[前][次][番号順一覧][スレッド一覧]

ruby-changes:66228

From: Yusuke <ko1@a...>
Date: Mon, 17 May 2021 12:55:04 +0900 (JST)
Subject: [ruby-changes:66228] ffdf0232ef (master): lib/rdoc/rdoc.rb: Allow only RDoc::Options in .rdoc_options

https://git.ruby-lang.org/ruby.git/commit/?id=ffdf0232ef

From ffdf0232efd4955a234955c8372885b850fcfe33 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@r...>
Date: Mon, 17 May 2021 12:50:21 +0900
Subject: lib/rdoc/rdoc.rb: Allow only RDoc::Options in .rdoc_options

Follow-up of d8fd92f62024d85271a3f1125bc6928409f912e1. Instead of using
unsafe_load blindly, RDoc::Options is only supposed to be allowed.
---
 lib/rdoc/rdoc.rb               | 5 +++--
 test/rdoc/test_rdoc_options.rb | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
index ded4db9..680a861 100644
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -162,11 +162,12 @@ class RDoc::RDoc https://github.com/ruby/ruby/blob/trunk/lib/rdoc/rdoc.rb#L162
     RDoc.load_yaml
 
     begin
-      options = YAML.unsafe_load_file '.rdoc_options'
+      options = YAML.load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
     rescue Psych::SyntaxError
+      raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
     end
 
-    return RDoc::Options.new if options == false # Allow empty file.
+    return RDoc::Options.new unless options # Allow empty file.
 
     raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
       RDoc::Options === options or Hash === options
diff --git a/test/rdoc/test_rdoc_options.rb b/test/rdoc/test_rdoc_options.rb
index a79d5df..2534c52 100644
--- a/test/rdoc/test_rdoc_options.rb
+++ b/test/rdoc/test_rdoc_options.rb
@@ -145,7 +145,7 @@ class TestRDocOptions < RDoc::TestCase https://github.com/ruby/ruby/blob/trunk/test/rdoc/test_rdoc_options.rb#L145
 
     @options.encoding = Encoding::IBM437
 
-    options = YAML.unsafe_load YAML.dump @options
+    options = YAML.load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
 
     assert_equal Encoding::IBM437, options.encoding
   end
@@ -161,7 +161,7 @@ rdoc_include: https://github.com/ruby/ruby/blob/trunk/test/rdoc/test_rdoc_options.rb#L161
 - /etc
     YAML
 
-    options = YAML.unsafe_load yaml
+    options = YAML.load(yaml, permitted_classes: [RDoc::Options, Symbol])
 
     assert_empty options.rdoc_include
     assert_empty options.static_path
@@ -749,7 +749,7 @@ rdoc_include: https://github.com/ruby/ruby/blob/trunk/test/rdoc/test_rdoc_options.rb#L749
 
       assert File.exist? '.rdoc_options'
 
-      assert_equal @options, YAML.unsafe_load(File.read('.rdoc_options'))
+      assert_equal @options, YAML.load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
     end
   end
 
-- 
cgit v1.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]