Module: Gem::SafeMarshal

Relationships & Source Files
Namespace Children
Modules: `Elements`, `Visitors`
Classes: `Reader`
Defined in:	lib/rubygems/safe_marshal.rb, lib/rubygems/safe_marshal/elements.rb, lib/rubygems/safe_marshal/reader.rb, lib/rubygems/safe_marshal/visitors/stream_printer.rb, lib/rubygems/safe_marshal/visitors/to_ruby.rb

Overview

This module is used for safely loading Marshal specs from a gem. The .safe_load method defined on this module is specifically designed for loading ::Gem specifications.

Constant Summary

PERMITTED_CLASSES = private
# File 'lib/rubygems/safe_marshal.rb', line 15

%w[
  Date
  Time
  Rational

  Gem::Dependency
  Gem::NameTuple
  Gem::Platform
  Gem::Requirement
  Gem::Specification
  Gem::Version
  Gem::Version::Requirement

  YAML::Syck::DefaultKey
  YAML::PrivateType
].freeze

PERMITTED_IVARS = private
# File 'lib/rubygems/safe_marshal.rb', line 44

{
  "String" => %w[E encoding @taguri @debug_created_info],
  "Time" => %w[
    offset zone nano_num nano_den submicro
    @_zone @marshal_with_utc_coercion
  ],
  "Gem::Dependency" => %w[
    @name @requirement @prerelease @version_requirement @version_requirements @type
    @force_ruby_platform
  ],
  "Gem::NameTuple" => %w[@name @version @platform],
  "Gem::Platform" => %w[@os @cpu @version],
  "Psych::PrivateType" => %w[@value @type_id],
}.freeze

PERMITTED_SYMBOLS = private
# File 'lib/rubygems/safe_marshal.rb', line 33

%w[
  development
  runtime

  name
  number
  platform
  dependencies
].freeze

Class Method Summary

.load(input, permitted_classes: [::Symbol], permitted_symbols: [], permitted_ivars: {})
.safe_load(input)

Class Method Details

.load(input, permitted_classes: [::Symbol], permitted_symbols: [], permitted_ivars: {})

[ GitHub ]

# File 'lib/rubygems/safe_marshal.rb', line 64


def self.load(input, permitted_classes: [::Symbol], permitted_symbols: [], permitted_ivars: {})
  root = Reader.new(StringIO.new(input, "r").binmode).read!

  Visitors::ToRuby.new(
    permitted_classes: permitted_classes,
    permitted_symbols: permitted_symbols,
    permitted_ivars: permitted_ivars,
  ).visit(root)
end

.safe_load(input)

[ GitHub ]

# File 'lib/rubygems/safe_marshal.rb', line 60


def self.safe_load(input)
  load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, permitted_ivars: PERMITTED_IVARS)
end