summaryrefslogtreecommitdiff
path: root/ext/psych/lib/psych/class_loader.rb
diff options
context:
space:
mode:
authortenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-05-14 17:26:41 +0000
committertenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-05-14 17:26:41 +0000
commit7ceafcbdf5bd2155704839f97b869e689f66feeb (patch)
tree278d237513fff700906430468892ede20d3f76c1 /ext/psych/lib/psych/class_loader.rb
parentd7f06a665c8e5b4ec83b6baa4a7532fc7ad7f24a (diff)
* ext/psych/lib/psych.rb: Adding Psych.safe_load for loading a user
defined, restricted subset of Ruby object types. * ext/psych/lib/psych/class_loader.rb: A class loader for encapsulating the logic for which objects are allowed to be deserialized. * ext/psych/lib/psych/deprecated.rb: Changes to use the class loader * ext/psych/lib/psych/exception.rb: ditto * ext/psych/lib/psych/json/stream.rb: ditto * ext/psych/lib/psych/nodes/node.rb: ditto * ext/psych/lib/psych/scalar_scanner.rb: ditto * ext/psych/lib/psych/stream.rb: ditto * ext/psych/lib/psych/streaming.rb: ditto * ext/psych/lib/psych/visitors/json_tree.rb: ditto * ext/psych/lib/psych/visitors/to_ruby.rb: ditto * ext/psych/lib/psych/visitors/yaml_tree.rb: ditto * ext/psych/psych_to_ruby.c: ditto * test/psych/helper.rb: ditto * test/psych/test_safe_load.rb: tests for restricted subset. * test/psych/test_scalar_scanner.rb: ditto * test/psych/visitors/test_to_ruby.rb: ditto * test/psych/visitors/test_yaml_tree.rb: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/psych/lib/psych/class_loader.rb')
-rw-r--r--ext/psych/lib/psych/class_loader.rb101
1 files changed, 101 insertions, 0 deletions
diff --git a/ext/psych/lib/psych/class_loader.rb b/ext/psych/lib/psych/class_loader.rb
new file mode 100644
index 00000000000..46c6b936279
--- /dev/null
+++ b/ext/psych/lib/psych/class_loader.rb
@@ -0,0 +1,101 @@
+require 'psych/omap'
+require 'psych/set'
+
+module Psych
+ class ClassLoader # :nodoc:
+ BIG_DECIMAL = 'BigDecimal'
+ COMPLEX = 'Complex'
+ DATE = 'Date'
+ DATE_TIME = 'DateTime'
+ EXCEPTION = 'Exception'
+ OBJECT = 'Object'
+ PSYCH_OMAP = 'Psych::Omap'
+ PSYCH_SET = 'Psych::Set'
+ RANGE = 'Range'
+ RATIONAL = 'Rational'
+ REGEXP = 'Regexp'
+ STRUCT = 'Struct'
+ SYMBOL = 'Symbol'
+
+ def initialize
+ @cache = CACHE.dup
+ end
+
+ def load klassname
+ return nil if !klassname || klassname.empty?
+
+ find klassname
+ end
+
+ def symbolize sym
+ symbol
+ sym.to_sym
+ end
+
+ constants.each do |const|
+ konst = const_get const
+ define_method(const.to_s.downcase) do
+ load konst
+ end
+ end
+
+ private
+
+ def find klassname
+ @cache[klassname] ||= resolve(klassname)
+ end
+
+ def resolve klassname
+ name = klassname
+ retried = false
+
+ begin
+ path2class(name)
+ rescue ArgumentError, NameError => ex
+ unless retried
+ name = "Struct::#{name}"
+ retried = ex
+ retry
+ end
+ raise retried
+ end
+ end
+
+ CACHE = Hash[constants.map { |const|
+ val = const_get const
+ begin
+ [val, ::Object.const_get(val)]
+ rescue
+ nil
+ end
+ }.compact]
+
+ class Restricted < ClassLoader
+ def initialize classes, symbols
+ @classes = classes
+ @symbols = symbols
+ super()
+ end
+
+ def symbolize sym
+ return super if @symbols.empty?
+
+ if @symbols.include? sym
+ super
+ else
+ raise DisallowedClass, 'Symbol'
+ end
+ end
+
+ private
+
+ def find klassname
+ if @classes.include? klassname
+ super
+ else
+ raise DisallowedClass, klassname
+ end
+ end
+ end
+ end
+end