diff options
-rw-r--r-- | ext/psych/lib/psych.rb | 24 | ||||
-rw-r--r-- | lib/rubygems/safe_yaml.rb | 10 | ||||
-rw-r--r-- | test/psych/test_safe_load.rb | 40 |
3 files changed, 37 insertions, 37 deletions
diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb index 6ca5724d2d..5b24ebf091 100644 --- a/ext/psych/lib/psych.rb +++ b/ext/psych/lib/psych.rb @@ -294,10 +294,10 @@ module Psych # * Hash # # Recursive data structures are not allowed by default. Arbitrary classes - # can be allowed by adding those classes to the +whitelist_classes+ keyword argument. They are + # can be allowed by adding those classes to the +permitted_classes+ keyword argument. They are # additive. For example, to allow Date deserialization: # - # Psych.safe_load(yaml, whitelist_classes: [Date]) + # Psych.safe_load(yaml, permitted_classes: [Date]) # # Now the Date class can be loaded in addition to the classes listed above. # @@ -311,7 +311,7 @@ module Psych # Psych.safe_load yaml, aliases: true # => loads the aliases # # A Psych::DisallowedClass exception will be raised if the yaml contains a - # class that isn't in the whitelist. + # class that isn't in the +permitted_classes+ list. # # A Psych::BadAlias exception will be raised if the yaml contains aliases # but the +aliases+ keyword argument is set to false. @@ -325,15 +325,15 @@ module Psych # Psych.safe_load("---\n foo: bar") # => {"foo"=>"bar"} # Psych.safe_load("---\n foo: bar", symbolize_names: true) # => {:foo=>"bar"} # - def self.safe_load yaml, legacy_whitelist_classes = NOT_GIVEN, legacy_whitelist_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, whitelist_classes: [], whitelist_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false - if legacy_whitelist_classes != NOT_GIVEN - warn 'warning: Passing whitelist_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_classes: ...) instead.' - whitelist_classes = legacy_whitelist_classes + def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false + if legacy_permitted_classes != NOT_GIVEN + warn 'warning: Passing permitted_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_classes: ...) instead.' + permitted_classes = legacy_permitted_classes end - if legacy_whitelist_symbols != NOT_GIVEN - warn 'warning: Passing whitelist_symbols with the 3rd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, whitelist_symbols: ...) instead.' - whitelist_symbols = legacy_whitelist_symbols + if legacy_permitted_symbols != NOT_GIVEN + warn 'warning: Passing permitted_symbols with the 3rd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_symbols: ...) instead.' + permitted_symbols = legacy_permitted_symbols end if legacy_aliases != NOT_GIVEN @@ -349,8 +349,8 @@ module Psych result = parse(yaml, filename: filename) return fallback unless result - class_loader = ClassLoader::Restricted.new(whitelist_classes.map(&:to_s), - whitelist_symbols.map(&:to_s)) + class_loader = ClassLoader::Restricted.new(permitted_classes.map(&:to_s), + permitted_symbols.map(&:to_s)) scanner = ScalarScanner.new class_loader visitor = if aliases Visitors::ToRuby.new scanner, class_loader diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb index d610889995..f3313b33e8 100644 --- a/lib/rubygems/safe_yaml.rb +++ b/lib/rubygems/safe_yaml.rb @@ -7,7 +7,7 @@ module Gem # Psych.safe_load module SafeYAML - WHITELISTED_CLASSES = %w( + PERMITTED_CLASSES = %w( Symbol Time Date @@ -21,7 +21,7 @@ module Gem Syck::DefaultKey ).freeze - WHITELISTED_SYMBOLS = %w( + PERMITTED_SYMBOLS = %w( development runtime ).freeze @@ -29,15 +29,15 @@ module Gem if ::YAML.respond_to? :safe_load def self.safe_load input if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1') - ::YAML.safe_load(input, whitelist_classes: WHITELISTED_CLASSES, whitelist_symbols: WHITELISTED_SYMBOLS, aliases: true) + ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true) else - ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true) + ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true) end end def self.load input if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1') - ::YAML.safe_load(input, whitelist_classes: [::Symbol]) + ::YAML.safe_load(input, permitted_classes: [::Symbol]) else ::YAML.safe_load(input, [::Symbol]) end diff --git a/test/psych/test_safe_load.rb b/test/psych/test_safe_load.rb index 6c7a8d0f5a..e3972712fc 100644 --- a/test/psych/test_safe_load.rb +++ b/test/psych/test_safe_load.rb @@ -30,12 +30,12 @@ module Psych def test_explicit_recursion x = [] x << x - assert_equal(x, Psych.safe_load(Psych.dump(x), whitelist_classes: [], whitelist_symbols: [], aliases: true)) + assert_equal(x, Psych.safe_load(Psych.dump(x), permitted_classes: [], permitted_symbols: [], aliases: true)) # deprecated interface assert_equal(x, Psych.safe_load(Psych.dump(x), [], [], true)) end - def test_symbol_whitelist + def test_permitted_symbol yml = Psych.dump :foo assert_raises(Psych::DisallowedClass) do Psych.safe_load yml @@ -44,8 +44,8 @@ module Psych :foo, Psych.safe_load( yml, - whitelist_classes: [Symbol], - whitelist_symbols: [:foo] + permitted_classes: [Symbol], + permitted_symbols: [:foo] ) ) @@ -58,7 +58,7 @@ module Psych assert_safe_cycle :foo end assert_raises(Psych::DisallowedClass) do - Psych.safe_load '--- !ruby/symbol foo', whitelist_classes: [] + Psych.safe_load '--- !ruby/symbol foo', permitted_classes: [] end # deprecated interface @@ -66,9 +66,9 @@ module Psych Psych.safe_load '--- !ruby/symbol foo', [] end - assert_safe_cycle :foo, whitelist_classes: [Symbol] - assert_safe_cycle :foo, whitelist_classes: %w{ Symbol } - assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', whitelist_classes: [Symbol]) + assert_safe_cycle :foo, permitted_classes: [Symbol] + assert_safe_cycle :foo, permitted_classes: %w{ Symbol } + assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', permitted_classes: [Symbol]) # deprecated interface assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', [Symbol]) @@ -76,7 +76,7 @@ module Psych def test_foo assert_raises(Psych::DisallowedClass) do - Psych.safe_load '--- !ruby/object:Foo {}', whitelist_classes: [Foo] + Psych.safe_load '--- !ruby/object:Foo {}', permitted_classes: [Foo] end # deprecated interface @@ -87,7 +87,7 @@ module Psych assert_raises(Psych::DisallowedClass) do assert_safe_cycle Foo.new end - assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), whitelist_classes: [Foo])) + assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), permitted_classes: [Foo])) # deprecated interface assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), [Foo])) @@ -95,27 +95,27 @@ module Psych X = Struct.new(:x) def test_struct_depends_on_sym - assert_safe_cycle(X.new, whitelist_classes: [X, Symbol]) + assert_safe_cycle(X.new, permitted_classes: [X, Symbol]) assert_raises(Psych::DisallowedClass) do - cycle X.new, whitelist_classes: [X] + cycle X.new, permitted_classes: [X] end end def test_anon_struct - assert Psych.safe_load(<<-eoyml, whitelist_classes: [Struct, Symbol]) + assert Psych.safe_load(<<-eoyml, permitted_classes: [Struct, Symbol]) --- !ruby/struct foo: bar eoyml assert_raises(Psych::DisallowedClass) do - Psych.safe_load(<<-eoyml, whitelist_classes: [Struct]) + Psych.safe_load(<<-eoyml, permitted_classes: [Struct]) --- !ruby/struct foo: bar eoyml end assert_raises(Psych::DisallowedClass) do - Psych.safe_load(<<-eoyml, whitelist_classes: [Symbol]) + Psych.safe_load(<<-eoyml, permitted_classes: [Symbol]) --- !ruby/struct foo: bar eoyml @@ -157,14 +157,14 @@ module Psych private - def cycle object, whitelist_classes: [] - Psych.safe_load(Psych.dump(object), whitelist_classes: whitelist_classes) + def cycle object, permitted_classes: [] + Psych.safe_load(Psych.dump(object), permitted_classes: permitted_classes) # deprecated interface test - Psych.safe_load(Psych.dump(object), whitelist_classes) + Psych.safe_load(Psych.dump(object), permitted_classes) end - def assert_safe_cycle object, whitelist_classes: [] - other = cycle object, whitelist_classes: whitelist_classes + def assert_safe_cycle object, permitted_classes: [] + other = cycle object, permitted_classes: permitted_classes assert_equal object, other end end |