| blob | a9ed73752816d2b5a99d498f655677003d0c2e05 |
1 # frozen_string_literal: true
2 require 'psych/helper'
4 module Psych
5 class TestSafeLoad < TestCase
6 def setup
7 @orig_verbose, $VERBOSE = $VERBOSE, nil
8 end
10 def teardown
11 $VERBOSE = @orig_verbose
12 end
14 class Foo; end
16 [1, 2.2, {}, [], "foo"].each do |obj|
17 define_method(:"test_basic_#{obj.class}") do
18 assert_safe_cycle obj
19 end
20 end
22 def test_raises_when_alias_found_if_alias_parsing_not_enabled
23 yaml_with_aliases = <<~YAML
24 ---
25 a: &ABC
26 k1: v1
27 k2: v2
28 b: *ABC
29 YAML
31 assert_raise(Psych::AliasesNotEnabled) do
32 Psych.safe_load(yaml_with_aliases)
33 end
34 end
36 def test_aliases_are_parsed_when_alias_parsing_is_enabled
37 yaml_with_aliases = <<~YAML
38 ---
39 a: &ABC
40 k1: v1
41 k2: v2
42 b: *ABC
43 YAML
45 result = Psych.safe_load(yaml_with_aliases, aliases: true)
46 assert_same result.fetch("a"), result.fetch("b")
47 end
49 def test_permitted_symbol
50 yml = Psych.dump :foo
51 assert_raise(Psych::DisallowedClass) do
52 Psych.safe_load yml
53 end
54 assert_equal(
55 :foo,
56 Psych.safe_load(
57 yml,
58 permitted_classes: [Symbol],
59 permitted_symbols: [:foo]
60 )
61 )
62 end
64 def test_symbol
65 assert_raise(Psych::DisallowedClass) do
66 assert_safe_cycle :foo
67 end
68 assert_raise(Psych::DisallowedClass) do
69 Psych.safe_load '--- !ruby/symbol foo', permitted_classes: []
70 end
72 assert_safe_cycle :foo, permitted_classes: [Symbol]
73 assert_safe_cycle :foo, permitted_classes: %w{ Symbol }
74 assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', permitted_classes: [Symbol])
75 end
77 def test_foo
78 assert_raise(Psych::DisallowedClass) do
79 Psych.safe_load '--- !ruby/object:Foo {}', permitted_classes: [Foo]
80 end
82 assert_raise(Psych::DisallowedClass) do
83 assert_safe_cycle Foo.new
84 end
85 assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), permitted_classes: [Foo]))
86 end
88 X = Struct.new(:x)
89 def test_struct_depends_on_sym
90 assert_safe_cycle(X.new, permitted_classes: [X, Symbol])
91 assert_raise(Psych::DisallowedClass) do
92 cycle X.new, permitted_classes: [X]
93 end
94 end
96 def test_anon_struct
97 assert Psych.safe_load(<<-eoyml, permitted_classes: [Struct, Symbol])
98 --- !ruby/struct
99 foo: bar
100 eoyml
102 assert_raise(Psych::DisallowedClass) do
103 Psych.safe_load(<<-eoyml, permitted_classes: [Struct])
104 --- !ruby/struct
105 foo: bar
106 eoyml
107 end
109 assert_raise(Psych::DisallowedClass) do
110 Psych.safe_load(<<-eoyml, permitted_classes: [Symbol])
111 --- !ruby/struct
112 foo: bar
113 eoyml
114 end
115 end
117 def test_safe_load_default_fallback
118 assert_nil Psych.safe_load("")
119 end
121 def test_safe_load
122 assert_equal %w[a b], Psych.safe_load("- a\n- b")
123 end
125 def test_safe_load_raises_on_bad_input
126 assert_raise(Psych::SyntaxError) { Psych.safe_load("--- `") }
127 end
129 private
131 def cycle object, permitted_classes: []
132 Psych.safe_load(Psych.dump(object), permitted_classes: permitted_classes)
133 end
135 def assert_safe_cycle object, permitted_classes: []
136 other = cycle object, permitted_classes: permitted_classes
137 assert_equal object, other
138 end
139 end
140 end