Google Git
Sign in
apache / incubator-retired-amaterasu-site / ea82bfd9edd5e1015d7640f16e2222ec6d8d34f3 / . / vendor / bundle / ruby / 2.4.0 / gems / safe_yaml-1.0.4 / spec / safe_yaml_spec.rb
blob: aa701a4534ba7dd223255444cb3ed1f73c7a83a8 [file] [log] [blame]
require "spec_helper"
describe YAML do
def safe_load_round_trip(object, options={})
yaml = object.to_yaml
if SafeYAML::YAML_ENGINE == "psych"
YAML.safe_load(yaml, nil, options)
else
YAML.safe_load(yaml, options)
end
end
before :each do
# Need to require this here (as opposed to somewhere up higher in the file)
# to ensure that safe_yaml isn't loaded and therefore YAML isn't monkey-
# patched, for tests that require only safe_yaml/load.
require "safe_yaml"
require "exploitable_back_door"
SafeYAML.restore_defaults!
end
after :each do
SafeYAML.restore_defaults!
end
describe "unsafe_load" do
if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.3"
it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
backdoor = YAML.unsafe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
expect(backdoor).to be_exploited_through_setter
end
it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
expect(backdoor).to be_exploited_through_init_with
end
end
it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
backdoor = YAML.unsafe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
expect(backdoor).to be_exploited_through_ivars
end
context "with special whitelisted tags defined" do
before :each do
SafeYAML::whitelist!(OpenStruct)
end
it "effectively ignores the whitelist (since everything is whitelisted)" do
result = YAML.unsafe_load <<-YAML.unindent
--- !ruby/object:OpenStruct
table:
:backdoor: !ruby/object:ExploitableBackDoor
foo: bar
YAML
expect(result).to be_a(OpenStruct)
expect(result.backdoor).to be_exploited_through_ivars
end
end
end
describe "safe_load" do
it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
object = YAML.safe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
expect(object).not_to be_a(ExploitableBackDoor)
end
it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
object = YAML.safe_load("--- !ruby/object:ExploitableBackDoor\nfoo: bar\n")
expect(object).not_to be_a(ExploitableBackDoor)
end
context "for YAML engine #{SafeYAML::YAML_ENGINE}" do
if SafeYAML::YAML_ENGINE == "psych"
let(:options) { nil }
let(:arguments) { ["foo: bar", nil, options] }
context "when no tags are whitelisted" do
it "constructs a SafeYAML::PsychHandler to resolve nodes as they're parsed, for optimal performance" do
expect(Psych::Parser).to receive(:new).with an_instance_of(SafeYAML::PsychHandler)
# This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
YAML.safe_load(*arguments) rescue nil
end
end
context "when whitelisted tags are specified" do
let(:options) {
{ :whitelisted_tags => ["foo"] }
}
it "instead uses Psych to construct a full tree before examining the nodes" do
expect(Psych).to receive(:parse)
# This won't work now; we just want to ensure Psych::Parser#parse was in fact called.
YAML.safe_load(*arguments) rescue nil
end
end
end
if SafeYAML::YAML_ENGINE == "syck"
it "uses Syck internally to parse YAML" do
expect(YAML).to receive(:parse).with("foo: bar")
# This won't work now; we just want to ensure YAML::parse was in fact called.
YAML.safe_load("foo: bar") rescue nil
end
end
end
it "loads a plain ol' YAML document just fine" do
result = YAML.safe_load <<-YAML.unindent
foo:
number: 1
boolean: true
nil: ~
string: Hello, there!
