Module: Gem::SafeYAML

Defined in:
lib/rubygems/safe_yaml.rb

Overview

This module is used for safely loading YAML specs from a gem. The ‘safe_load` method defined on this module is specifically designed for loading Gem specifications. For loading other YAML safely, please see Psych.safe_load

Constant Summary collapse

PERMITTED_CLASSES =
%w[
  Symbol
  Time
  Date
  Gem::Dependency
  Gem::Platform
  Gem::Requirement
  Gem::Specification
  Gem::Version
  Gem::Version::Requirement
  YAML::Syck::DefaultKey
  Syck::DefaultKey
].freeze
PERMITTED_SYMBOLS =
%w[
  development
  runtime
].freeze

Class Method Summary collapse

Class Method Details

.load(input) ⇒ Object



38
39
40
41
42
43
44
# File 'lib/rubygems/safe_yaml.rb', line 38

def self.load(input)
  if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
    ::YAML.safe_load(input, permitted_classes: [::Symbol])
  else
    ::YAML.safe_load(input, [::Symbol])
  end
end

.safe_load(input, *args) ⇒ Object



30
31
32
33
34
35
36
# File 'lib/rubygems/safe_yaml.rb', line 30

def self.safe_load(input)
  if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
    ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
  else
    ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
  end
end