Skip to content

Commit

Permalink
lib/rdoc/rdoc.rb: Allow only RDoc::Options in .rdoc_options
Browse files Browse the repository at this point in the history 
Follow-up of d8fd92f. Instead of using
unsafe_load blindly, RDoc::Options is only supposed to be allowed.
  • Loading branch information
@mame
mame committed May 17, 2021
1 parent d8fd92f commit ffdf023
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
5 changes: 3 additions & 2 deletions lib/rdoc/rdoc.rb
View file
Expand Up @@ -162,11 +162,12 @@ def load_options
RDoc.load_yaml

begin
options = YAML.unsafe_load_file '.rdoc_options'
options = YAML.load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
rescue Psych::SyntaxError
raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
end

return RDoc::Options.new if options == false # Allow empty file.
return RDoc::Options.new unless options # Allow empty file.

raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
RDoc::Options === options or Hash === options
Expand Down
6 changes: 3 additions & 3 deletions test/rdoc/test_rdoc_options.rb
View file
Expand Up @@ -145,7 +145,7 @@ def test_init_with_encoding

@options.encoding = Encoding::IBM437

options = YAML.unsafe_load YAML.dump @options
options = YAML.load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])

assert_equal Encoding::IBM437, options.encoding
end
Expand All @@ -161,7 +161,7 @@ def test_init_with_trim_paths
- /etc
YAML

options = YAML.unsafe_load yaml
options = YAML.load(yaml, permitted_classes: [RDoc::Options, Symbol])

assert_empty options.rdoc_include
assert_empty options.static_path
Expand Down Expand Up @@ -749,7 +749,7 @@ def test_write_options

assert File.exist? '.rdoc_options'

assert_equal @options, YAML.unsafe_load(File.read('.rdoc_options'))
assert_equal @options, YAML.load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
end
end

Expand Down

0 comments on commit ffdf023

Please sign in to comment.