symbol: :blah
sequence:
- hi
- bye
YAML
expect(result).to eq({
"foo" => {
"number" => 1,
"boolean" => true,
"nil" => nil,
"string" => "Hello, there!",
"symbol" => ":blah",
"sequence" => ["hi", "bye"]
}
})
end
it "works for YAML documents with anchors and aliases" do
result = YAML.safe_load <<-YAML
- &id001 {}
- *id001
- *id001
YAML
expect(result).to eq([{}, {}, {}])
end
it "works for YAML documents with binary tagged keys" do
result = YAML.safe_load <<-YAML
? !!binary >
Zm9v
: "bar"
? !!binary >
YmFy
: "baz"
YAML
expect(result).to eq({"foo" => "bar", "bar" => "baz"})
end
it "works for YAML documents with binary tagged values" do
result = YAML.safe_load <<-YAML
"foo": !!binary >
YmFy
"bar": !!binary >
YmF6
YAML
expect(result).to eq({"foo" => "bar", "bar" => "baz"})
end
it "works for YAML documents with binary tagged array values" do
result = YAML.safe_load <<-YAML
- !binary |-
Zm9v
- !binary |-
YmFy
YAML
expect(result).to eq(["foo", "bar"])
end
it "works for YAML documents with sections" do
result = YAML.safe_load <<-YAML
mysql: &mysql
adapter: mysql
pool: 30
login: &login
username: user
password: password123
development: &development
<<: *mysql
<<: *login
host: localhost
YAML
expect(result).to eq({
"mysql" => {
"adapter" => "mysql",
"pool" => 30
},
"login" => {
"username" => "user",
"password" => "password123"
},
"development" => {
"adapter" => "mysql",
"pool" => 30,
"username" => "user",
"password" => "password123",
"host" => "localhost"
}
})
end
it "correctly prefers explicitly defined values over default values from included sections" do
# Repeating this test 100 times to increase the likelihood of running into an issue caused by
# non-deterministic hash key enumeration.
100.times do
result = YAML.safe_load <<-YAML
defaults: &defaults
foo: foo
bar: bar
baz: baz
custom:
<<: *defaults
bar: custom_bar
baz: custom_baz
YAML
expect(result["custom"]).to eq({
"foo" => "foo",
"bar" => "custom_bar",
"baz" => "custom_baz"
})
end
end
it "works with multi-level inheritance" do
result = YAML.safe_load <<-YAML
defaults: &defaults
foo: foo
bar: bar
baz: baz
custom: &custom
<<: *defaults
bar: custom_bar
baz: custom_baz
grandcustom: &grandcustom
<<: *custom
YAML
expect(result).to eq({
"defaults" => { "foo" => "foo", "bar" => "bar", "baz" => "baz" },
"custom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" },
"grandcustom" => { "foo" => "foo", "bar" => "custom_bar", "baz" => "custom_baz" }
})
end
it "returns false when parsing an empty document" do
expect([
YAML.safe_load(""),
YAML.safe_load(" "),
YAML.safe_load("\n")
]).to eq([false, false, false])
end
it "returns nil when parsing a single value representing nil" do
expect([
YAML.safe_load("~"),
YAML.safe_load("null")
]).to eq([nil, nil])
end
context "with custom initializers defined" do
before :each do
if SafeYAML::YAML_ENGINE == "psych"
SafeYAML::OPTIONS[:custom_initializers] = {
"!set" => lambda { Set.new },
"!hashiemash" => lambda { Hashie::Mash.new }
}
else
SafeYAML::OPTIONS[:custom_initializers] = {
"tag:yaml.org,2002:set" => lambda { Set.new },
"tag:yaml.org,2002:hashiemash" => lambda { Hashie::Mash.new }
}
end
end
it "will use a custom initializer to instantiate an array-like class upon deserialization" do
result = YAML.safe_load <<-YAML.unindent
--- !set
- 1
- 2
- 3
YAML
expect(result).to be_a(Set)
expect(result.to_a).to match_array([1, 2, 3])
end
it "will use a custom initializer to instantiate a hash-like class upon deserialization" do
result = YAML.safe_load <<-YAML.unindent
--- !hashiemash
foo: bar
YAML
expect(result).to be_a(Hashie::Mash)
expect(result.to_hash).to eq({ "foo" => "bar" })
end
end
context "with special whitelisted tags defined" do
before :each do
SafeYAML::whitelist!(OpenStruct)
