1module Gem 2 3 ### 4 # This module is used for safely loading YAML specs from a gem. The 5 # `safe_load` method defined on this module is specifically designed for 6 # loading Gem specifications. For loading other YAML safely, please see 7 # Psych.safe_load 8 9 module SafeYAML 10 PERMITTED_CLASSES = %w( 11 Symbol 12 Time 13 Date 14 Gem::Dependency 15 Gem::Platform 16 Gem::Requirement 17 Gem::Specification 18 Gem::Version 19 Gem::Version::Requirement 20 YAML::Syck::DefaultKey 21 Syck::DefaultKey 22 ).freeze 23 24 PERMITTED_SYMBOLS = %w( 25 development 26 runtime 27 ).freeze 28 29 if ::YAML.respond_to? :safe_load 30 def self.safe_load(input) 31 if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1') 32 ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true) 33 else 34 ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true) 35 end 36 end 37 38 def self.load(input) 39 if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1') 40 ::YAML.safe_load(input, permitted_classes: [::Symbol]) 41 else 42 ::YAML.safe_load(input, [::Symbol]) 43 end 44 end 45 else 46 unless Gem::Deprecate.skip 47 warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)." 48 end 49 50 def self.safe_load(input, *args) 51 ::YAML.load input 52 end 53 54 def self.load(input) 55 ::YAML.load input 56 end 57 end 58 end 59end 60