Sha256: f267da7689f83fc5bd0fb0ff65502d648d2d38c3486ac2ea97da7c7925ec713d

Contents?: true

Size: 1.62 KB

Versions: 1

Compression:

Stored size: 1.62 KB

Contents

module SafeYAML
  class Whitelist
    attr_reader :allowed

    def initialize
      reset!
    end

    def check(tag, value)
      @allowed.each do |ok, checker|
        if ok === tag
          check = check_value(ok, checker, value)
          return check if check
        end
      end
      nil
    end

    def check_value(tag, checker, value)
      if checker == true
        return :cacheable
      end

      if @cached[tag][value]
        return :cacheable
      end

      result = checker.call(value)
      if result == :cacheable
        @cached[tag][value] = true
        return :cacheable
      elsif result
        return :allowed
      else
        return nil
      end
    end

    def reset!
      @allowed = {}
      @cached = {}
      if SafeYAML::YAML_ENGINE == "psych"
        # psych doesn't tag the default types, except for binary
        add("!binary",
            "tag:yaml.org,2002:binary")
      else
        add("tag:yaml.org,2002:str",
            "tag:yaml.org,2002:int",
            "tag:yaml.org,2002:float",
            "tag:yaml.org,2002:binary",
            "tag:yaml.org,2002:merge",
            "tag:yaml.org,2002:null",
            %r{^tag:yaml.org,2002:bool#},
            %r{^tag:yaml.org,2002:float#},
            %r{^tag:yaml.org,2002:timestamp#},
            "tag:ruby.yaml.org,2002:object:YAML::Syck::BadAlias")
      end
    end

    def add(*tags, &block)
      tags.each do |tag|
        @cached[tag] = {} if block
        @allowed[tag] = block || true
      end
    end

    def remove(*tags)
      tags.each do |tag|
        @cached.delete(tag)
        @allowed.delete(tag)
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
safe_yaml-instructure-0.8.0 lib/safe_yaml/whitelist.rb