1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
require 'psych/helper'
module Psych
class TestStringTainted < TestCase
class Tainted < Handler
attr_reader :tc
def initialize tc
@tc = tc
end
def start_document version, tags, implicit
tags.flatten.each do |tag|
assert_taintedness tag
end
end
def alias name
assert_taintedness name
end
def scalar value, anchor, tag, plain, quoted, style
assert_taintedness value
assert_taintedness tag if tag
assert_taintedness anchor if anchor
end
def start_sequence anchor, tag, implicit, style
assert_taintedness tag if tag
assert_taintedness anchor if anchor
end
def start_mapping anchor, tag, implicit, style
assert_taintedness tag if tag
assert_taintedness anchor if anchor
end
def assert_taintedness thing, message = "'#{thing}' should be tainted"
tc.assert thing.tainted?, message
end
end
class Untainted < Tainted
def assert_taintedness thing, message = "'#{thing}' should not be tainted"
tc.assert !thing.tainted?, message
end
end
def setup
handler = Tainted.new self
@parser = Psych::Parser.new handler
end
def test_tags_are_tainted
assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\""
end
def test_alias
assert_taintedness "--- &ponies\n- foo\n- *ponies"
end
def test_scalar
assert_taintedness "--- ponies"
end
def test_anchor
assert_taintedness "--- &hi ponies"
end
def test_scalar_tag
assert_taintedness "--- !str ponies"
end
def test_seq_start_tag
assert_taintedness "--- !!seq [ a ]"
end
def test_seq_start_anchor
assert_taintedness "--- &zomg [ a ]"
end
def test_seq_mapping_tag
assert_taintedness "--- !!map { a: b }"
end
def test_seq_mapping_anchor
assert_taintedness "--- &himom { a: b }"
end
def assert_taintedness string
@parser.parse string.taint
end
end
class TestStringUntainted < TestStringTainted
def setup
handler = Untainted.new self
@parser = Psych::Parser.new handler
end
def assert_taintedness string
@parser.parse string
end
end
class TestStringIOUntainted < TestStringTainted
def setup
handler = Untainted.new self
@parser = Psych::Parser.new handler
end
def assert_taintedness string
@parser.parse StringIO.new(string)
end
end
class TestIOTainted < TestStringTainted
def assert_taintedness string
t = Tempfile.new(['something', 'yml'])
t.binmode
t.write string
t.close
File.open(t.path) { |f| @parser.parse f }
t.close(true)
end
end
end
|