ruby-changes:27025
From: jeg2 <ko1@a...>
Date: Wed, 6 Feb 2013 03:37:44 +0900 (JST)
Subject: [ruby-changes:27025] jeg2:r39077 (trunk): * lib/csv.rb: Remove the dangerous serialization feature.
jeg2 2013-02-06 03:28:26 +0900 (Wed, 06 Feb 2013) New Revision: 39077 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=39077 Log: * lib/csv.rb: Remove the dangerous serialization feature. Removed files: trunk/test/csv/test_serialization.rb Modified files: trunk/ChangeLog trunk/lib/csv.rb trunk/test/csv/ts_all.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 39076) +++ ChangeLog (revision 39077) @@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Feb 6 03:27:19 2013 James Edward Gray II <james@g...> + + * lib/csv.rb: Remove the dangerous serialization feature. + Wed Feb 6 00:56:00 2013 Zachary Scott <zachary@z...> * lib/irb.rb: Remove example from restrictions, it works [Github #246] @@ -4633,7 +4637,7 @@ Thu Nov 29 15:10:45 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L4637 * test/minitest/test_minitest_unit.rb: restore orig_verbose only if it is set. This broke rdoc's tests. - http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20121129T050102Z.diff.html.gz + http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20121129T050102Z.diff.html.gz Thu Nov 29 14:56:30 2012 Koichi Sasada <ko1@a...> @@ -8695,7 +8699,7 @@ Fri Sep 28 17:26:27 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L8699 fails on Windows with msys bash. It makes comparing paths case-insensitive. pick from upstream to fix a failure of test-all [ruby-core:47711] - https://github.com/rubygems/rubygems/commit/c474edb2f3704206f04da1c8c6cf9fb079d84abe + https://github.com/rubygems/rubygems/commit/c474edb2f3704206f04da1c8c6cf9fb079d84abe Fri Sep 28 15:44:45 2012 Shugo Maeda <shugo@r...> @@ -10573,7 +10577,7 @@ Sun Jul 22 23:58:48 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L10577 Sat Jul 21 06:21:45 2012 NARUSE, Yui <naruse@r...> * lib/net/http.rb: fixes for r36476. [Feature #6546] - http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120720T030101Z.diff.html.gz + http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120720T030101Z.diff.html.gz * lib/net/http.rb (Net::HTTP.newobj): return back for compatibility. @@ -12225,7 +12229,7 @@ Wed Jun 13 10:20:27 2012 Nobuyoshi Naka https://github.com/ruby/ruby/blob/trunk/ChangeLog#L12229 * process.c (rb_exec_fillarg): use shell if the first word is reserved or special built-in name. - http://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html + http://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html * process.c (rb_exec_fillarg): treat '=' only in the first word. if the first word does not contain '=', it is the command name and @@ -12378,7 +12382,7 @@ Mon Jun 11 06:17:06 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L12382 * thread_pthread.c (native_cond_initialize): fix typo in r36022. this cause a failure on FreeBSD 8.2 amd64. - http://fbsd.rubyci.org/~chkbuild/ruby-trunk/log/20120610T130201Z.diff.html.gz + http://fbsd.rubyci.org/~chkbuild/ruby-trunk/log/20120610T130201Z.diff.html.gz Mon Jun 11 05:21:57 2012 Koichi Sasada <ko1@a...> @@ -12457,7 +12461,7 @@ Sun Jun 10 15:49:47 2012 Tanaka Akira https://github.com/ruby/ruby/blob/trunk/ChangeLog#L12461 Sun Jun 10 14:19:33 2012 NARUSE, Yui <naruse@r...> * configure.in: NetBSD 6 adds libexecinfo but it only works on amd64. - http://www.mail-archive.com/source-changes-full@n.../msg38729.html + http://www.mail-archive.com/source-changes-full@n.../msg38729.html Sun Jun 10 12:43:23 2012 Tanaka Akira <akr@f...> @@ -14150,7 +14154,7 @@ Tue May 8 07:44:18 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L14154 * ext/openssl/ossl_ssl.c (ossl_start_ssl): remove useless rb_sys_fail before ossl_raise. this cause a test failure on Linux. - http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz + http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz Tue May 8 05:35:18 2012 Eric Hodel <drbrain@s...