_SYMBOLS =
%w(
  development
  runtime
).freeze

Class Method Summary collapse

Class Method Details

.load(input) ⇒ Object


38
39
40
41
42
43
44
# File 'lib/rubygems/safe_yaml.rb', line 38

def self.load input
  if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
    ::YAML.safe_load(input, whitelist_classes: [::Symbol])
  else
    ::YAML.safe_load(input, [::Symbol])
  end
end

.safe_load(input, *args) ⇒ Object


30
31
32
33
34
35
36
# File 'lib/rubygems/safe_yaml.rb', line 30

def self.safe_load input
  if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
    ::YAML.safe_load(input, whitelist_classes: WHITELISTED_CLASSES, whitelist_symbols: WHITELISTED_SYMBOLS, aliases: true)
  else
    ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true)
  end
end