Just use YAML.safe_load and assume the format

should be correct since it's already passing the validation anyway. Feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8088#note_20076187
2016-12-15 23:37:22 +08:00 · 2016-12-15 23:37:22 +08:00 · bcc09ca760
commit bcc09ca760
parent e682e2f888
2 changed files with 3 additions and 44 deletions
--- a/lib/gitlab/serialize/yaml_variables.rb
+++ b/lib/gitlab/serialize/yaml_variables.rb
@ -10,36 +10,16 @@ module Gitlab
      def load(string)
        return unless string

-        object = YAML.load(string)
+        object = YAML.safe_load(string, [Symbol])

-        # We don't need to verify the object once we're using SafeYAML
-        if YamlVariables.verify_object(object)
-          YamlVariables.convert_object(object)
-        else
-          []
-        end
+        object.map(&YamlVariables.method(:convert_key_value_to_string))
      end

      def dump(object)
        YAML.dump(object)
      end

-      def verify_object(object)
-        YamlVariables.verify_type(object, Array) &&
-          object.all? { |obj| YamlVariables.verify_type(obj, Hash) }
-      end
-
-      # We use three ways to check if the class is exactly the one we want,
-      # rather than some subclass or duck typing class.
-      def verify_type(object, klass)
-        object.kind_of?(klass) &&
-          object.class == klass &&
-          klass === object
-      end
-
-      def convert_object(object)
-        object.map(&YamlVariables.method(:convert_key_value_to_string))
-      end
+      private

      def convert_key_value_to_string(variable)
        variable[:key] = variable[:key].to_s
--- a/spec/lib/gitlab/serialize/yaml_variables_spec.rb
+++ b/spec/lib/gitlab/serialize/yaml_variables_spec.rb
@ -16,25 +16,4 @@ describe Gitlab::Serialize::YamlVariables do
      { key: 'key', value: 'value', public: true },
      { key: 'wee', value: '1', public: false }])
  end
-
-  context 'with a subclass of Array' do
-    let(:object) do
-      Kaminari::PaginatableArray.new << 'I am evil'
-    end
-
-    it 'ignores it' do
-      is_expected.to eq([])
-    end
-  end
-
-  context 'with the array containing subclasses of Hash' do
-    let(:object) do
-      [ActiveSupport::OrderedOptions.new(
-        key: 'key', value: 'value', public: true)]
-    end
-
-    it 'ignores it' do
-      is_expected.to eq([])
-    end
-  end
 end