Class: Burner::Library::Deserialize::Yaml

Inherits:
JobWithRegister show all
Defined in:
lib/burner/library/deserialize/yaml.rb

Overview

Take a YAML string and deserialize into object(s). It uses YAML#safe_load by default, which ensures only a limited number of Ruby object constants can be hydrated by the YAML. If you wish to ease this restriction, for example if you have custom serialization for custom classes, then you can pass in safe: false.

Expected Payload input: string of YAML data. Payloadoutput: anything as specified by the YAML de-serializer.

Constant Summary

Constants inherited from JobWithRegister

JobWithRegister::BLANK

Instance Attribute Summary collapse

Attributes inherited from JobWithRegister

#register

Attributes inherited from Job

#name

Instance Method Summary collapse

Methods included from Util::Arrayable

#array

Constructor Details

#initialize(name: '', register: DEFAULT_REGISTER, safe: true) ⇒ Yaml

Returns a new instance of Yaml.



23
24
25
26
27
28
29
 
# File 'lib/burner/library/deserialize/yaml.rb', line 23

def initialize(name: '', register: DEFAULT_REGISTER, safe: true)
  super(name: name, register: register)

  @safe = safe

  freeze
end

Instance Attribute Details

#safeObject (readonly)

Returns the value of attribute safe.



21
22
23
 
# File 'lib/burner/library/deserialize/yaml.rb', line 21

def safe
  @safe
end

Instance Method Details

#perform(output, payload) ⇒ Object

The YAML cop was disabled because the consumer may want to actually load unsafe YAML, which can load pretty much any type of class instead of putting the loader in a sandbox. By default, though, we will try and drive them towards using it in the safer alternative. rubocop:disable Security/YAMLLoad



36
37
38
39
40
41
42
 
# File 'lib/burner/library/deserialize/yaml.rb', line 36

def perform(output, payload)
  output.detail('Warning: loading YAML not using safe_load.') unless safe

  value = payload[register]

  payload[register] = safe ? YAML.safe_load(value) : YAML.load(value)
end