diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2022-03-21 20:01:48 -0700 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2022-03-21 20:01:48 -0700 |
commit | 880d332592b61e760fe5c089e5d456426f459ab9 (patch) | |
tree | a041de90d3afe403b0b8ebd59d085f3c016f7505 | |
parent | f95a28f028e8f7daa35d2418128addda8febd13d (diff) | |
download | chef-880d332592b61e760fe5c089e5d456426f459ab9.tar.gz |
Fix YAML use
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 2 | ||||
-rw-r--r-- | lib/chef/compliance/input.rb | 2 | ||||
-rw-r--r-- | lib/chef/compliance/profile.rb | 2 | ||||
-rw-r--r-- | lib/chef/compliance/waiver.rb | 2 | ||||
-rw-r--r-- | lib/chef/dsl/reader_helpers.rb | 4 | ||||
-rw-r--r-- | lib/chef/recipe.rb | 2 | ||||
-rw-r--r-- | lib/chef/resource/inspec_waiver_file_entry.rb | 4 |
8 files changed, 10 insertions, 12 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 95f25e1c2b..62e46751be 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -27,7 +27,7 @@ GIT GIT remote: https://github.com/chef/ruby-proxifier - revision: 41ead73b21956a39fca3376c9ff6f74096dc3c9b + revision: 4232ddc1174ca638eead55cddbe1b8f5be5f5813 branch: lcg/ruby-3 specs: proxifier (1.0.3) @@ -441,8 +441,6 @@ GEM unf (0.1.4) unf_ext unf_ext (0.0.8.1) - unf_ext (0.0.8.1-x64-mingw32) - unf_ext (0.0.8.1-x86-mingw32) unicode-display_width (2.1.0) unicode_utils (1.4.0) uuidtools (2.2.0) diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 87e0b6bab2..2932fdc82f 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -174,7 +174,7 @@ module ChefConfig # Call to_sym because Chef::Config expects only symbol keys. Also # runs a simple parse on the string for some common types. - memo[key.to_sym] = YAML.safe_load(value) + memo[key.to_sym] = YAML.safe_load(value, permitted_classes: [Date]) memo end set_extra_config_options(extra_parsed_options) diff --git a/lib/chef/compliance/input.rb b/lib/chef/compliance/input.rb index 686b516b2e..237a4e12d0 100644 --- a/lib/chef/compliance/input.rb +++ b/lib/chef/compliance/input.rb @@ -101,7 +101,7 @@ class Chef # and cookbook_name are required this is probably not externally useful. # def self.from_yaml(events, string, path = nil, cookbook_name = nil) - from_hash(events, YAML.load(string), path, cookbook_name) + from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name) end # @param filename [String] full path to the yml file in the cookbook diff --git a/lib/chef/compliance/profile.rb b/lib/chef/compliance/profile.rb index ec9d61895c..f0d02000fc 100644 --- a/lib/chef/compliance/profile.rb +++ b/lib/chef/compliance/profile.rb @@ -108,7 +108,7 @@ class Chef # and cookbook_name are required this is probably not externally useful. # def self.from_yaml(events, string, path, cookbook_name) - from_hash(events, YAML.load(string), path, cookbook_name) + from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name) end # @param filename [String] full path to the inspec.yml file in the cookbook diff --git a/lib/chef/compliance/waiver.rb b/lib/chef/compliance/waiver.rb index 0062a7d5d9..6284e06f04 100644 --- a/lib/chef/compliance/waiver.rb +++ b/lib/chef/compliance/waiver.rb @@ -101,7 +101,7 @@ class Chef # and cookbook_name are required this is probably not externally useful. # def self.from_yaml(events, string, path = nil, cookbook_name = nil) - from_hash(events, YAML.load(string), path, cookbook_name) + from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name) end # @param filename [String] full path to the yml file in the cookbook diff --git a/lib/chef/dsl/reader_helpers.rb b/lib/chef/dsl/reader_helpers.rb index 6a9b021d89..51259aae36 100644 --- a/lib/chef/dsl/reader_helpers.rb +++ b/lib/chef/dsl/reader_helpers.rb @@ -16,7 +16,7 @@ autoload :TOML, "tomlrb" require_relative "../json_compat" -autoload :YAML, "yaml" +autoload :Psych, "psych" class Chef module DSL @@ -42,7 +42,7 @@ class Chef end def parse_yaml(filename) - YAML.load(IO.read(filename)) + Psych.safe_load_file(filename, permitted_classes: [Date]) end extend self diff --git a/lib/chef/recipe.rb b/lib/chef/recipe.rb index 972edf9649..2f7a282ca8 100644 --- a/lib/chef/recipe.rb +++ b/lib/chef/recipe.rb @@ -101,7 +101,7 @@ class Chef end def from_yaml(string) - res = ::YAML.safe_load(string) + res = ::YAML.safe_load(string, permitted_classes: [Date]) unless res.is_a?(Hash) && res.key?("resources") raise ArgumentError, "YAML recipe '#{source_file}' must contain a top-level 'resources' hash (YAML sequence), i.e. 'resources:'" end diff --git a/lib/chef/resource/inspec_waiver_file_entry.rb b/lib/chef/resource/inspec_waiver_file_entry.rb index 7ad31fd58d..69849fa044 100644 --- a/lib/chef/resource/inspec_waiver_file_entry.rb +++ b/lib/chef/resource/inspec_waiver_file_entry.rb @@ -136,11 +136,11 @@ class Chef def load_waiver_file_to_hash(file_name) if %r{(/|C:\\).*(.yaml|.yml)}i.match?(file_name) if ::File.exist?(file_name) - hash = ::YAML.load_file(file_name) + hash = ::YAML.safe.load_file(file_name, permitted_classes: [Date]) if hash == false || hash.nil? || hash == "" {} else - ::YAML.load_file(file_name) + ::YAML.safe.load_file(file_name, permitted_classes: [Date]) end else {} |