blob: f4bba001365fea9b246d61c211ed833e50a0a82f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# frozen_string_literal: true
module Gem
###
# This module is used for safely loading YAML specs from a gem. The
# `safe_load` method defined on this module is specifically designed for
# loading Gem specifications. For loading other YAML safely, please see
# Psych.safe_load
module SafeYAML
PERMITTED_CLASSES = %w[
Symbol
Time
Date
Gem::Dependency
Gem::Platform
Gem::Requirement
Gem::Specification
Gem::Version
Gem::Version::Requirement
].freeze
PERMITTED_SYMBOLS = %w[
development
runtime
].freeze
@aliases_enabled = true
def self.aliases_enabled=(value) # :nodoc:
@aliases_enabled = !!value
end
def self.aliases_enabled? # :nodoc:
@aliases_enabled
end
def self.safe_load(input)
if Gem.use_psych?
::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES,
permitted_symbols: PERMITTED_SYMBOLS, aliases: @aliases_enabled)
else
Gem::YAMLSerializer.load(
input,
permitted_classes: PERMITTED_CLASSES,
permitted_symbols: PERMITTED_SYMBOLS,
aliases: aliases_enabled?
)
end
end
class << self
alias_method :load, :safe_load
end
end
end
|
