Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute #7464

segiddins · 2024-02-08T01:51:24Z

No description provided.

test/rubygems/test_gem_safe_yaml.rb

…ia a constant

…-aliases-are-enabled-in-gem-safeyaml.safe_load-via-a-constant Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute (cherry picked from commit 3fbb8bb)

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins changed the title ~~Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via a constant~~ Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute Feb 9, 2024

segiddins requested review from hsbt and deivid-rodriguez February 9, 2024 20:20

martinemde approved these changes Feb 10, 2024

View reviewed changes

simi approved these changes Feb 10, 2024

View reviewed changes

segiddins force-pushed the segiddins/control-whether-yaml-aliases-are-enabled-in-gem-safeyaml.safe_load-via-a-constant branch from 38eef0a to 71de00c Compare February 11, 2024 03:53

simi reviewed Feb 11, 2024

View reviewed changes

test/rubygems/test_gem_safe_yaml.rb Show resolved Hide resolved

simi reviewed Feb 14, 2024

View reviewed changes

test/rubygems/test_gem_safe_yaml.rb Outdated Show resolved Hide resolved

segiddins added 4 commits February 16, 2024 09:45

Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load v…

6bedb1c

…ia a constant

Use a writer method on the module instead of a constant

240d84e

Add a test for safe yaml

148dead

Commit missing new method

5265b4c

segiddins force-pushed the segiddins/control-whether-yaml-aliases-are-enabled-in-gem-safeyaml.safe_load-via-a-constant branch from e3e8bf9 to 5265b4c Compare February 16, 2024 17:45

Check for correct exception on older psych versions

52de6ec

hsbt approved these changes Feb 21, 2024

View reviewed changes

segiddins merged commit 3fbb8bb into master Feb 21, 2024
75 checks passed

segiddins deleted the segiddins/control-whether-yaml-aliases-are-enabled-in-gem-safeyaml.safe_load-via-a-constant branch February 21, 2024 17:44

deivid-rodriguez added the rubygems: enhancement label Mar 18, 2024

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 11, 2024

Disable loading YAML with aliases

654f0d5

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins mentioned this pull request Apr 11, 2024

Disable loading YAML with aliases rubygems/rubygems.org#4603

Merged

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 12, 2024

Disable loading YAML with aliases

732a671

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 15, 2024

Disable loading YAML with aliases

95b07f5

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 15, 2024

Disable loading YAML with aliases

3a6f490

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 15, 2024

Disable loading YAML with aliases

539de00

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 15, 2024

Disable loading YAML with aliases

6469883

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

segiddins added a commit to rubygems/rubygems.org that referenced this pull request Apr 15, 2024

Disable loading YAML with aliases (#4603)

8fc65db

Prevent loading YAML files with aliases, which can be used to construct YAML bombs that lead to OOMs Makes use of rubygems/rubygems#7464

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute #7464

Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute #7464

segiddins commented Feb 8, 2024

Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute #7464

Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute #7464

Conversation

segiddins commented Feb 8, 2024