From bce8b193c5aba1145e558b85af3797c012a57525 Mon Sep 17 00:00:00 2001 From: Jared Beck Date: Sun, 16 Oct 2022 01:36:39 -0400 Subject: [PATCH] Ensure YAML safe loading in Rails 6.1, part 2 --- CHANGELOG.md | 5 +++-- lib/paper_trail/serializers/yaml.rb | 7 ++++--- spec/dummy_app/config/application.rb | 7 ++++--- spec/spec_helper.rb | 2 +- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 038292f2..b6a9225f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,8 @@ recommendations of [keepachangelog.com](http://keepachangelog.com/). ### Breaking Changes -- None, but see Dependencies below +- [PR-1399](https://github.com/paper-trail-gem/paper_trail/pull/1399) - Same + change re: `YAML.safe_load` as in 13.0.0, but this time for Rails 6.0 and 6.1. ### Dependencies @@ -26,7 +27,7 @@ recommendations of [keepachangelog.com](http://keepachangelog.com/). ### Breaking Changes -- The default serializer will now use `YAML.safe_load` unless +- For Rails >= 7.0, the default serializer will now use `YAML.safe_load` unless `ActiveRecord.use_yaml_unsafe_load`. This change only affects users whose `versions` table has `object` or `object_changes` columns of type `text`, and who use the YAML serializer. People who use the JSON serializer, or those with diff --git a/lib/paper_trail/serializers/yaml.rb b/lib/paper_trail/serializers/yaml.rb index 616f719f..9e6bc036 100644 --- a/lib/paper_trail/serializers/yaml.rb +++ b/lib/paper_trail/serializers/yaml.rb @@ -41,8 +41,8 @@ module PaperTrail def use_safe_load? if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1") - # `use_yaml_unsafe_load` may be removed in the future, at which point safe loading will be - # the default. + # `use_yaml_unsafe_load` may be removed in the future, at which point + # safe loading will be the default. !defined?(ActiveRecord.use_yaml_unsafe_load) || !ActiveRecord.use_yaml_unsafe_load elsif defined?(ActiveRecord::Base.use_yaml_unsafe_load) # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1 @@ -53,7 +53,8 @@ module PaperTrail end def yaml_column_permitted_classes - if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1") + if defined?(ActiveRecord.yaml_column_permitted_classes) + # Rails >= 7.0.3.1 ActiveRecord.yaml_column_permitted_classes elsif defined?(ActiveRecord::Base.yaml_column_permitted_classes) # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1 diff --git a/spec/dummy_app/config/application.rb b/spec/dummy_app/config/application.rb index 8768efb0..92d3a033 100644 --- a/spec/dummy_app/config/application.rb +++ b/spec/dummy_app/config/application.rb @@ -31,11 +31,12 @@ module Dummy config.active_support.test_order = :sorted config.secret_key_base = "A fox regularly kicked the screaming pile of biscuits." - # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1 - if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1") + # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1. + # Will be removed in 7.1.0? + if ::ActiveRecord.respond_to?(:use_yaml_unsafe_load) # 7.0.3.1 ::ActiveRecord.use_yaml_unsafe_load = false ::ActiveRecord.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES - elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load) + elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load) # 5.2.8.1, 6.0.5.1, 6.1.6.1 ::ActiveRecord::Base.use_yaml_unsafe_load = false ::ActiveRecord::Base.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index cae5acad..30484b29 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -7,7 +7,7 @@ require "simplecov" SimpleCov.start do add_filter %w[Appraisals Gemfile Rakefile doc gemfiles spec] end -SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 97.3 : 92.4) +SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 96.8 : 92.4) require "byebug" require_relative "support/pt_arel_helpers"