Skip to content

Commit 14e099e

Browse files
mschuchardmschuchard
committed
safe load puppet data files
1 parent b30dce9 commit 14e099e

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
- Add `rubocop-rspec` plugin to Ruby checks.
77
- Fix `--fail-on-warnings` functionality.
88
- Improve safety of Ruby syntax checks.
9+
- Safely load Puppet data files.
910

1011
### 2.3.1
1112
- No input target paths now defaults to current working directory instead of error.

lib/puppet-check/data_parser.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ class DataParser
88
def self.yaml(files)
99
files.each do |file|
1010
# check yaml syntax
11-
parsed = YAML.load_file(file)
11+
parsed = YAML.safe_load_file(file, permitted_classes: [Symbol], permitted_symbols: [], aliases: true)
1212
rescue StandardError => err
1313
PuppetCheck.files[:errors][file] = err.to_s.gsub("(#{file}): ", '').split("\n")
1414
else
@@ -44,7 +44,7 @@ def self.eyaml(files, public, private)
4444

4545
files.each do |file|
4646
# check encoded yaml syntax
47-
parsed = YAML.load_file(file)
47+
parsed = YAML.safe_load_file(file, permitted_classes: [Symbol], permitted_symbols: [], aliases: true)
4848

4949
# extract encoded values
5050
# ENC[PKCS7]

0 commit comments

Comments
 (0)