Sha256: db30c3a61185f469ef8f945cfd850f86ba894d6eac88ad819482fac500f29b0e
Contents?: true
Size: 1.53 KB
Versions: 4
Compression:
Stored size: 1.53 KB
Contents
require File.join(File.dirname(__FILE__), "spec_helper")
require "safe_yaml"
require "exploitable_back_door"
describe YAML do
before :each do
ExploitableBackDoor.reset
end
describe "load" do
if RUBY_VERSION >= "1.9.3"
it "allows exploits through objects defined in YAML w/ !ruby/hash" do
YAML.load "--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n"
ExploitableBackDoor.should be_exploited
end
end
it "allows exploits through objects defined in YAML w/ !ruby/object" do
YAML.load "--- !ruby/object:ExploitableBackDoor\nfoo: bar\n"
ExploitableBackDoor.should be_exploited
end
end
describe "safe_load" do
it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
YAML.safe_load "--- !ruby/object:ExploitableBackDoor\nfoo: bar\n"
ExploitableBackDoor.should_not be_exploited
end
it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
YAML.safe_load "--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n"
ExploitableBackDoor.should_not be_exploited
end
it "loads a plain ol' YAML document just fine" do
result = YAML.safe_load <<-YAML.unindent
foo:
number: 1
string: Hello, there!
symbol: :blah
sequence:
- hi
- bye
YAML
result.should == {
"foo" => {
"number" => 1,
"string" => "Hello, there!",
"symbol" => :blah,
"sequence" => ["hi", "bye"]
}
}
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems
| Version | Path |
|---|---|
| safe_yaml-0.2.2 | spec/safe_yaml_spec.rb |
| safe_yaml-0.2.1 | spec/safe_yaml_spec.rb |
| safe_yaml-0.2 | spec/safe_yaml_spec.rb |
| safe_yaml-0.1 | spec/safe_yaml_spec.rb |