From 70ee133c32f9bdbc1967f3bdbeea30c41f1e0e71 Mon Sep 17 00:00:00 2001 From: "adam.hutchison" Date: Wed, 27 Apr 2022 16:20:08 -0600 Subject: [PATCH] Fix YAML loading Psych (aka YAML) 4.x included a breaking change to how `YAML.load` works In Psych 4.0, `load` calls `safe_load` under the hood, and is therefore "safe" by default, but that breaks configurations that support (among other things) aliases, which are disabled when using "safe" loading. `unsafe_load` is now the canonical way to load trusted documents (i.e., config files): https://github.com/ruby/psych/issues/533#issuecomment-1019363688 To ensure maximum compatibility with old versions of Psych, we also need to set a minimum version of Psych to ensure `unsafe_load` is defined. The methods were introduced in v3.3.2: https://github.com/ruby/psych/commit/cb50aa8d3fb8be01897becff77b4922b12a0ab4c Resolves #60 --- active_publisher.gemspec | 1 + lib/active_publisher/configuration.rb | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/active_publisher.gemspec b/active_publisher.gemspec index 6b3c4d2..f1359c0 100644 --- a/active_publisher.gemspec +++ b/active_publisher.gemspec @@ -29,6 +29,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'activesupport', '>= 3.2' spec.add_dependency 'concurrent-ruby' spec.add_dependency 'multi_op_queue', '>= 0.2.0' + spec.add_dependency 'psych', '>= 3.3.2' spec.add_development_dependency "benchmark-ips" spec.add_development_dependency "bundler" diff --git a/lib/active_publisher/configuration.rb b/lib/active_publisher/configuration.rb index 6e632fb..e5faa0f 100644 --- a/lib/active_publisher/configuration.rb +++ b/lib/active_publisher/configuration.rb @@ -83,11 +83,13 @@ def self.attempt_to_load_yaml_file(env) yaml_config = {} absolute_config_path = ::File.expand_path(::File.join("config", "active_publisher.yml")) action_subscriber_config_file = ::File.expand_path(::File.join("config", "action_subscriber.yml")) + if ::File.exists?(absolute_config_path) - yaml_config = ::YAML.load(::ERB.new(::File.read(absolute_config_path)).result)[env] + yaml_config = load_yaml_config_from_file(absolute_config_path)[env] elsif ::File.exists?(action_subscriber_config_file) - yaml_config = ::YAML.load(::ERB.new(::File.read(action_subscriber_config_file)).result)[env] + yaml_config = load_yaml_config_from_file(action_subscriber_config_file)[env] end + yaml_config end private_class_method :attempt_to_load_yaml_file @@ -101,6 +103,14 @@ def self.fetch_config_value(key, cli_options, yaml_config) end private_class_method :fetch_config_value + def self.load_yaml_config_from_file(file_path) + erb_yaml = ::ERB.new(::File.read(file_path)).result + # Defined in Psych 3.2+ and the new canonical way to load trusted documents: + # https://github.com/ruby/psych/issues/533#issuecomment-1019363688 + ::YAML.unsafe_load(erb_yaml) + end + private_class_method :load_yaml_config_from_file + ## # Instance Methods #