Allow options on Mash.load (#474)

`Mash.load` uses the Ruby standard library to load Yaml-serialized files into a Mash. The original implementation used `YAML.load` for this purpose. However, that method is inherently unsafe so we switched to using `YAML.safe_load`. Safely loading Yaml files has many different domain-specific configuration flags that we did not, by default, expose. This change introduces the ability to configure the safe loading of Yaml files so that all types of Yaml can be loaded when necessary using the flags from the standard library. This implementation preserves the backwards-compatibility with the prior implementation so that it should not require updates from users of the current `Mash.load` behavior. For those who this change affects, we included upgrading documentation to ease the transition.
2019-03-22 15:04:22 -04:00 · 2019-03-22 15:04:22 -04:00 · 30ab2a3cb0
parent dc64b1024c
commit 30ab2a3cb0
9 changed files with 102 additions and 15 deletions
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2018-09-30 14:46:03 -0500 using RuboCop version 0.52.1.
+# on 2019-03-22 11:21:24 -0400 using RuboCop version 0.52.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@ -19,7 +19,7 @@ Metrics/ClassLength:
 Metrics/CyclomaticComplexity:
  Max: 11
-# Offense count: 17
+# Offense count: 19
 # Configuration parameters: CountComments.
 Metrics/MethodLength:
  Max: 28
@ -28,6 +28,6 @@ Metrics/MethodLength:
 Metrics/PerceivedComplexity:
  Max: 10
-# Offense count: 37
+# Offense count: 39
 Style/Documentation:
  Enabled: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ scheme are considered to be bugs.
 ### Added
 * [#323](https://github.com/intridea/hashie/pull/323): Added `Hashie::Extensions::Mash::DefineAccessors` - [@marshall-lee](https://github.com/marshall-lee).
 * [#474](https://github.com/intridea/hashie/pull/474): Expose `YAML#safe_load` options in `Mash#load` - [@riouruma](https://github.com/riouruma), [@dblock](https://github.com/dblock).
 ### Changed
--- a/README.md
+++ b/README.md
@ -566,7 +566,7 @@ Twitter.extend mash.to_module # NOTE: if you want another name than settings, ca
 Twitter.settings.api_key # => 'abcd'
 ```
-You can use another parser (by default: YamlErbParser):
+You can use another parser (by default: [YamlErbParser](lib/hashie/extensions/parsers/yaml_erb_parser.rb)):
 ```
 #/etc/data/user.csv
@ -582,6 +582,14 @@ mash = Mash.load('data/user.csv', parser: MyCustomCsvParser)
 mash[1] #=> { name: 'John', lastname: 'Doe' }
 ```
 The `Mash#load` method calls `YAML.safe_load(path, [], [], true)`.
 Specify `whitelist_symbols`, `whitelist_classes` and `aliases` options as needed.
 ```ruby
 Mash.load('data/user.csv', whitelist_classes: [Symbol], whitelist_symbols: [], aliases: false)
 ```
 ### Mash Extension: KeepOriginalKeys
 This extension can be mixed into a Mash to keep the form of any keys passed directly into the Mash. By default, Mash converts keys to strings to give indifferent access. This extension still allows indifferent access, but keeps the form of the keys to eliminate confusion when you're not expecting the keys to change.
--- a/UPGRADING.md
+++ b/UPGRADING.md
@ -1,6 +1,41 @@
 Upgrading Hashie
 ================
 ### Upgrading to 3.7.0
 #### Mash#load takes options
 The `Hashie::Mash#load` method now accepts options, changing the interface of `Parser#initialize`. If you have a custom parser, you must update its `initialize` method.
 For example, `Hashie::Extensions::Parsers::YamlErbParser` now accepts `whitelist_classes`, `whitelist_symbols` and `aliases` options.
 Before:
 ```ruby
 class Hashie::Extensions::Parsers::YamlErbParser
  def initialize(file_path)
    @file_path = file_path
  end
 end
 ```
 After:
 ```ruby
 class Hashie::Extensions::Parsers::YamlErbParser
  def initialize(file_path, options = {})
    @file_path = file_path
    @options = options
  end
 end
 ```
 Options can now be passed into `Mash#load`.
