module YAML

Constants

SYMBOL_REGEX

Public Class Methods

check_string_for_symbol!(string) click to toggle source
# File lib/safe_yaml.rb, line 126
def check_string_for_symbol!(string)
  if !YAML.enable_symbol_parsing? && string.match(SYMBOL_REGEX)
    raise SafeYAML::UnsafeTagError.new("Symbol parsing is disabled")
  end
end
disable_arbitrary_object_deserialization!() click to toggle source
# File lib/safe_yaml.rb, line 117
def disable_arbitrary_object_deserialization!
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = false
end
disable_symbol_parsing!() click to toggle source
# File lib/safe_yaml.rb, line 105
def disable_symbol_parsing!
  SafeYAML::OPTIONS[:enable_symbol_parsing] = false
end
enable_arbitrary_object_deserialization!() click to toggle source
# File lib/safe_yaml.rb, line 113
def enable_arbitrary_object_deserialization!
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = true
end
enable_arbitrary_object_deserialization?() click to toggle source
# File lib/safe_yaml.rb, line 109
def enable_arbitrary_object_deserialization?
  SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization]
end
enable_symbol_parsing!() click to toggle source
# File lib/safe_yaml.rb, line 101
def enable_symbol_parsing!
  SafeYAML::OPTIONS[:enable_symbol_parsing] = true
end
enable_symbol_parsing?() click to toggle source
# File lib/safe_yaml.rb, line 97
def enable_symbol_parsing?
  SafeYAML::OPTIONS[:enable_symbol_parsing]
end
load(yaml, *filename_and_options)
Also aliased as: unsafe_load
Alias for: load_with_options
load_file(file, options={})
load_file_with_options(file, options={}) click to toggle source
# File lib/safe_yaml.rb, line 30
def self.load_file_with_options(file, options={})
  safe_mode = safe_mode_from_options("load_file", options)
  safe_mode ? safe_load_file(file) : unsafe_load_file(file)
end
Also aliased as: load_file
load_with_options(yaml, *filename_and_options) click to toggle source
# File lib/safe_yaml.rb, line 22
def self.load_with_options(yaml, *filename_and_options)
  options   = filename_and_options.last || {}
  safe_mode = safe_mode_from_options("load", options)
  arguments = [yaml]
  arguments << filename_and_options.first if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
  safe_mode ? safe_load(*arguments) : unsafe_load(*arguments)
end
Also aliased as: load
read_for_safe_load(yaml) click to toggle source
# File lib/safe_yaml.rb, line 35
def self.read_for_safe_load(yaml)
  # since we're going to do two passes, we need to read out the file here
  # into a string
  if yaml.respond_to?(:read)
    yaml = yaml.read
  end
  yaml
end
safe_load(yaml, filename=nil) click to toggle source
# File lib/safe_yaml.rb, line 46
def self.safe_load(yaml, filename=nil)
  yaml = read_for_safe_load(yaml)
  verifier = SafeYAML::PsychTagVerifier.new(whitelist)
  parser = Psych::Parser.new(verifier)
  if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
    parser.parse(yaml, filename)
  else
    parser.parse(yaml)
  end
  return unsafe_load(yaml)
end
safe_load_file(filename) click to toggle source
# File lib/safe_yaml.rb, line 58
def self.safe_load_file(filename)
  File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f, filename }
end
unsafe_load(yaml, *filename_and_options)
Alias for: load
unsafe_load_file(filename) click to toggle source
# File lib/safe_yaml.rb, line 62
def self.unsafe_load_file(filename)
  if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
    # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
    File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f, filename }
  else
    # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
    self.unsafe_load File.open(filename)
  end
end
whitelist() click to toggle source
# File lib/safe_yaml.rb, line 121
def whitelist
  @whitelist ||= SafeYAML::Whitelist.new
end

Private Class Methods

safe_mode_from_options(method, options={}) click to toggle source
# File lib/safe_yaml.rb, line 133
def safe_mode_from_options(method, options={})
  safe_mode = options[:safe]

  if safe_mode.nil?
    mode = SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] ? "unsafe" : "safe"
    Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{mode} mode." unless SafeYAML::OPTIONS[:suppress_warnings]
    safe_mode = !SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization]
  end

  safe_mode
end