> @@ -14185,13 +14189,13 @@ Tue May 8 02:34:26 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L14189 * lib/minitest/unit.rb (assert_match): refix of r35563. r35563 breaks the intention of the original change. - https://github.com/seattlerb/minitest/commit/68858105b2eb11c85105ffac5f32b662c59397f3 + https://github.com/seattlerb/minitest/commit/68858105b2eb11c85105ffac5f32b662c59397f3 * lib/minitest/unit.rb (refute_match): ditto. Mon May 7 21:19:17 2012 NARUSE, Yui <naruse@r...> * ext/json: Merge JSON 1.7.1. - https://github.com/flori/json/commit/e5b9a9465c1159fae533bca320d950b772bcb4ac + https://github.com/flori/json/commit/e5b9a9465c1159fae533bca320d950b772bcb4ac Mon May 7 22:54:22 2012 Martin Bosslet <Martin.Bosslet@g...> @@ -14483,7 +14487,7 @@ Fri Apr 27 07:15:07 2012 Tanaka Akira https://github.com/ruby/ruby/blob/trunk/ChangeLog#L14487 * ext/socket/socket.c (sock_s_pack_sockaddr_un): support the longest path in sockaddr_un, really. reported by nagachika. - http://d.hatena.ne.jp/nagachika/20120426/ruby_trunk_changes_35474_35476 + http://d.hatena.ne.jp/nagachika/20120426/ruby_trunk_changes_35474_35476 Thu Apr 26 12:28:06 2012 Tanaka Akira <akr@f...> @@ -14648,7 +14652,7 @@ Mon Apr 23 20:11:02 2012 Tanaka Akira https://github.com/ruby/ruby/blob/trunk/ChangeLog#L14652 * lib/drb/ssl.rb: generate 1024 bits RSA key instead of 512 bits. OpenSSL 1.0.1 rejects 512 bits RSA key for TLS1.2 with SHA512. - http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest + http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest reported by Bohuslav Kabrda. [ruby-core:43844] [ruby-trunk - Bug #6221] @@ -15128,7 +15132,7 @@ Sun Apr 8 22:46:01 2012 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L15132 * ext/json/generator/generator.c (generate_json_bignum): add RB_GC_GUARD. - http://fb.rubyci.org/~chkbuild/ruby-trunk/log/20120407T210301Z.diff.html.gz + http://fb.rubyci.org/~chkbuild/ruby-trunk/log/20120407T210301Z.diff.html.gz Sun Apr 8 07:26:40 2012 NARUSE, Yui <naruse@r...> @@ -21871,7 +21875,7 @@ Wed Aug 31 17:28:23 2011 Hiroshi Nakamu https://github.com/ruby/ruby/blob/trunk/ChangeLog#L21875 * variable.c (rb_autoload_load): Move RB_GC_GUARD() to proper position based on suggestion by CHIKANAGA Tomoyuki at - http://d.hatena.ne.jp/nagachika/20110826/ruby_trunk_changes_33070_33078 + http://d.hatena.ne.jp/nagachika/20110826/ruby_trunk_changes_33070_33078 * variable.c (autoload_defined_p): Fix incompatible autoload behavior that causes Rails crash. Class definition instruction defined in @@ -22074,8 +22078,8 @@ Sat Aug 27 11:18:12 2011 Hiroshi Nakamu https://github.com/ruby/ruby/blob/trunk/ChangeLog#L22078 * Revert r33078. It caused a Rails application NoMethodError. - /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/utils.rb:157: warning: toplevel constant ScanError referenced by Regin::Parser::ScanError - /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/vendor/regin/regin/parser.rb:17:in `parse_regexp': undefined method `scan_str' for #<Regin::Parser:0x00000002344548> (NoMethodError) + /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/utils.rb:157: warning: toplevel constant ScanError referenced by Regin::Parser::ScanError + /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/vendor/regin/regin/parser.rb:17:in `parse_regexp': undefined method `scan_str' for #<Regin::Parser:0x00000002344548> (NoMethodError) Sat Aug 27 08:44:58 2011 Eric Hodel <drbrain@s...> @@ -22669,7 +22673,7 @@ Sun Aug 7 00:42:55 2011 NARUSE, Yui < https://github.com/ruby/ruby/blob/trunk/ChangeLog#L22673 * ext/tk/lib/tk/wm.rb (Tk::Wm.command): Add the missing receiver before calling epath. patched by flori - https://github.com/flori/ruby/commit/aa9474d32e5f2c57f8b0e2e0c528a03f06a4d433 + https://github.com/flori/ruby/commit/aa9474d32e5f2c57f8b0e2e0c528a03f06a4d433 Sat Aug 6 07:06:34 2011 Eric Hodel <drbrain@s...