lib/chamber/file.rb in chamber-3.0.0rc1 vs lib/chamber/file.rb in chamber-3.0.0rc2
- old
+ new
@@ -2,20 +2,17 @@
require 'pathname'
require 'yaml'
require 'erb'
require 'chamber/files/signature'
-require 'chamber/refinements/hash'
###
# Internal: Represents a single file containing settings information in a given
# file set.
#
module Chamber
class File < Pathname
- using ::Chamber::Refinements::Hash
-
attr_accessor :namespaces,
:decryption_keys,
:encryption_keys,
:signature_name
@@ -142,13 +139,27 @@
@secure_prefix_pattern ||= Regexp.escape(secure_prefix)
end
def file_contents_hash
file_contents = read
- erb_result = ERB.new(file_contents).result
+ erb_result = ::ERB.new(file_contents).result
- (YAML.load(erb_result) || {}).deep_transform_keys(&:to_s)
- rescue Errno::ENOENT
+ ::YAML.safe_load(erb_result,
+ aliases: true,
+ permitted_classes: [
+ ::Date,
+ ::Time,
+ ::Regexp,
+ ]) || {}
+ rescue ::Psych::DisallowedClass => error
+ raise ::Chamber::Errors::DisallowedClass, <<~HEREDOC
+ #{error.message}
+
+ You attempted to load a class instance via your Chamber settings that is not allowed.
+
+ See https://github.com/thekompanee/chamber/wiki/Upgrading-To-Chamber-3.0#limiting-complex-classes for full details.
+ HEREDOC
+ rescue ::Errno::ENOENT
{}
end
end
end