summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Patterson <tenderlove@ruby-lang.org>2021-05-10 09:50:06 -0700
committerAaron Patterson <tenderlove@ruby-lang.org>2021-05-13 10:52:52 -0700
commit176494297f3f124467a6e3f1c9e6400ee742d663 (patch)
treeff4c8d6aeacffe85ce5934684432de4ecff2f5ab
parent4de7e9c879ae042d0c25d6ade6274d593c4cc5bb (diff)
downloadpsych-176494297f3f124467a6e3f1c9e6400ee742d663.zip
Use Psych.safe_load by default
Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load.
-rw-r--r--lib/psych.rb53
1 files changed, 47 insertions, 6 deletions
diff --git a/lib/psych.rb b/lib/psych.rb
index 34d2218..c68952e 100644
--- a/lib/psych.rb
+++ b/lib/psych.rb
@@ -249,11 +249,11 @@ module Psych
#
# Example:
#
- # Psych.load("--- a") # => 'a'
- # Psych.load("---\n - a\n - b") # => ['a', 'b']
+ # Psych.unsafe_load("--- a") # => 'a'
+ # Psych.unsafe_load("---\n - a\n - b") # => ['a', 'b']
#
# begin
- # Psych.load("--- `", filename: "file.txt")
+ # Psych.unsafe_load("--- `", filename: "file.txt")
# rescue Psych::SyntaxError => ex
# ex.file # => 'file.txt'
# ex.message # => "(file.txt): found character that cannot start any token"
@@ -262,14 +262,14 @@ module Psych
# When the optional +symbolize_names+ keyword argument is set to a
# true value, returns symbols for keys in Hash objects (default: strings).
#
- # Psych.load("---\n foo: bar") # => {"foo"=>"bar"}
- # Psych.load("---\n foo: bar", symbolize_names: true) # => {:foo=>"bar"}
+ # Psych.unsafe_load("---\n foo: bar") # => {"foo"=>"bar"}
+ # Psych.unsafe_load("---\n foo: bar", symbolize_names: true) # => {:foo=>"bar"}
#
# Raises a TypeError when `yaml` parameter is NilClass
#
# NOTE: This method *should not* be used to parse untrusted documents, such as
# YAML documents that are supplied via user input. Instead, please use the
- # safe_load method.
+ # load method or the safe_load method.
#
def self.unsafe_load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false, freeze: false
if legacy_filename != NOT_GIVEN
@@ -364,6 +364,46 @@ module Psych
end
###
+ # Load +yaml+ in to a Ruby data structure. If multiple documents are
+ # provided, the object contained in the first document will be returned.
+ # +filename+ will be used in the exception message if any exception
+ # is raised while parsing. If +yaml+ is empty, it returns
+ # the specified +fallback+ return value, which defaults to +false+.
+ #
+ # Raises a Psych::SyntaxError when a YAML syntax error is detected.
+ #
+ # Example:
+ #
+ # Psych.load("--- a") # => 'a'
+ # Psych.load("---\n - a\n - b") # => ['a', 'b']
+ #
+ # begin
+ # Psych.load("--- `", filename: "file.txt")
+ # rescue Psych::SyntaxError => ex
+ # ex.file # => 'file.txt'
+ # ex.message # => "(file.txt): found character that cannot start any token"
+ # end
+ #
+ # When the optional +symbolize_names+ keyword argument is set to a
+ # true value, returns symbols for keys in Hash objects (default: strings).
+ #
+ # Psych.load("---\n foo: bar") # => {"foo"=>"bar"}
+ # Psych.load("---\n foo: bar", symbolize_names: true) # => {:foo=>"bar"}
+ #
+ # Raises a TypeError when `yaml` parameter is NilClass. This method is
+ # similar to `safe_load` except that `Symbol` objects are allowed by default.
+ #
+ def self.load yaml, permitted_classes: [Symbol], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false
+ safe_load yaml, permitted_classes: permitted_classes,
+ permitted_symbols: permitted_symbols,
+ aliases: aliases,
+ filename: filename,
+ fallback: fallback,
+ symbolize_names: symbolize_names,
+ freeze: freeze
+ end
+
+ ###
# Parse a YAML string in +yaml+. Returns the Psych::Nodes::Document.
# +filename+ is used in the exception message if a Psych::SyntaxError is
# raised.
@@ -595,6 +635,7 @@ module Psych
self.safe_load f, filename: filename, **kwargs
}
end
+ class << self; alias load_file safe_load_file end
# :stopdoc:
def self.add_domain_type domain, type_tag, &block