> Index: lib/csv.rb =================================================================== --- lib/csv.rb (revision 39076) +++ lib/csv.rb (revision 39077) @@ -1051,133 +1051,6 @@ class CSV https://github.com/ruby/ruby/blob/trunk/lib/csv.rb#L1051 end # - # This method allows you to serialize an Array of Ruby objects to a String or - # File of CSV data. This is not as powerful as Marshal or YAML, but perhaps - # useful for spreadsheet and database interaction. - # - # Out of the box, this method is intended to work with simple data objects or - # Structs. It will serialize a list of instance variables and/or - # Struct.members(). - # - # If you need need more complicated serialization, you can control the process - # by adding methods to the class to be serialized. - # - # A class method csv_meta() is responsible for returning the first row of the - # document (as an Array). This row is considered to be a Hash of the form - # key_1,value_1,key_2,value_2,... CSV::load() expects to find a class key - # with a value of the stringified class name and CSV::dump() will create this, - # if you do not define this method. This method is only called on the first - # object of the Array. - # - # The next method you can provide is an instance method called csv_headers(). - # This method is expected to return the second line of the document (again as - # an Array), which is to be used to give each column a header. By default, - # CSV::load() will set an instance variable if the field header starts with an - # @ character or call send() passing the header as the method name and - # the field value as an argument. This method is only called on the first - # object of the Array. - # - # Finally, you can provide an instance method called csv_dump(), which will - # be passed the headers. This should return an Array of fields that can be - # serialized for this object. This method is called once for every object in - # the Array. - # - # The +io+ parameter can be used to serialize to a File, and +options+ can be - # anything CSV::new() accepts. - # - def self.dump(ary_of_objs, io = "", options = Hash.new) - obj_template = ary_of_objs.first - - csv = new(io, options) - - # write meta information - begin - csv << obj_template.class.csv_meta - rescue NoMethodError - csv << [:class, obj_template.class] - end - - # write headers - begin - headers = obj_template.csv_headers - rescue NoMethodError - headers = obj_template.instance_variables.sort - if obj_template.class.ancestors.find { |cls| cls.to_s =~ /\AStruct\b/ } - headers += obj_template.members.map { |mem| "#{mem}=" }.sort - end - end - csv << headers - - # serialize each object - ary_of_objs.each do |obj| - begin - csv << obj.csv_dump(headers) - rescue NoMethodError - csv << headers.map do |var| - if var[0] == ?@ - obj.instance_variable_get(var) - else - obj[var[0..-2]] - end - end - end - end - - if io.is_a? String - csv.string - else - csv.close - end - end - - # - # This method is the reading counterpart to CSV::dump(). See that method for - # a detailed description of the process. - # - # You can customize loading by adding a class method called csv_load() which - # will be passed a Hash of meta information, an Array of headers, and an Array - # of fields for the object the method is expected to return. - # - # Remember that all fields will be Strings after this load. If you need - # something else, use +options+ to setup converters or provide a custom - # csv_load() implementation. - # - def self.load(io_or_str, options = Hash.new) - csv = new(io_or_str, options) - - # load meta information - meta = Hash[*csv.shift] - cls = meta["class".encode(csv.encoding)].split("::".encode(csv.encoding)). - inject(Object) do |c, const| - c.const_get(const) - end - - # load headers - headers = csv.shift - - # unserialize each object stored in the file - results = csv.inject(Array.new) do |all, row| - begin - obj = cls.csv_load(meta, headers, row) - rescue NoMethodError - obj = cls.allocate - headers.zip(row) do |name, value| - if name[0] == ?@ - obj.instance_variable_set(name, value) - else - obj.send(name, value) - end - end - end - all << obj - end - - csv.close unless io_or_str.is_a? String - - results - end - - # # :call-seq: # filter( options = Hash.new ) { |row| ... } # filter( input, options = Hash.new ) { |row| ... } Index: test/csv/test_serialization.rb =================================================================== --- test/csv/test_serialization.rb (revision 39076) +++ test/csv/test_serialization.rb (revision 39077) @@ -1,158 +0,0 @@ https://github.com/ruby/ruby/blob/trunk/test/csv/test_serialization.rb#L0 -#!