Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added support for Psych > 3.1.0 by using new syntax #101

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
1.0.6
-----

- added support for Psych > 3.1.0 by using new syntax

1.0.5
-----

Expand Down
9 changes: 6 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
SafeYAML
========

[![Build Status](https://travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)
[![Gem Version](https://badge.fury.io/rb/safe_yaml.png)](http://badge.fury.io/rb/safe_yaml)
Gem Version 1.0.6

Support added for new versions of Psych and Ruby

---

The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [in Rails in early 2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).

Expand Down Expand Up @@ -186,6 +189,6 @@ SafeYAML will follow [semantic versioning](http://semver.org/) so any updates to
Requirements
------------

SafeYAML requires Ruby 1.8.7 or newer and works with both [Syck](http://www.ruby-doc.org/stdlib-1.8.7/libdoc/yaml/rdoc/YAML.html) and [Psych](http://github.com/tenderlove/psych).
SafeYAML requires Ruby 1.8.7 or newer and works with both [Syck](http://www.ruby-doc.org/stdlib-1.8.7/libdoc/yaml/rdoc/YAML.html) and [Psych](http://github.com/tenderlove/psych) (including 4.x versions).

If you are using a version of Ruby where Psych is the default YAML engine (e.g., 1.9.3) but you want to use Syck, be sure to set `YAML::ENGINE.yamler = "syck"` **before** requiring the safe_yaml gem.
2 changes: 1 addition & 1 deletion lib/safe_yaml/load.rb
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ def self.load(yaml, filename=nil, options={})
else
safe_resolver = SafeYAML::PsychResolver.new(options)
tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
Psych.parse(yaml, filename) :
Psych.parse(yaml, filename: filename) :
Psych.parse(yaml)
return safe_resolver.resolve_node(tree)
end
Expand Down
5 changes: 2 additions & 3 deletions lib/safe_yaml/safe_to_ruby_visitor.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,8 @@ class SafeToRubyVisitor < Psych::Visitors::ToRuby
INITIALIZE_ARITY = superclass.instance_method(:initialize).arity

def initialize(resolver)
case INITIALIZE_ARITY
when 2
# https://github.com/tenderlove/psych/blob/v2.0.0/lib/psych/visitors/to_ruby.rb#L14-L28
unless INITIALIZE_ARITY.zero?
# https://github.com/tenderlove/psych/blob/v2.0.0/lib/psych/visitors/to_ruby.rb#L22-L30
loader = Psych::ClassLoader.new
scanner = Psych::ScalarScanner.new(loader)
super(scanner, loader)
Expand Down
2 changes: 1 addition & 1 deletion lib/safe_yaml/version.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module SafeYAML
VERSION = "1.0.5"
VERSION = "1.0.6"
end