# Necessary for deserializing OpenStructs properly.
SafeYAML::OPTIONS[:deserialize_symbols] = true
end
it "will allow objects to be deserialized for whitelisted tags" do
result = YAML.safe_load("--- !ruby/object:OpenStruct\ntable:\n foo: bar\n")
expect(result).to be_a(OpenStruct)
expect(result.instance_variable_get(:@table)).to eq({ "foo" => "bar" })
end
it "will not deserialize objects without whitelisted tags" do
result = YAML.safe_load("--- !ruby/hash:ExploitableBackDoor\nfoo: bar\n")
expect(result).not_to be_a(ExploitableBackDoor)
expect(result).to eq({ "foo" => "bar" })
end
it "will not allow non-whitelisted objects to be embedded within objects with whitelisted tags" do
result = YAML.safe_load <<-YAML.unindent
--- !ruby/object:OpenStruct
table:
:backdoor: !ruby/object:ExploitableBackDoor
foo: bar
YAML
expect(result).to be_a(OpenStruct)
expect(result.backdoor).not_to be_a(ExploitableBackDoor)
expect(result.backdoor).to eq({ "foo" => "bar" })
end
context "with the :raise_on_unknown_tag option enabled" do
before :each do
SafeYAML::OPTIONS[:raise_on_unknown_tag] = true
end
after :each do
SafeYAML.restore_defaults!
end
it "raises an exception if a non-nil, non-whitelisted tag is encountered" do
expect {
YAML.safe_load <<-YAML.unindent
--- !ruby/object:Unknown
foo: bar
YAML
}.to raise_error
end
it "checks all tags, even those within objects with trusted tags" do
expect {
YAML.safe_load <<-YAML.unindent
--- !ruby/object:OpenStruct
table:
:backdoor: !ruby/object:Unknown
foo: bar
YAML
}.to raise_error
end
it "does not raise an exception as long as all tags are whitelisted" do
result = YAML.safe_load <<-YAML.unindent
--- !ruby/object:OpenStruct
table:
:backdoor:
string: foo
integer: 1
float: 3.14
symbol: :bar
date: 2013-02-20
array: []
hash: {}
YAML
expect(result).to be_a(OpenStruct)
expect(result.backdoor).to eq({
"string" => "foo",
"integer" => 1,
"float" => 3.14,
"symbol" => :bar,
"date" => Date.parse("2013-02-20"),
"array" => [],
"hash" => {}
})
end
it "does not raise an exception on the non-specific '!' tag" do
result = nil
expect { result = YAML.safe_load "--- ! 'foo'" }.to_not raise_error
expect(result).to eq("foo")
end
context "with whitelisted custom class" do
class SomeClass
attr_accessor :foo
end
let(:instance) { SomeClass.new }
before do
SafeYAML::whitelist!(SomeClass)
instance.foo = 'with trailing whitespace: '
end
it "does not raise an exception on the non-specific '!' tag" do
result = nil
expect { result = YAML.safe_load(instance.to_yaml) }.to_not raise_error
expect(result.foo).to eq('with trailing whitespace: ')
end
end
end
end
context "when options are passed direclty to #load which differ from the defaults" do
let(:default_options) { {} }
before :each do
SafeYAML::OPTIONS.merge!(default_options)
end
context "(for example, when symbol deserialization is enabled by default)" do
let(:default_options) { { :deserialize_symbols => true } }
it "goes with the default option when it is not overridden" do
silence_warnings do
expect(YAML.load(":foo: bar")).to eq({ :foo => "bar" })
end
end
it "allows the default option to be overridden on a per-call basis" do
silence_warnings do
expect(YAML.load(":foo: bar", :deserialize_symbols => false)).to eq({ ":foo" => "bar" })
expect(YAML.load(":foo: bar", :deserialize_symbols => true)).to eq({ :foo => "bar" })
end
end
end
context "(or, for example, when certain tags are whitelisted)" do
let(:default_options) {
{
:deserialize_symbols => true,
:whitelisted_tags => SafeYAML::YAML_ENGINE == "psych" ?
