Module: YAML

Defined in:
lib/safe_yaml.rb

Constant Summary collapse

SYMBOL_REGEX = 
/\A:\w+\Z/.freeze

Class Method Summary collapse

Class Method Details

.check_string_for_symbol!(string) ⇒ Object 



126
127
128
129
130
 
# File 'lib/safe_yaml.rb', line 126

def check_string_for_symbol!(string)
  if !YAML.enable_symbol_parsing? && string.match(SYMBOL_REGEX)
    raise SafeYAML::UnsafeTagError.new("Symbol parsing is disabled")
  end
end

.disable_arbitrary_object_deserialization!Object 



117
118
119
 
# File 'lib/safe_yaml.rb', line 117

def disable_arbitrary_object_deserialization!
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = false
end

.disable_symbol_parsing!Object 



105
106
107
 
# File 'lib/safe_yaml.rb', line 105

def disable_symbol_parsing!
  SafeYAML::OPTIONS[:enable_symbol_parsing] = false
end

.enable_arbitrary_object_deserialization!Object 



113
114
115
 
# File 'lib/safe_yaml.rb', line 113

def enable_arbitrary_object_deserialization!
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = true
end

.enable_arbitrary_object_deserialization?Boolean

Returns:

  • (Boolean) 


109
110
111
 
# File 'lib/safe_yaml.rb', line 109

def enable_arbitrary_object_deserialization?
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization]
end

.enable_symbol_parsing!Object 



101
102
103
 
# File 'lib/safe_yaml.rb', line 101

def enable_symbol_parsing!
  SafeYAML::OPTIONS[:enable_symbol_parsing] = true
end

.enable_symbol_parsing?Boolean

Returns:

  • (Boolean) 


97
98
99
 
# File 'lib/safe_yaml.rb', line 97

def enable_symbol_parsing?
  SafeYAML::OPTIONS[:enable_symbol_parsing]
end

.load_file_with_options(file, options = {}) ⇒ Object Also known as: load_file 



30
31
32
33
 
# File 'lib/safe_yaml.rb', line 30

def self.load_file_with_options(file, options={})
  safe_mode = safe_mode_from_options("load_file", options)
  safe_mode ? safe_load_file(file) : unsafe_load_file(file)
end

.load_with_options(yaml, *filename_and_options) ⇒ Object Also known as: load 



22
23
24
25
26
27
28
 
# File 'lib/safe_yaml.rb', line 22

def self.load_with_options(yaml, *filename_and_options)
  options   = filename_and_options.last || {}
  safe_mode = safe_mode_from_options("load", options)
  arguments = [yaml]
  arguments << filename_and_options.first if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
  safe_mode ? safe_load(*arguments) : unsafe_load(*arguments)
end

.read_for_safe_load(yaml) ⇒ Object 



35
36
37
38
39
40
41
42
 
# File 'lib/safe_yaml.rb', line 35

def self.read_for_safe_load(yaml)
  # since we're going to do two passes, we need to read out the file here
  # into a string
  if yaml.respond_to?(:read)
    yaml = yaml.read
  end
  yaml
end

.safe_load(yaml) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/safe_yaml.rb', line 46

def self.safe_load(yaml, filename=nil)
  yaml = read_for_safe_load(yaml)
  verifier = SafeYAML::PsychTagVerifier.new(whitelist)
  parser = Psych::Parser.new(verifier)
  if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
    parser.parse(yaml, filename)
  else
    parser.parse(yaml)
  end
  return unsafe_load(yaml)
end

.safe_load_file(filename) ⇒ Object 



58
59
60
 
# File 'lib/safe_yaml.rb', line 58

def self.safe_load_file(filename)
  File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f, filename }
end

.unsafe_load_file(filename) ⇒ Object 



62
63
64
65
66
67
68
69
70
 
# File 'lib/safe_yaml.rb', line 62

def self.unsafe_load_file(filename)
  if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
    # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
    File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f, filename }
  else
    # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
    self.unsafe_load File.open(filename)
  end
end

.whitelistObject 



121
122
123
 
# File 'lib/safe_yaml.rb', line 121

def whitelist
  @whitelist ||= SafeYAML::Whitelist.new
end