Freeze parsing option

lib/psych.rb

@@ -268,16 +268,15 @@ module Psych
   # YAML documents that are supplied via user input.  Instead, please use the
   # safe_load method.
   #
-  def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false
+  def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false, freeze: false
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
       filename = legacy_filename
     end
 
     result = parse(yaml, filename: filename)
     return fallback unless result
-    result = result.to_ruby if result
-    symbolize_names!(result) if symbolize_names
+    result = result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) if result
     result
   end
 
@@ -325,7 +324,7 @@ def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false,
   #   Psych.safe_load("---\n foo: bar")                         # => {"foo"=>"bar"}
   #   Psych.safe_load("---\n foo: bar", symbolize_names: true)  # => {:foo=>"bar"}
   #
-  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false
+  def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_symbols = NOT_GIVEN, legacy_aliases = NOT_GIVEN, legacy_filename = NOT_GIVEN, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false
     if legacy_permitted_classes != NOT_GIVEN
       warn_with_uplevel 'Passing permitted_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_classes: ...) instead.', uplevel: 1 if $VERBOSE
       permitted_classes = legacy_permitted_classes
@@ -353,12 +352,11 @@ def self.safe_load yaml, legacy_permitted_classes = NOT_GIVEN, legacy_permitted_
                                                permitted_symbols.map(&:to_s))
     scanner      = ScalarScanner.new class_loader
     visitor = if aliases
-                Visitors::ToRuby.new scanner, class_loader
+                Visitors::ToRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               else
-                Visitors::NoAliasRuby.new scanner, class_loader
+                Visitors::NoAliasRuby.new scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze
               end
     result = visitor.accept result
-    symbolize_names!(result) if symbolize_names
     result
   end
 
@@ -604,19 +602,6 @@ def self.add_tag tag, klass
     @dump_tags[klass] = tag
   end
 
-  def self.symbolize_names!(result)
-    case result
-    when Hash
-      result.keys.each do |key|
-        result[key.to_sym] = symbolize_names!(result.delete(key))
-      end
-    when Array
-      result.map! { |r| symbolize_names!(r) }
-    end
-    result
-  end
-  private_class_method :symbolize_names!
-
   # Workaround for emulating `warn '...', uplevel: 1` in Ruby 2.4 or lower.
   def self.warn_with_uplevel(message, uplevel: 1)
     at = parse_caller(caller[uplevel]).join(':')

lib/psych/nodes/node.rb

@@ -46,8 +46,8 @@ def each &block
       # Convert this node to Ruby.
       #
       # See also Psych::Visitors::ToRuby
-      def to_ruby
-        Visitors::ToRuby.create.accept(self)
+      def to_ruby(symbolize_names: false, freeze: false)
+        Visitors::ToRuby.create(symbolize_names: symbolize_names, freeze: freeze).accept(self)
       end
       alias :transform :to_ruby
 

lib/psych/visitors/to_ruby.rb

@@ -12,34 +12,38 @@ module Visitors
     ###
     # This class walks a YAML AST, converting each node to Ruby
     class ToRuby < Psych::Visitors::Visitor
-      def self.create
+      def self.create(symbolize_names: false, freeze: false)
         class_loader = ClassLoader.new
         scanner      = ScalarScanner.new class_loader
-        new(scanner, class_loader)
+        new(scanner, class_loader, symbolize_names: symbolize_names, freeze: freeze)
       end
 
       attr_reader :class_loader
 
-      def initialize ss, class_loader
+      def initialize ss, class_loader, symbolize_names: false, freeze: false
         super()
         @st = {}
         @ss = ss
         @domain_types = Psych.domain_types
         @class_loader = class_loader
+        @symbolize_names = symbolize_names
+        @freeze = freeze
       end
 
       def accept target
         result = super
-        return result if @domain_types.empty? || !target.tag
 
-        key = target.tag.sub(/^[!\/]*/, '').sub(/(,\d+)\//, '\1:')
-        key = "tag:#{key}" unless key =~ /^(?:tag:|x-private)/
+        unless @domain_types.empty? || !target.tag
+          key = target.tag.sub(/^[!\/]*/, '').sub(/(,\d+)\//, '\1:')
+          key = "tag:#{key}" unless key =~ /^(?:tag:|x-private)/
 
-        if @domain_types.key? key
-          value, block = @domain_types[key]
-          return block.call value, result
+          if @domain_types.key? key
+            value, block = @domain_types[key]
+            result = block.call value, result
+          end
         end
 
+        result = deduplicate(result).freeze if @freeze
         result
       end
 
@@ -336,7 +340,12 @@ def register_empty object
       SHOVEL = '<<'
       def revive_hash hash, o
         o.children.each_slice(2) { |k,v|
-          key = deduplicate(accept(k))
+          key = accept(k)
+          if @symbolize_names
+            key = key.to_sym
+          elsif !@freeze
+            key = deduplicate(key)
+          end
           val = accept(v)
 
           if key == SHOVEL && k.tag != "tag:yaml.org,2002:str"
@@ -371,6 +380,8 @@ def revive_hash hash, o
       if RUBY_VERSION < '2.7'
         def deduplicate key
           if key.is_a?(String)
+            # It is important to untaint the string, otherwise it won't
+            # be deduplicated into an fstring, but simply frozen.
             -(key.untaint)
           else
             key

test/psych/test_psych.rb

@@ -192,6 +192,22 @@ def test_domain_types
     assert_equal({ 'hello' => 'world' }, got)
   end
 
+  def test_load_freeze
+    data = Psych.load("--- {foo: ['a']}", freeze: true)
+    assert_predicate data, :frozen?
+    assert_predicate data['foo'], :frozen?
+    assert_predicate data['foo'].first, :frozen?
+  end
+
+  def test_load_freeze_deduplication
+    unless String.method_defined?(:-@) && (-("a" * 20)).equal?((-("a" * 20)))
+      skip "This Ruby implementation doesn't support string deduplication"
+    end
+
+    data = Psych.load("--- ['a']", freeze: true)
+    assert_same 'a', data.first
+  end
+
   def test_load_default_fallback
     assert_equal false, Psych.load("")
   end