 ```ruby
 Mash.load(filename, whitelist_classes: [])
 ```
 ### Upgrading to 3.5.2
 #### Disable logging in Mash subclasses
--- a/lib/hashie/extensions/parsers/yaml_erb_parser.rb
+++ b/lib/hashie/extensions/parsers/yaml_erb_parser.rb
@ -6,19 +6,23 @@ module Hashie
  module Extensions
    module Parsers
      class YamlErbParser
-        def initialize(file_path)
+        def initialize(file_path, options = {})
          @content = File.read(file_path)
          @file_path = file_path.is_a?(Pathname) ? file_path.to_s : file_path
          @options = options
        end
        def perform
          template = ERB.new(@content)
          template.filename = @file_path
-          YAML.safe_load template.result, [], [], true
+          whitelist_classes = @options.fetch(:whitelist_classes) { [] }
          whitelist_symbols = @options.fetch(:whitelist_symbols) { [] }
          aliases = @options.fetch(:aliases) { true }
          YAML.safe_load template.result, whitelist_classes, whitelist_symbols, aliases
        end
-        def self.perform(file_path)
+        def self.perform(file_path, options = {})
-          new(file_path).perform
+          new(file_path, options).perform
        end
      end
    end
--- a/lib/hashie/mash.rb
+++ b/lib/hashie/mash.rb
@ -107,7 +107,7 @@ module Hashie
      raise ArgumentError, "The following file doesn't exist: #{path}" unless File.file?(path)
      parser = options.fetch(:parser) { Hashie::Extensions::Parsers::YamlErbParser }
-      @_mashes[path] = new(parser.perform(path)).freeze
+      @_mashes[path] = new(parser.perform(path, options.except(:parser))).freeze
    end
    def to_module(mash_method_name = :settings)
--- a/lib/hashie/version.rb
+++ b/lib/hashie/version.rb
@ -1,3 +1,3 @@
 module Hashie
-  VERSION = '3.6.1'.freeze
+  VERSION = '3.7.0'.freeze
 end
--- a/spec/fixtures/yaml_with_symbols.yml
+++ b/spec/fixtures/yaml_with_symbols.yml
@ -0,0 +1,3 @@
 :user_icon:
  :width: 200
  :height: 200
--- a/spec/hashie/mash_spec.rb
+++ b/spec/hashie/mash_spec.rb
@ -645,7 +645,7 @@ describe Hashie::Mash do
    context 'if the file exists' do
      before do
        expect(File).to receive(:file?).with(path).and_return(true)
-        expect(parser).to receive(:perform).with(path).and_return(config)
+        expect(parser).to receive(:perform).with(path, {}).and_return(config)
      end
      it { is_expected.to be_a(Hashie::Mash) }
@ -677,7 +677,7 @@ describe Hashie::Mash do
      before do
        expect(File).to receive(:file?).with(path).and_return(true)
-        expect(parser).to receive(:perform).with(path).and_return(config)
+        expect(parser).to receive(:perform).with(path, {}).and_return(config)
      end
      it 'return a Mash from a file' do
@ -693,8 +693,8 @@ describe Hashie::Mash do
      before do
        expect(File).to receive(:file?).with(path).and_return(true)
        expect(File).to receive(:file?).with("#{path}+1").and_return(true)
-        expect(parser).to receive(:perform).once.with(path).and_return(config)
+        expect(parser).to receive(:perform).once.with(path, {}).and_return(config)
-        expect(parser).to receive(:perform).once.with("#{path}+1").and_return(config)
+        expect(parser).to receive(:perform).once.with("#{path}+1", {}).and_return(config)
      end
      it 'cache the loaded yml file', :test_cache do
@ -710,9 +710,45 @@ describe Hashie::Mash do
    context 'when the file has aliases in it' do
      it 'can use the aliases and does not raise an error' do
        mash = Hashie::Mash.load('spec/fixtures/yaml_with_aliases.yml')
        expect(mash.company_a.accounts.admin.password).to eq('secret')
      end
      it 'can override the value of aliases' do
        expect do
          Hashie::Mash.load('spec/fixtures/yaml_with_aliases.yml', aliases: false)
        end.to raise_error Psych::BadAlias, /base_accounts/
      end
    end
    context 'when the file has symbols' do
      it 'can override the value of whitelist_classes' do
        mash = Hashie::Mash.load('spec/fixtures/yaml_with_symbols.yml', whitelist_classes: [Symbol])
        expect(mash.user_icon.width).to eq(200)
      end
      it 'uses defaults for whitelist_classes' do
        expect do
          Hashie::Mash.load('spec/fixtures/yaml_with_symbols.yml')
        end.to raise_error Psych::DisallowedClass, /Symbol/
      end
      it 'can override the value of whitelist_symbols' do
        mash = Hashie::Mash.load('spec/fixtures/yaml_with_symbols.yml',
                                 whitelist_classes: [Symbol],
                                 whitelist_symbols: %i[
                                   user_icon
                                   width
                                   height
                                 ])
        expect(mash.user_icon.width).to eq(200)
      end
      it 'raises an error on insufficient whitelist_symbols' do
        expect do
          Hashie::Mash.load('spec/fixtures/yaml_with_symbols.yml',
                            whitelist_classes: [Symbol],
                            whitelist_symbols: %i[
                              user_icon
                              width
                            ])
        end.to raise_error Psych::DisallowedClass, /Symbol/
      end
    end
  end