Ensure YAML safe loading in Rails 6.1, part 2

2022-10-16 01:36:39 -04:00 · 2022-10-16 01:36:39 -04:00 · f1d3b2dea8
parent 172ac1d747
commit f1d3b2dea8
3 changed files with 9 additions and 7 deletions
--- a/lib/paper_trail/serializers/yaml.rb
+++ b/lib/paper_trail/serializers/yaml.rb
@ -41,8 +41,8 @@ module PaperTrail

      def use_safe_load?
        if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
-          # `use_yaml_unsafe_load` may be removed in the future, at which point safe loading will be
-          # the default.
+          # `use_yaml_unsafe_load` may be removed in the future, at which point
+          # safe loading will be the default.
          !defined?(ActiveRecord.use_yaml_unsafe_load) || !ActiveRecord.use_yaml_unsafe_load
        elsif defined?(ActiveRecord::Base.use_yaml_unsafe_load)
          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
@ -53,7 +53,8 @@ module PaperTrail
      end

      def yaml_column_permitted_classes
-        if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
+        if defined?(ActiveRecord.yaml_column_permitted_classes)
+          # Rails >= 7.0.3.1
          ActiveRecord.yaml_column_permitted_classes
        elsif defined?(ActiveRecord::Base.yaml_column_permitted_classes)
          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
--- a/spec/dummy_app/config/application.rb
+++ b/spec/dummy_app/config/application.rb
@ -31,11 +31,12 @@ module Dummy
    config.active_support.test_order = :sorted
    config.secret_key_base = "A fox regularly kicked the screaming pile of biscuits."

-    # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1
-    if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
+    # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1.
+    # Will be removed in 7.1.0?
+    if ::ActiveRecord.respond_to?(:use_yaml_unsafe_load) # 7.0.3.1
      ::ActiveRecord.use_yaml_unsafe_load = false
      ::ActiveRecord.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES
-    elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load)
+    elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load) # 5.2.8.1, 6.0.5.1, 6.1.6.1
      ::ActiveRecord::Base.use_yaml_unsafe_load = false
      ::ActiveRecord::Base.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES
    end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -7,7 +7,7 @@ require "simplecov"
 SimpleCov.start do
  add_filter %w[Appraisals Gemfile Rakefile doc gemfiles spec]
 end
-SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 97.3 : 92.4)
+SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 96.8 : 92.4)

 require "byebug"
 require_relative "support/pt_arel_helpers"