2017-07-14 02:15:58 -04:00
|
|
|
# frozen_string_literal: true
|
2013-05-14 13:26:41 -04:00
|
|
|
require 'psych/helper'
|
|
|
|
|
|
|
|
module Psych
|
|
|
|
class TestSafeLoad < TestCase
|
2018-10-20 00:25:04 -04:00
|
|
|
def setup
|
|
|
|
@orig_verbose, $VERBOSE = $VERBOSE, nil
|
|
|
|
end
|
|
|
|
|
|
|
|
def teardown
|
|
|
|
$VERBOSE = @orig_verbose
|
|
|
|
end
|
|
|
|
|
2013-05-14 13:26:41 -04:00
|
|
|
class Foo; end
|
|
|
|
|
|
|
|
[1, 2.2, {}, [], "foo"].each do |obj|
|
|
|
|
define_method(:"test_basic_#{obj.class}") do
|
|
|
|
assert_safe_cycle obj
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-07-22 15:49:05 -04:00
|
|
|
def test_raises_when_alias_found_if_alias_parsing_not_enabled
|
|
|
|
yaml_with_aliases = <<~YAML
|
|
|
|
---
|
|
|
|
a: &ABC
|
|
|
|
k1: v1
|
|
|
|
k2: v2
|
|
|
|
b: *ABC
|
|
|
|
YAML
|
|
|
|
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::BadAlias) do
|
2022-07-22 15:49:05 -04:00
|
|
|
Psych.safe_load(yaml_with_aliases)
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-07-22 15:49:05 -04:00
|
|
|
def test_aliases_are_parsed_when_alias_parsing_is_enabled
|
|
|
|
yaml_with_aliases = <<~YAML
|
|
|
|
---
|
|
|
|
a: &ABC
|
|
|
|
k1: v1
|
|
|
|
k2: v2
|
|
|
|
b: *ABC
|
|
|
|
YAML
|
|
|
|
|
|
|
|
result = Psych.safe_load(yaml_with_aliases, aliases: true)
|
|
|
|
assert_same result.fetch("a"), result.fetch("b")
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
|
2018-11-10 19:20:27 -05:00
|
|
|
def test_permitted_symbol
|
2013-05-14 13:26:41 -04:00
|
|
|
yml = Psych.dump :foo
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2013-05-14 13:26:41 -04:00
|
|
|
Psych.safe_load yml
|
|
|
|
end
|
2018-08-26 20:44:04 -04:00
|
|
|
assert_equal(
|
|
|
|
:foo,
|
|
|
|
Psych.safe_load(
|
|
|
|
yml,
|
2018-11-10 19:20:27 -05:00
|
|
|
permitted_classes: [Symbol],
|
|
|
|
permitted_symbols: [:foo]
|
2018-08-26 20:44:04 -04:00
|
|
|
)
|
|
|
|
)
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_symbol
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2013-05-14 13:26:41 -04:00
|
|
|
assert_safe_cycle :foo
|
|
|
|
end
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2018-11-10 19:20:27 -05:00
|
|
|
Psych.safe_load '--- !ruby/symbol foo', permitted_classes: []
|
2018-08-26 20:44:04 -04:00
|
|
|
end
|
|
|
|
|
2018-11-10 19:20:27 -05:00
|
|
|
assert_safe_cycle :foo, permitted_classes: [Symbol]
|
|
|
|
assert_safe_cycle :foo, permitted_classes: %w{ Symbol }
|
|
|
|
assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', permitted_classes: [Symbol])
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_foo
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2018-11-10 19:20:27 -05:00
|
|
|
Psych.safe_load '--- !ruby/object:Foo {}', permitted_classes: [Foo]
|
2018-08-26 20:44:04 -04:00
|
|
|
end
|
|
|
|
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2013-05-14 13:26:41 -04:00
|
|
|
assert_safe_cycle Foo.new
|
|
|
|
end
|
2018-11-10 19:20:27 -05:00
|
|
|
assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), permitted_classes: [Foo]))
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
X = Struct.new(:x)
|
|
|
|
def test_struct_depends_on_sym
|
2018-11-10 19:20:27 -05:00
|
|
|
assert_safe_cycle(X.new, permitted_classes: [X, Symbol])
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2018-11-10 19:20:27 -05:00
|
|
|
cycle X.new, permitted_classes: [X]
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_anon_struct
|
2018-11-10 19:20:27 -05:00
|
|
|
assert Psych.safe_load(<<-eoyml, permitted_classes: [Struct, Symbol])
|
2018-08-26 20:44:04 -04:00
|
|
|
--- !ruby/struct
|
|
|
|
foo: bar
|
|
|
|
eoyml
|
|
|
|
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2018-11-10 19:20:27 -05:00
|
|
|
Psych.safe_load(<<-eoyml, permitted_classes: [Struct])
|
2018-08-26 20:44:04 -04:00
|
|
|
--- !ruby/struct
|
|
|
|
foo: bar
|
|
|
|
eoyml
|
|
|
|
end
|
|
|
|
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::DisallowedClass) do
|
2018-11-10 19:20:27 -05:00
|
|
|
Psych.safe_load(<<-eoyml, permitted_classes: [Symbol])
|
2018-08-26 20:44:04 -04:00
|
|
|
--- !ruby/struct
|
|
|
|
foo: bar
|
|
|
|
eoyml
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_safe_load_default_fallback
|
|
|
|
assert_nil Psych.safe_load("")
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_safe_load
|
|
|
|
assert_equal %w[a b], Psych.safe_load("- a\n- b")
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_safe_load_raises_on_bad_input
|
2021-05-10 06:09:17 -04:00
|
|
|
assert_raise(Psych::SyntaxError) { Psych.safe_load("--- `") }
|
2018-08-26 20:44:04 -04:00
|
|
|
end
|
|
|
|
|
2013-05-14 13:26:41 -04:00
|
|
|
private
|
|
|
|
|
2018-11-10 19:20:27 -05:00
|
|
|
def cycle object, permitted_classes: []
|
|
|
|
Psych.safe_load(Psych.dump(object), permitted_classes: permitted_classes)
|
2013-05-14 13:26:41 -04:00
|
|
|
end
|
|
|
|
|
2018-11-10 19:20:27 -05:00
|
|
|
def assert_safe_cycle object, permitted_classes: []
|
|
|
|
other = cycle object, permitted_classes: permitted_classes
|
2013-05-14 13:26:41 -04:00
|
|
|
assert_equal object, other
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|