Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

private method `load' called for SafeYAML:Module #2935

Closed
aquister opened this issue Mar 9, 2016 · 5 comments
Closed

private method `load' called for SafeYAML:Module #2935

aquister opened this issue Mar 9, 2016 · 5 comments

Comments

@aquister
Copy link

aquister commented Mar 9, 2016

Running RuboCop...
private method 'load' called for SafeYAML:Module
~/.rvm/gems/ruby-2.1.5/gems/rubocop-0.38.0/lib/rubocop/config_loader.rb:165:in 'yaml_safe_load'
...
RuboCop failed!

$ rubocop -V
0.38.0 (using Parser 2.3.0.6, running on ruby 2.1.5 x86_64-linux)
@jonas054
Copy link
Collaborator

It sounds similar to #2178 and #1510 so try gem update --system and see if it helps.

rnelson0 added a commit to rnelson0/puppet-local_user that referenced this issue Mar 16, 2016
@rnelson0
v1.0.8 release PR
3cc045c 
  Update README.md and CHANGELOG.md
  Bring rspec-puppet up to date
  Remove rubocop (due to rake 11 and rubocop 0.38.0 incompatabilities, [issue #2935](rubocop/rubocop#2935))
  Update spec_helper to use ::new instead of [] to remove warning
rnelson0 added a commit to rnelson0/puppet-local_user that referenced this issue Mar 16, 2016
@rnelson0
v1.0.8 release PR
4c5c5bc 
  Update README.md and CHANGELOG.md
  Bring rspec-puppet up to date
  Remove rubocop (due to rake 11 and rubocop 0.38.0 incompatabilities, [issue #2935](rubocop/rubocop#2935))
  Update spec_helper to use ::new instead of [] to remove warning
@aquister
Copy link
Author

@jonas054 No change after gem update --system

@jonas054
Copy link
Collaborator

Then I don't know. Apparently the SafeYAML module is available when you run, but its load method is private. That seems very wrong.

Perhaps you can examine the safe_yaml gem installation on your system. Or check what happens when you run

ruby -v -rsafe_yaml -e 'p SafeYAML.load("1")'

@aquister
Copy link
Author

@jonas054

$ ruby -v -r 'safe_yaml' -e 'p SafeYAML.load("1")'
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
~/.rvm/gems/ruby-2.1.5/gems/safe_yaml-1.0.4/lib/safe_yaml.rb:28: warning: method redefined; discarding old safe_load
~/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/psych.rb:283: warning: previous definition of safe_load was here
~/.rvm/gems/ruby-2.1.5/gems/safe_yaml-1.0.4/lib/safe_yaml.rb:52: warning: method redefined; discarding old load_file
~/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/psych.rb:463: warning: previous definition of load_file was here
1

According to safe_yaml doc (github.com/dtao/safe_yaml/blob/master/README.md):

When you require the safe_yaml gem in your project, YAML.load is patched
...
You can also get the methods SafeYAML.load and SafeYAML.load_file without touching the YAML module at all like this:
require "safe_yaml/load" # instead of require "safe_yaml"
This way, you can use SafeYAML.load to parse YAML that you don't trust, without affecting the rest of an application (if you're developing a library, for example).

So the following seems to work as it should:

$ ruby -v -r 'safe_yaml/load' -e 'p SafeYAML.load("1")'
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
1

This issue only happens if I run rubocop as a rake task.
When running as a rake task
if defined?(SafeYAML)
returns true, and
SafeYAML.load(yaml_code, nil, whitelisted_tags: %w(!ruby/regexp))
fails with

private method 'load' called for SafeYAML:Module

When invoking rubocop directly
if defined?(SafeYAML)
returns false, and
YAML.safe_load(yaml_code, [Regexp])
executes successfully.

@jonas054
Copy link
Collaborator

@aquister Thanks for digging up that information! It all makes sense now, except that we still don't know why SafeYAML.load is private in your runs.

Anyway, it can happen. Apparently. So I guess we could solve it with

if defined?(SafeYAML) && SafeYAML.respond_to?(:load)

We also need a spec example that creates a stub SafeYAML.load that is private, and restores afterwards.

bbatsov added a commit that referenced this issue Mar 26, 2016
@bbatsov
Merge pull request #2984 from jonas054/2935_private_safeyaml_load
5a44a31 
[Fix #2935] Make config loading work if SafeYAML.load is private
@jhg03a jhg03a mentioned this issue May 4, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonas054 @aquister