From 2776625e606751ec9506325f0285d4487c4b15c9 Mon Sep 17 00:00:00 2001 From: Aoyama Date: Fri, 21 Mar 2025 10:52:38 +0900 Subject: [PATCH 1/3] Added support for Psych 4 --- HISTORY.md | 3 +++ lib/bizside.rb | 9 ++++----- lib/bizside/acl/access_control_utils.rb | 7 +++---- lib/bizside/carrierwave.rb | 3 ++- lib/bizside/configurations/mail.rb | 15 +++++++-------- lib/bizside/configurations/storage.rb | 16 +++++++--------- lib/bizside/gengou.rb | 4 +++- lib/bizside/hanaita_conf.rb | 5 ++++- lib/bizside/itamae_conf.rb | 3 ++- lib/bizside/resque.rb | 19 ++++++++++--------- lib/bizside/task_helper.rb | 5 ++++- lib/bizside/uploader/extension_whitelist.rb | 8 +++++--- 12 files changed, 54 insertions(+), 43 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 8d3a36b..aa0c124 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,6 @@ +## master + * Added support for Psych 4 + ## 3.0.7 * 監査ログ関連で状態管理が発生するような機能追加に備えてスレッドセーフティを事前に強化 * ffi のバージョンを 1.17.0 以下に固定 diff --git a/lib/bizside.rb b/lib/bizside.rb index f7d797b..dc35530 100644 --- a/lib/bizside.rb +++ b/lib/bizside.rb @@ -51,11 +51,10 @@ def self.config end configfile = ENV['CONFIG_FILE'] || File.join('config', 'bizside.yml') - if File.exist?(configfile) - @@_config = Bizside::Config.new(YAML.load_file(configfile)[Bizside.env]) - else - raise "設定ファイルの #{configfile} は必須です。" - end + raise "設定ファイルの #{configfile} は必須です。" unless File.exist?(configfile) + + entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(configfile) : YAML.load_file(configfile) + @@_config = Bizside::Config.new(entire_config[Bizside.env]) end def self.logger diff --git a/lib/bizside/acl/access_control_utils.rb b/lib/bizside/acl/access_control_utils.rb index 601eb2f..8c03d8d 100755 --- a/lib/bizside/acl/access_control_utils.rb +++ b/lib/bizside/acl/access_control_utils.rb @@ -14,9 +14,8 @@ def self.init(reload = false) end def self.merge(filename) - yml = YAML.load_file(filename) - - yml.each do |roll_key, values| + entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + entire_config.each do |roll_key, values| @@access_control[roll_key] ||= {} @@access_control[roll_key].merge!(values) end @@ -33,4 +32,4 @@ def self.get_access_control(roll_key) @@access_control[roll_key] end -end \ No newline at end of file +end diff --git a/lib/bizside/carrierwave.rb b/lib/bizside/carrierwave.rb index a69783f..5a14f0c 100644 --- a/lib/bizside/carrierwave.rb +++ b/lib/bizside/carrierwave.rb @@ -27,7 +27,8 @@ def path CarrierWave.configure do |config| database_yml = ERB.new(File.read(File.join('config', 'database.yml')), 0, '-').result - database = YAML.load(database_yml)[Bizside.env]['database'] + entire_config = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(database_yml) : YAML.load(database_yml) + database = entire_config[Bizside.env]['database'] config.root = File.join('/data', Bizside.config.add_on_name, database) diff --git a/lib/bizside/configurations/mail.rb b/lib/bizside/configurations/mail.rb index fd7b440..10fa1ad 100644 --- a/lib/bizside/configurations/mail.rb +++ b/lib/bizside/configurations/mail.rb @@ -3,17 +3,16 @@ module Configurations module Mail def mail - if @mail.nil? - configfile = File.join('config', 'mail.yml') + return @mail if defined? @mail + + configfile = File.join('config', 'mail.yml') - if File.exist?(configfile) - @mail = Bizside::Config.new(YAML.load_file(configfile)[Bizside.env]) + @mail = if File.exist?(configfile) + entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(configfile) : YAML.load_file(configfile) + Bizside::Config.new(entire_config[Bizside.env]) else - @mail = Bizside::Config.new + Bizside::Config.new end - end - - @mail end def default_url_options diff --git a/lib/bizside/configurations/storage.rb b/lib/bizside/configurations/storage.rb index b816f56..5ae2758 100644 --- a/lib/bizside/configurations/storage.rb +++ b/lib/bizside/configurations/storage.rb @@ -3,18 +3,16 @@ module Configurations module Storage def storage - if @storage.nil? - configfile = ENV['STORAGE_CONFIG_FILE'] ? ENV['STORAGE_CONFIG_FILE'] : default_configfile + return @storage if defined? @storage - if File.exist?