summaryrefslogtreecommitdiff
path: root/ext/psych
diff options
context:
space:
mode:
authorHiroshi SHIBATA <hsbt@ruby-lang.org>2020-12-14 20:13:12 +0900
committerHiroshi SHIBATA <hsbt@ruby-lang.org>2020-12-14 20:13:12 +0900
commitc2a60fec2f79c05bdb865c143b6ad8eddfc6cc36 (patch)
tree5ccf2881ca3f82ecc787a676e170476fd0a2bbcd /ext/psych
parent27520a1e1e8ac1ef0607a75d654e2cff6d36e15a (diff)
Merge Psych-3.2.1 from ruby/psych
Diffstat (limited to 'ext/psych')
-rw-r--r--ext/psych/lib/psych.rb27
-rw-r--r--ext/psych/lib/psych/versions.rb2
-rw-r--r--ext/psych/yaml/loader.c2
3 files changed, 24 insertions, 7 deletions
diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb
index b09866a..c3292d9 100644
--- a/ext/psych/lib/psych.rb
+++ b/ext/psych/lib/psych.rb
@@ -74,12 +74,15 @@ require 'psych/class_loader'
#
# ==== Reading from a string
#
-# Psych.load("--- a") # => 'a'
-# Psych.load("---\n - a\n - b") # => ['a', 'b']
+# Psych.safe_load("--- a") # => 'a'
+# Psych.safe_load("---\n - a\n - b") # => ['a', 'b']
+# # From a trusted string:
+# Psych.load("--- !ruby/range\nbegin: 0\nend: 42\nexcl: false\n") # => 0..42
#
# ==== Reading from a file
#
-# Psych.load_file("database.yml")
+# Psych.safe_load_file("data.yml", permitted_classes: [Date])
+# Psych.load_file("trusted_database.yml")
#
# ==== Exception handling
#
@@ -276,8 +279,7 @@ module Psych
result = parse(yaml, filename: filename)
return fallback unless result
- result = result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) if result
- result
+ result.to_ruby(symbolize_names: symbolize_names, freeze: freeze)
end
###
@@ -571,12 +573,27 @@ module Psych
# Load the document contained in +filename+. Returns the yaml contained in
# +filename+ as a Ruby object, or if the file is empty, it returns
# the specified +fallback+ return value, which defaults to +false+.
+ #
+ # NOTE: This method *should not* be used to parse untrusted documents, such as
+ # YAML documents that are supplied via user input. Instead, please use the
+ # safe_load_file method.
def self.load_file filename, **kwargs
File.open(filename, 'r:bom|utf-8') { |f|
self.load f, filename: filename, **kwargs
}
end
+ ###
+ # Safely loads the document contained in +filename+. Returns the yaml contained in
+ # +filename+ as a Ruby object, or if the file is empty, it returns
+ # the specified +fallback+ return value, which defaults to +false+.
+ # See safe_load for options.
+ def self.safe_load_file filename, **kwargs
+ File.open(filename, 'r:bom|utf-8') { |f|
+ self.safe_load f, filename: filename, **kwargs
+ }
+ end
+
# :stopdoc:
@domain_types = {}
def self.add_domain_type domain, type_tag, &block
diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb
index b357563..e458a66 100644
--- a/ext/psych/lib/psych/versions.rb
+++ b/ext/psych/lib/psych/versions.rb
@@ -2,7 +2,7 @@
# frozen_string_literal: true
module Psych
# The version of Psych you are using
- VERSION = '3.2.0'
+ VERSION = '3.2.1'
if RUBY_ENGINE == 'jruby'
DEFAULT_SNAKEYAML_VERSION = '1.26'.freeze
diff --git a/ext/psych/yaml/loader.c b/ext/psych/yaml/loader.c
index bcf3aee..78b87e6 100644
--- a/ext/psych/yaml/loader.c
+++ b/ext/psych/yaml/loader.c
@@ -541,4 +541,4 @@ yaml_parser_load_mapping_end(yaml_parser_t *parser, yaml_event_t *event,
(void)POP(parser, *ctx);
return 1;
-}
+} \ No newline at end of file