module YAML
Constants
- SYMBOL_REGEX
Public Class Methods
check_string_for_symbol!(string)
click to toggle source
# File lib/safe_yaml.rb, line 126 def check_string_for_symbol!(string) if !YAML.enable_symbol_parsing? && string.match(SYMBOL_REGEX) raise SafeYAML::UnsafeTagError.new("Symbol parsing is disabled") end end
disable_arbitrary_object_deserialization!()
click to toggle source
# File lib/safe_yaml.rb, line 117 def disable_arbitrary_object_deserialization! SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = false end
disable_symbol_parsing!()
click to toggle source
# File lib/safe_yaml.rb, line 105 def disable_symbol_parsing! SafeYAML::OPTIONS[:enable_symbol_parsing] = false end
enable_arbitrary_object_deserialization!()
click to toggle source
# File lib/safe_yaml.rb, line 113 def enable_arbitrary_object_deserialization! SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] = true end
enable_arbitrary_object_deserialization?()
click to toggle source
# File lib/safe_yaml.rb, line 109 def enable_arbitrary_object_deserialization? SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] end
enable_symbol_parsing!()
click to toggle source
# File lib/safe_yaml.rb, line 101 def enable_symbol_parsing! SafeYAML::OPTIONS[:enable_symbol_parsing] = true end
enable_symbol_parsing?()
click to toggle source
# File lib/safe_yaml.rb, line 97 def enable_symbol_parsing? SafeYAML::OPTIONS[:enable_symbol_parsing] end
load_file_with_options(file, options={})
click to toggle source
# File lib/safe_yaml.rb, line 30 def self.load_file_with_options(file, options={}) safe_mode = safe_mode_from_options("load_file", options) safe_mode ? safe_load_file(file) : unsafe_load_file(file) end
Also aliased as: load_file
load_with_options(yaml, *filename_and_options)
click to toggle source
# File lib/safe_yaml.rb, line 22 def self.load_with_options(yaml, *filename_and_options) options = filename_and_options.last || {} safe_mode = safe_mode_from_options("load", options) arguments = [yaml] arguments << filename_and_options.first if SafeYAML::MULTI_ARGUMENT_YAML_LOAD safe_mode ? safe_load(*arguments) : unsafe_load(*arguments) end
Also aliased as: load
read_for_safe_load(yaml)
click to toggle source
# File lib/safe_yaml.rb, line 35 def self.read_for_safe_load(yaml) # since we're going to do two passes, we need to read out the file here # into a string if yaml.respond_to?(:read) yaml = yaml.read end yaml end
safe_load(yaml, filename=nil)
click to toggle source
# File lib/safe_yaml.rb, line 46 def self.safe_load(yaml, filename=nil) yaml = read_for_safe_load(yaml) verifier = SafeYAML::PsychTagVerifier.new(whitelist) parser = Psych::Parser.new(verifier) if SafeYAML::MULTI_ARGUMENT_YAML_LOAD parser.parse(yaml, filename) else parser.parse(yaml) end return unsafe_load(yaml) end
safe_load_file(filename)
click to toggle source
# File lib/safe_yaml.rb, line 58 def self.safe_load_file(filename) File.open(filename, 'r:bom|utf-8') { |f| self.safe_load f, filename } end
unsafe_load_file(filename)
click to toggle source
# File lib/safe_yaml.rb, line 62 def self.unsafe_load_file(filename) if SafeYAML::MULTI_ARGUMENT_YAML_LOAD # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298 File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load f, filename } else # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233 self.unsafe_load File.open(filename) end end
whitelist()
click to toggle source
# File lib/safe_yaml.rb, line 121 def whitelist @whitelist ||= SafeYAML::Whitelist.new end
Private Class Methods
safe_mode_from_options(method, options={})
click to toggle source
# File lib/safe_yaml.rb, line 133 def safe_mode_from_options(method, options={}) safe_mode = options[:safe] if safe_mode.nil? mode = SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] ? "unsafe" : "safe" Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{mode} mode." unless SafeYAML::OPTIONS[:suppress_warnings] safe_mode = !SafeYAML::OPTIONS[:enable_arbitrary_object_deserialization] end safe_mode end