["!ruby/object:OpenStruct"] :
["tag:ruby.yaml.org,2002:object:OpenStruct"]
}
}
it "goes with the default option when it is not overridden" do
result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
expect(result).to be_a(OpenStruct)
expect(result.foo).to eq("bar")
end
it "allows the default option to be overridden on a per-call basis" do
result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :whitelisted_tags => [])
expect(result).to eq({ "table" => { :foo => "bar" } })
result = safe_load_round_trip(OpenStruct.new(:foo => "bar"), :deserialize_symbols => false, :whitelisted_tags => [])
expect(result).to eq({ "table" => { ":foo" => "bar" } })
end
end
end
end
describe "unsafe_load_file" do
if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.3"
it "allows exploits through objects defined in YAML w/ !ruby/hash via custom :[]= methods" do
backdoor = YAML.unsafe_load_file "spec/exploit.1.9.3.yaml"
expect(backdoor).to be_exploited_through_setter
end
end
if SafeYAML::YAML_ENGINE == "psych" && RUBY_VERSION >= "1.9.2"
it "allows exploits through objects defined in YAML w/ !ruby/object via the :init_with method" do
backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
expect(backdoor).to be_exploited_through_init_with
end
end
it "allows exploits through objects w/ sensitive instance variables defined in YAML w/ !ruby/object" do
backdoor = YAML.unsafe_load_file "spec/exploit.1.9.2.yaml"
expect(backdoor).to be_exploited_through_ivars
end
end
describe "safe_load_file" do
it "does NOT allow exploits through objects defined in YAML w/ !ruby/hash" do
object = YAML.safe_load_file "spec/exploit.1.9.3.yaml"
expect(object).not_to be_a(ExploitableBackDoor)
end
it "does NOT allow exploits through objects defined in YAML w/ !ruby/object" do
object = YAML.safe_load_file "spec/exploit.1.9.2.yaml"
expect(object).not_to be_a(ExploitableBackDoor)
end
it "returns false when parsing an empty file" do
expect(YAML.safe_load_file("spec/issue49.yml")).to eq(false)
end
end
describe "load" do
let(:options) { {} }
let (:arguments) {
if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
["foo: bar", nil, options]
else
["foo: bar", options]
end
}
context "as long as a :default_mode has been specified" do
it "doesn't issue a warning for safe mode, since an explicit mode has been set" do
SafeYAML::OPTIONS[:default_mode] = :safe
expect(Kernel).not_to receive(:warn)
YAML.load(*arguments)
end
it "doesn't issue a warning for unsafe mode, since an explicit mode has been set" do
SafeYAML::OPTIONS[:default_mode] = :unsafe
expect(Kernel).not_to receive(:warn)
YAML.load(*arguments)
end
end
context "when the :safe options is specified" do
let(:safe_mode) { true }
let(:options) { { :safe => safe_mode } }
it "doesn't issue a warning" do
expect(Kernel).not_to receive(:warn)
YAML.load(*arguments)
end
it "calls #safe_load if the :safe option is set to true" do
expect(YAML).to receive(:safe_load)
YAML.load(*arguments)
end
context "when the :safe option is set to false" do
let(:safe_mode) { false }
it "calls #unsafe_load if the :safe option is set to false" do
expect(YAML).to receive(:unsafe_load)
YAML.load(*arguments)
end
end
end
it "issues a warning when the :safe option is omitted" do
silence_warnings do
expect(Kernel).to receive(:warn)
YAML.load(*arguments)
end
end
it "only issues a warning once (to avoid spamming an app's output)" do
silence_warnings do
expect(Kernel).to receive(:warn).once
2.times { YAML.load(*arguments) }
end
end
it "defaults to safe mode if the :safe option is omitted" do
silence_warnings do
expect(YAML).to receive(:safe_load)
YAML.load(*arguments)
end
end
context "with the default mode set to :unsafe" do
before :each do
