Projects
Mega:24.03
nodejs-grunt
_service:tar_scm:CVE-2020-7729.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2020-7729.patch of Package nodejs-grunt
From e350cea1724eb3476464561a380fb6a64e61e4e7 Mon Sep 17 00:00:00 2001 From: Vlad Filippov <vlad.filippov@gmail.com> Date: Mon, 17 Aug 2020 11:28:59 -0400 Subject: [PATCH] Switch to use `safeLoad` for loading YML files via `file.readYAML`. For previous behaviour please use the following: ``` readYAML('test/fixtures/utf8.yaml', null, {unsafeLoad: true}); ``` --- lib/grunt/file.js | 13 +++++++++++-- test/grunt/file_test.js | 7 +++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/grunt/file.js b/lib/grunt/file.js index eefeddb2..7e0e2fb7 100644 --- a/lib/grunt/file.js +++ b/lib/grunt/file.js @@ -241,12 +241,21 @@ file.readJSON = function(filepath, options) { }; // Read a YAML file, parse its contents, return an object. -file.readYAML = function(filepath, options) { +file.readYAML = function(filepath, options, yamlOptions) { + if (!options) { options = {}; } + if (!yamlOptions) { yamlOptions = {}; } + var src = file.read(filepath, options); var result; grunt.verbose.write('Parsing ' + filepath + '...'); try { - result = YAML.load(src); + // use the recommended way of reading YAML files + // https://github.com/nodeca/js-yaml#safeload-string---options- + if (yamlOptions.unsafeLoad) { + result = YAML.load(src); + } else { + result = YAML.safeLoad(src); + } grunt.verbose.ok(); return result; } catch (e) { diff --git a/test/grunt/file_test.js b/test/grunt/file_test.js index e833fb2d..b192cad9 100644 --- a/test/grunt/file_test.js +++ b/test/grunt/file_test.js @@ -452,10 +452,13 @@ exports.file = { test.done(); }, 'readYAML': function(test) { - test.expect(4); + test.expect(5); var obj; obj = grunt.file.readYAML('test/fixtures/utf8.yaml'); - test.deepEqual(obj, this.object, 'file should be read as utf8 by default and parsed correctly.'); + test.deepEqual(obj, this.object, 'file should be safely read as utf8 by default and parsed correctly.'); + + obj = grunt.file.readYAML('test/fixtures/utf8.yaml', null, {unsafeLoad: true}); + test.deepEqual(obj, this.object, 'file should be unsafely read as utf8 by default and parsed correctly.'); obj = grunt.file.readYAML('test/fixtures/iso-8859-1.yaml', {encoding: 'iso-8859-1'}); test.deepEqual(obj, this.object, 'file should be read using the specified encoding.');
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2