(configfile) - config = ERB.new(File.read(configfile), 0, '-').result - @storage = Bizside::Config.new(YAML.load(config)[Bizside.env]) + configfile = ENV['STORAGE_CONFIG_FILE'] ? ENV['STORAGE_CONFIG_FILE'] : default_configfile + @storage = if File.exist?(configfile) + text = ERB.new(File.read(configfile), 0, '-').result + entire_config = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) + Bizside::Config.new(entire_config[Bizside.env]) else - @storage = Bizside::Config.new + Bizside::Config.new end - end - - @storage end private diff --git a/lib/bizside/gengou.rb b/lib/bizside/gengou.rb index 0ae6c39..f9079e3 100755 --- a/lib/bizside/gengou.rb +++ b/lib/bizside/gengou.rb @@ -2,7 +2,9 @@ module Bizside class Gengou - @@_gengou = YAML.load_file(File.join(File.dirname(__FILE__), 'gengou.yml')) + @@_gengou = File.join(__dir__, 'gengou.yml').then do |filename| + YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + end def self.to_seireki(gengou, year_jp) # 引数 year_jpには年度の値が入る diff --git a/lib/bizside/hanaita_conf.rb b/lib/bizside/hanaita_conf.rb index f6bcda6..b3092e4 100644 --- a/lib/bizside/hanaita_conf.rb +++ b/lib/bizside/hanaita_conf.rb @@ -10,7 +10,10 @@ class HanaitaConfSub def initialize conf_file = ENV['HANAITA_CONF'] || CONF_FILE - @_conf = YAML.load_file(conf_file) if File.exist?(conf_file) + @_conf = conf_file.then do |filename| + next nil unless File.exist?(filename) + YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + end end def conf diff --git a/lib/bizside/itamae_conf.rb b/lib/bizside/itamae_conf.rb index d026560..0649d57 100644 --- a/lib/bizside/itamae_conf.rb +++ b/lib/bizside/itamae_conf.rb @@ -41,7 +41,8 @@ def initialize for conf_file in self.class.conf_files do if File.exist?(conf_file) @_conf ||= {} - hash = YAML.load(ERB.new(File.read(conf_file)).result) + text = ERB.new(File.read(conf_file)).result + hash = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) case conf_file # itamae.yml スペシャルロジック。ROLE必須。 diff --git a/lib/bizside/resque.rb b/lib/bizside/resque.rb index 358a83d..97fda6a 100644 --- a/lib/bizside/resque.rb +++ b/lib/bizside/resque.rb @@ -14,19 +14,20 @@ module Resque yaml: ['config/resque.yml', 'config/redis.yml'], json: ['config/resque.json', 'config/redis.json'] }.each do |format, file_candidates| + resque_config_loader = case format + when :yaml + ->(text) { YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) } + when :json + ->(text) { ActiveSupport::JSON.decode(text) } + end + file_candidates.each do |file| resque_file = File.join(File.expand_path(ENV['RAILS_ROOT'] || '.'), file) next unless File.exist?(resque_file) - _resque_config = ERB.new(File.read(resque_file), 0, '-').result - - case format - when :yaml - resque_config = YAML.safe_load(_resque_config)[Bizside.env] - when :json - resque_config = ActiveSupport::JSON.decode(_resque_config)[Bizside.env] - else - raise "不正なResque設定ファイルです。#{file}" + resque_config = ERB.new(File.read(resque_file), 0, '-').result.then do |text| + entire_config = resque_config_loader.call(text) + entire_config[Bizside.env] end if resque_config.is_a?(Hash) diff --git a/lib/bizside/task_helper.rb b/lib/bizside/task_helper.rb index aeb6fce..caf473a 100644 --- a/lib/bizside/task_helper.rb +++ b/lib/bizside/task_helper.rb @@ -176,7 +176,10 @@ def self.ask_yes(prompt, options = {}) def self.ask_env(env_key, options = {}) cache_file = 'tmp/cache/env' - cache = File.exist?(cache_file) ? YAML.load_file(cache_file) : {} + cache = cache_file.then do |filename| + next {} unless File.exist?