SafeYAML::OPTIONS[:default_mode] = :unsafe
end
it "defaults to unsafe mode if the :safe option is omitted" do
silence_warnings do
expect(YAML).to receive(:unsafe_load)
YAML.load(*arguments)
end
end
it "calls #safe_load if the :safe option is set to true" do
expect(YAML).to receive(:safe_load)
YAML.load(*(arguments + [{ :safe => true }]))
end
end
end
describe "load_file" do
let(:filename) { "spec/exploit.1.9.2.yaml" } # doesn't really matter
it "issues a warning if the :safe option is omitted" do
silence_warnings do
expect(Kernel).to receive(:warn)
YAML.load_file(filename)
end
end
it "doesn't issue a warning as long as the :safe option is specified" do
expect(Kernel).not_to receive(:warn)
YAML.load_file(filename, :safe => true)
end
it "defaults to safe mode if the :safe option is omitted" do
silence_warnings do
expect(YAML).to receive(:safe_load_file)
YAML.load_file(filename)
end
end
it "calls #safe_load_file if the :safe option is set to true" do
expect(YAML).to receive(:safe_load_file)
YAML.load_file(filename, :safe => true)
end
it "calls #unsafe_load_file if the :safe option is set to false" do
expect(YAML).to receive(:unsafe_load_file)
YAML.load_file(filename, :safe => false)
end
context "with arbitrary object deserialization enabled by default" do
before :each do
SafeYAML::OPTIONS[:default_mode] = :unsafe
end
it "defaults to unsafe mode if the :safe option is omitted" do
silence_warnings do
expect(YAML).to receive(:unsafe_load_file)
YAML.load_file(filename)
end
end
it "calls #safe_load if the :safe option is set to true" do
expect(YAML).to receive(:safe_load_file)
YAML.load_file(filename, :safe => true)
end
end
it "handles files starting with --- (see issue #48)" do
expect(YAML.load_file("spec/issue48.txt", :safe => true)).to eq({
"title" => "Blah",
"key" => "value"
})
end
it "handles content starting with --- (see issue #48)" do
yaml = File.read("spec/issue48.txt")
expect(YAML.load(yaml, :safe => true)).to eq({
"title" => "Blah",
"key" => "value"
})
end
end
describe "whitelist!" do
context "not a class" do
it "should raise" do
expect { SafeYAML::whitelist! :foo }.to raise_error(/not a Class/)
expect(SafeYAML::OPTIONS[:whitelisted_tags]).to be_empty
end
end
context "anonymous class" do
it "should raise" do
expect { SafeYAML::whitelist! Class.new }.to raise_error(/cannot be anonymous/)
expect(SafeYAML::OPTIONS[:whitelisted_tags]).to be_empty
end
end
context "with a Class as its argument" do
it "should configure correctly" do
expect { SafeYAML::whitelist! OpenStruct }.to_not raise_error
expect(SafeYAML::OPTIONS[:whitelisted_tags].grep(/OpenStruct\Z/)).not_to be_empty
end
it "successfully deserializes the specified class" do
SafeYAML.whitelist!(OpenStruct)
# necessary for properly assigning OpenStruct attributes
SafeYAML::OPTIONS[:deserialize_symbols] = true
result = safe_load_round_trip(OpenStruct.new(:foo => "bar"))
expect(result).to be_a(OpenStruct)
expect(result.foo).to eq("bar")
end
it "works for ranges" do
SafeYAML.whitelist!(Range)
expect(safe_load_round_trip(1..10)).to eq(1..10)
end
it "works for regular expressions" do
SafeYAML.whitelist!(Regexp)
expect(safe_load_round_trip(/foo/)).to eq(/foo/)
end
it "works for multiple classes" do
SafeYAML.whitelist!(Range, Regexp)
expect(safe_load_round_trip([(1..10), /bar/])).to eq([(1..10), /bar/])
end
it "works for arbitrary Exception subclasses" do
class CustomException < Exception
attr_reader :custom_message
def initialize(custom_message)
@custom_message = custom_message
end
end
SafeYAML.whitelist!(CustomException)
ex = safe_load_round_trip(CustomException.new("blah"))
expect(ex).to be_a(CustomException)
expect(ex.custom_message).to eq("blah")
end
end
end
end