lib/pdk/validate/yaml/syntax.rb in pdk-1.9.0 vs lib/pdk/validate/yaml/syntax.rb in pdk-1.9.1
- old
+ new
@@ -7,10 +7,11 @@
module PDK
module Validate
class YAML
class Syntax < BaseValidator
IGNORE_DOTFILES = false
+ YAML_WHITELISTED_CLASSES = [Symbol].freeze
def self.name
'yaml-syntax'
end
@@ -60,10 +61,12 @@
return_val = 0
create_spinner(targets, options)
targets.each do |target|
+ next unless File.file?(target)
+
unless File.readable?(target)
report.add_event(
file: target,
source: name,
state: :failure,
@@ -73,11 +76,11 @@
return_val = 1
next
end
begin
- ::YAML.safe_load(File.read(target), [], [], true)
+ ::YAML.safe_load(File.read(target), YAML_WHITELISTED_CLASSES, [], true)
report.add_event(
file: target,
source: name,
state: :passed,
@@ -92,9 +95,20 @@
line: e.line,
column: e.column,
message: _('%{problem} %{context}') % {
problem: e.problem,
context: e.context,
+ },
+ )
+ return_val = 1
+ rescue Psych::DisallowedClass => e
+ report.add_event(
+ file: target,
+ source: name,
+ state: :failure,
+ severity: 'error',
+ message: _('Unsupported class: %{message}') % {
+ message: e.message,
},
)
return_val = 1
end
end