(filename) + YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + end if options.fetch(:cache, false) options = options.merge(default: cache.fetch(env_key, options[:default])) diff --git a/lib/bizside/uploader/extension_whitelist.rb b/lib/bizside/uploader/extension_whitelist.rb index ba7e980..1e08915 100644 --- a/lib/bizside/uploader/extension_whitelist.rb +++ b/lib/bizside/uploader/extension_whitelist.rb @@ -4,9 +4,11 @@ module ExtensionWhitelist extend ActiveSupport::Concern included do - default_extensions = Bizside.config.file_uploader.extensions_file_path.present? ? Bizside.config.file_uploader.extensions_file_path : - File.join(File.dirname(__FILE__), 'default_extensions.yml') - @@extensions = YAML.load_file(default_extensions).values + @@extensions = Bizside.config.file_uploader.extensions_file_path.then do |filename| + filename = File.join(__dir__, 'default_extensions.yml') unless filename.present? + entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + entire_config.values + end end def extension_allowlist From 5843aea49f8477d316b8e08189e1c7ff9ba0a4ef Mon Sep 17 00:00:00 2001 From: Aoyama Date: Fri, 21 Mar 2025 13:46:07 +0900 Subject: [PATCH 2/3] Prevent test failing by `uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)` --- bizside_test_app/Gemfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bizside_test_app/Gemfile b/bizside_test_app/Gemfile index 2cdfd5c..49781f8 100644 --- a/bizside_test_app/Gemfile +++ b/bizside_test_app/Gemfile @@ -25,6 +25,11 @@ gem 'sqlite3', '>= 1.3', '< 1.6.0' gem 'turbolinks' gem 'uglifier', '>= 1.3.0' +# Prevent error `uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)` +if rails_version < '7.1' + gem 'concurrent-ruby', '1.3.4' +end + group :development, :test do gem 'byebug' gem 'cucumber', '~> 7.1' From 9882ba79d8437cb12d663f2fdbb947badc9ccd6e Mon Sep 17 00:00:00 2001 From: Aoyama Date: Fri, 21 Mar 2025 17:03:54 +0900 Subject: [PATCH 3/3] Load yaml by YAML.safe_load instead of YAML.unsafe_load --- lib/bizside.rb | 2 +- lib/bizside/acl/access_control_utils.rb | 2 +- lib/bizside/carrierwave.rb | 2 +- lib/bizside/configurations/mail.rb | 2 +- lib/bizside/configurations/storage.rb | 2 +- lib/bizside/gengou.rb | 2 +- lib/bizside/hanaita_conf.rb | 2 +- lib/bizside/itamae_conf.rb | 2 +- lib/bizside/resque.rb | 2 +- lib/bizside/uploader/extension_whitelist.rb | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/bizside.rb b/lib/bizside.rb index dc35530..affb064 100644 --- a/lib/bizside.rb +++ b/lib/bizside.rb @@ -53,7 +53,7 @@ def self.config configfile = ENV['CONFIG_FILE'] || File.join('config', 'bizside.yml') raise "設定ファイルの #{configfile} は必須です。" unless File.exist?(configfile) - entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(configfile) : YAML.load_file(configfile) + entire_config = YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(configfile, aliases: true) : YAML.load_file(configfile) @@_config = Bizside::Config.new(entire_config[Bizside.env]) end diff --git a/lib/bizside/acl/access_control_utils.rb b/lib/bizside/acl/access_control_utils.rb index 8c03d8d..04e7d9d 100755 --- a/lib/bizside/acl/access_control_utils.rb +++ b/lib/bizside/acl/access_control_utils.rb @@ -14,7 +14,7 @@ def self.init(reload = false) end def self.merge(filename) - entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + entire_config = YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(filename, aliases: true) : YAML.load_file(filename) entire_config.each do |roll_key, values| @@access_control[roll_key] ||= {} @@access_control[roll_key].merge!