Sha256: fac22dabdbf24f8051727a740e582712d39f1105adfda3354f995d8bece3e077
Contents?: true
Size: 1.64 KB
Versions: 8
Compression:
Stored size: 1.64 KB
Contents
# frozen_string_literal: true # # Copyright (c) 2020-present, Blue Marble Payroll, LLC # # This source code is licensed under the MIT license found in the # LICENSE file in the root directory of this source tree. # module Burner module Library module Deserialize # Take a YAML string and deserialize into object(s). It uses YAML#safe_load by default, # which ensures only a limited number of Ruby object constants can be hydrated by the # YAML. If you wish to ease this restriction, for example if you have custom serialization # for custom classes, then you can pass in safe: false. # # Expected Payload[register] input: string of YAML data. # Payload[register]output: anything as specified by the YAML de-serializer. class Yaml < JobWithRegister attr_reader :safe def initialize(name: '', register: DEFAULT_REGISTER, safe: true) super(name: name, register: register) @safe = safe freeze end # The YAML cop was disabled because the consumer may want to actually load unsafe # YAML, which can load pretty much any type of class instead of putting the loader # in a sandbox. By default, though, we will try and drive them towards using it # in the safer alternative. # rubocop:disable Security/YAMLLoad def perform(output, payload) output.detail('Warning: loading YAML not using safe_load.') unless safe value = payload[register] payload[register] = safe ? YAML.safe_load(value) : YAML.load(value) end # rubocop:enable Security/YAMLLoad end end end end
Version data entries
8 entries across 8 versions & 1 rubygems