/usr/bin/env ruby -w -# encoding: UTF-8 - -# tc_serialization.rb -# -# Created by James Edward Gray II on 2005-10-31. -# Copyright 2005 James Edward Gray II. You can redistribute or modify this code -# under the terms of Ruby's license. - -require_relative "base" -require "tempfile" - -# An example of how to provide custom CSV serialization. -class Hash - def self.csv_load( meta, headers, fields ) - self[*headers.zip(fields).to_a.flatten.map { |e| eval(e) }] - end - - def csv_headers - keys.map { |key| key.inspect } - end - - def csv_dump( headers ) - headers.map { |header| fetch(eval(header)).inspect } - end -end - -class TestCSV::Serialization < TestCSV - extend DifferentOFS - - ### Classes Used to Test Serialization ### - - class ReadOnlyName - def initialize( first, last ) - @first, @last = first, last - end - - attr_reader :first, :last - - def ==( other ) - %w{first last}.all? { |att| send(att) == other.send(att) } - end - end - - Name = Struct.new(:first, :last) - - class FullName < Name - def initialize( first, last, suffix = nil ) - super(first, last) - - @suffix = suffix - end - - attr_accessor :suffix - - def ==( other ) - %w{first last suffix}.all? { |att| send(att) == other.send(att) } - end - end - - ### Tests ### - - def test_class_dump - @names = [ %w{James Gray}, - %w{Dana Gray}, - %w{Greg Brown} ].map do |first, last| - ReadOnlyName.new(first, last) - end - - assert_nothing_raised(Exception) do - @data = CSV.dump(@names) - end - assert_equal(<<-END_CLASS_DUMP.gsub(/^\s*/, ""), @data) - class,TestCSV::Serialization::ReadOnlyName - @first,@last - James,Gray - Dana,Gray - Greg,Brown - END_CLASS_DUMP - end - - def test_struct_dump - @names = [ %w{James Gray}, - %w{Dana Gray}, - %w{Greg Brown} ].map do |first, last| - Name.new(first, last) - end - - assert_nothing_raised(Exception) do - @data = CSV.dump(@names) - end - assert_equal(<<-END_STRUCT_DUMP.gsub(/^\s*/, ""), @data) - class,TestCSV::Serialization::Name - first=,last= - James,Gray - Dana,Gray - Greg,Brown - END_STRUCT_DUMP - end - - def test_inherited_struct_dump - @names = [ %w{James Gray II}, - %w{Dana Gray}, - %w{Greg Brown} ].map do |first, last, suffix| - FullName.new(first, last, suffix) - end - - assert_nothing_raised(Exception) do - @data = CSV.dump(@names) - end - assert_equal(<<-END_STRUCT_DUMP.gsub(/^\s*/, ""), @data) - class,TestCSV::Serialization::FullName - @suffix,first=,last= - II,James,Gray - ,Dana,Gray - ,Greg,Brown - END_STRUCT_DUMP - end - - def test_load - %w{ test_class_dump - test_struct_dump - test_inherited_struct_dump }.each do |test| - send(test) - CSV.load(@data).each do |loaded| - assert_instance_of(@names.first.class, loaded) - assert_equal(@names.shift, loaded) - end - end - end - - def test_io - test_class_dump - - tempfile = Tempfile.new(%w"serialization .csv") - tempfile.close - data_file = tempfile.path - CSV.dump(@names, File.open(data_file, "wb")) - - assert(File.exist?(data_file)) - assert_equal(<<-END_IO_DUMP.gsub(/^\s*/, ""), File.read(data_file)) - class,TestCSV::Serialization::ReadOnlyName - @first,@last - James,Gray - Dana,Gray - Greg,Brown - END_IO_DUMP - - assert_equal(@names, CSV.load(File.open(data_file))) - - tempfile.close(true) - end - - def test_custom_dump_and_load - obj = {1 => "simple", test: Hash} - assert_equal(obj, CSV.load(CSV.dump([obj])).first) - end -end Index: test/csv/ts_all.rb =================================================================== --- test/csv/ts_all.rb (revision 39076) +++ test/csv/ts_all.rb (revision 39077) @@ -17,5 +17,4 @@ require "test_data_converters" https://github.com/ruby/ruby/blob/trunk/test/csv/ts_all.rb#L17 require "test_row" require "test_table" require "test_headers" -require "test_serialization" require "test_encodings" -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/