diff --git a/lib/gitlab/serialize/yaml_variables.rb b/lib/gitlab/serialize/yaml_variables.rb index 68ca50ed60e..db1e7641c74 100644 --- a/lib/gitlab/serialize/yaml_variables.rb +++ b/lib/gitlab/serialize/yaml_variables.rb @@ -10,36 +10,16 @@ module Gitlab def load(string) return unless string - object = YAML.load(string) + object = YAML.safe_load(string, [Symbol]) - # We don't need to verify the object once we're using SafeYAML - if YamlVariables.verify_object(object) - YamlVariables.convert_object(object) - else - [] - end + object.map(&YamlVariables.method(:convert_key_value_to_string)) end def dump(object) YAML.dump(object) end - def verify_object(object) - YamlVariables.verify_type(object, Array) && - object.all? { |obj| YamlVariables.verify_type(obj, Hash) } - end - - # We use three ways to check if the class is exactly the one we want, - # rather than some subclass or duck typing class. - def verify_type(object, klass) - object.kind_of?(klass) && - object.class == klass && - klass === object - end - - def convert_object(object) - object.map(&YamlVariables.method(:convert_key_value_to_string)) - end + private def convert_key_value_to_string(variable) variable[:key] = variable[:key].to_s diff --git a/spec/lib/gitlab/serialize/yaml_variables_spec.rb b/spec/lib/gitlab/serialize/yaml_variables_spec.rb index 41aea95dfdb..6d74f8c44d6 100644 --- a/spec/lib/gitlab/serialize/yaml_variables_spec.rb +++ b/spec/lib/gitlab/serialize/yaml_variables_spec.rb @@ -16,25 +16,4 @@ describe Gitlab::Serialize::YamlVariables do { key: 'key', value: 'value', public: true }, { key: 'wee', value: '1', public: false }]) end - - context 'with a subclass of Array' do - let(:object) do - Kaminari::PaginatableArray.new << 'I am evil' - end - - it 'ignores it' do - is_expected.to eq([]) - end - end - - context 'with the array containing subclasses of Hash' do - let(:object) do - [ActiveSupport::OrderedOptions.new( - key: 'key', value: 'value', public: true)] - end - - it 'ignores it' do - is_expected.to eq([]) - end - end end