kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

lib/rdoc/rdoc.rb: Allow only RDoc::Options in .rdoc_options

Browse source 
Follow-up of d8fd92f620. Instead of using
unsafe_load blindly, RDoc::Options is only supposed to be allowed.
This commit is contained in:
Yusuke Endoh 2021-05-17 12:50:21 +09:00
parent d8fd92f620
commit ffdf0232ef
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/rdoc/rdoc.rb
View file

@ -162,11 +162,12 @@ class RDoc::RDoc
RDoc.load_yaml
begin
options = YAML.unsafe_load_file '.rdoc_options'
options = YAML.load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
rescue Psych::SyntaxError
raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
end
return RDoc::Options.new if options == false # Allow empty file.
return RDoc::Options.new unless options # Allow empty file.
raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
RDoc::Options === options or Hash === options

6
test/rdoc/test_rdoc_options.rb
View file

@ -145,7 +145,7 @@ class TestRDocOptions < RDoc::TestCase
@options.encoding = Encoding::IBM437
options = YAML.unsafe_load YAML.dump @options
options = YAML.load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
assert_equal Encoding::IBM437, options.encoding
end
@ -161,7 +161,7 @@ rdoc_include:
- /etc
YAML
options = YAML.unsafe_load yaml
options = YAML.load(yaml, permitted_classes: [RDoc::Options, Symbol])
assert_empty options.rdoc_include
assert_empty options.static_path
@ -749,7 +749,7 @@ rdoc_include:
assert File.exist? '.rdoc_options'
assert_equal @options, YAML.unsafe_load(File.read('.rdoc_options'))
assert_equal @options, YAML.load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
end
end