1module Gem
2
3  ###
4  # This module is used for safely loading YAML specs from a gem.  The
5  # `safe_load` method defined on this module is specifically designed for
6  # loading Gem specifications.  For loading other YAML safely, please see
7  # Psych.safe_load
8
9  module SafeYAML
10    PERMITTED_CLASSES = %w(
11      Symbol
12      Time
13      Date
14      Gem::Dependency
15      Gem::Platform
16      Gem::Requirement
17      Gem::Specification
18      Gem::Version
19      Gem::Version::Requirement
20      YAML::Syck::DefaultKey
21      Syck::DefaultKey
22    ).freeze
23
24    PERMITTED_SYMBOLS = %w(
25      development
26      runtime
27    ).freeze
28
29    if ::YAML.respond_to? :safe_load
30      def self.safe_load(input)
31        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
32          ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
33        else
34          ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
35        end
36      end
37
38      def self.load(input)
39        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
40          ::YAML.safe_load(input, permitted_classes: [::Symbol])
41        else
42          ::YAML.safe_load(input, [::Symbol])
43        end
44      end
45    else
46      unless Gem::Deprecate.skip
47        warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
48      end
49
50      def self.safe_load(input, *args)
51        ::YAML.load input
52      end
53
54      def self.load(input)
55        ::YAML.load input
56      end
57    end
58  end
59end
60