(values) diff --git a/lib/bizside/carrierwave.rb b/lib/bizside/carrierwave.rb index 5a14f0c..0793a1c 100644 --- a/lib/bizside/carrierwave.rb +++ b/lib/bizside/carrierwave.rb @@ -27,7 +27,7 @@ def path CarrierWave.configure do |config| database_yml = ERB.new(File.read(File.join('config', 'database.yml')), 0, '-').result - entire_config = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(database_yml) : YAML.load(database_yml) + entire_config = YAML.respond_to?(:safe_load) ? YAML.safe_load(database_yml, aliases: true) : YAML.load(database_yml) database = entire_config[Bizside.env]['database'] config.root = File.join('/data', Bizside.config.add_on_name, database) diff --git a/lib/bizside/configurations/mail.rb b/lib/bizside/configurations/mail.rb index 10fa1ad..dc2e488 100644 --- a/lib/bizside/configurations/mail.rb +++ b/lib/bizside/configurations/mail.rb @@ -8,7 +8,7 @@ def mail configfile = File.join('config', 'mail.yml') @mail = if File.exist?(configfile) - entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(configfile) : YAML.load_file(configfile) + entire_config = YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(configfile, aliases: true) : YAML.load_file(configfile) Bizside::Config.new(entire_config[Bizside.env]) else Bizside::Config.new diff --git a/lib/bizside/configurations/storage.rb b/lib/bizside/configurations/storage.rb index 5ae2758..2c7e749 100644 --- a/lib/bizside/configurations/storage.rb +++ b/lib/bizside/configurations/storage.rb @@ -8,7 +8,7 @@ def storage configfile = ENV['STORAGE_CONFIG_FILE'] ? ENV['STORAGE_CONFIG_FILE'] : default_configfile @storage = if File.exist?(configfile) text = ERB.new(File.read(configfile), 0, '-').result - entire_config = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) + entire_config = YAML.respond_to?(:safe_load) ? YAML.safe_load(text, aliases: true) : YAML.load(text) Bizside::Config.new(entire_config[Bizside.env]) else Bizside::Config.new diff --git a/lib/bizside/gengou.rb b/lib/bizside/gengou.rb index f9079e3..378fb94 100755 --- a/lib/bizside/gengou.rb +++ b/lib/bizside/gengou.rb @@ -3,7 +3,7 @@ module Bizside class Gengou @@_gengou = File.join(__dir__, 'gengou.yml').then do |filename| - YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(filename, permitted_classes: [Date]) : YAML.load_file(filename) end def self.to_seireki(gengou, year_jp) diff --git a/lib/bizside/hanaita_conf.rb b/lib/bizside/hanaita_conf.rb index b3092e4..6cb5f71 100644 --- a/lib/bizside/hanaita_conf.rb +++ b/lib/bizside/hanaita_conf.rb @@ -12,7 +12,7 @@ def initialize conf_file = ENV['HANAITA_CONF'] || CONF_FILE @_conf = conf_file.then do |filename| next nil unless File.exist?(filename) - YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(filename, aliases: true) : YAML.load_file(filename) end end diff --git a/lib/bizside/itamae_conf.rb b/lib/bizside/itamae_conf.rb index 0649d57..3a1c926 100644 --- a/lib/bizside/itamae_conf.rb +++ b/lib/bizside/itamae_conf.rb @@ -42,7 +42,7 @@ def initialize if File.exist?(conf_file) @_conf ||= {} text = ERB.new(File.read(conf_file)).result - hash = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) + hash = YAML.respond_to?(:safe_load) ? YAML.safe_load(text, aliases: true) : YAML.load(text) case conf_file # itamae.yml スペシャルロジック。ROLE必須。 diff --git a/lib/bizside/resque.rb b/lib/bizside/resque.rb index 97fda6a..ea398c9 100644 --- a/lib/bizside/resque.rb +++ b/lib/bizside/resque.rb @@ -16,7 +16,7 @@ module Resque }.each do |format, file_candidates| resque_config_loader = case format when :yaml - ->(text) { YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(text) : YAML.load(text) } + ->(text) { YAML.respond_to?(:safe_load) ? YAML.safe_load(text, aliases: true) : YAML.load(text) } when :json ->(text) { ActiveSupport::JSON.decode(text) } end diff --git a/lib/bizside/uploader/extension_whitelist.rb b/lib/bizside/uploader/extension_whitelist.rb index 1e08915..f99bdfe 100644 --- a/lib/bizside/uploader/extension_whitelist.rb +++ b/lib/bizside/uploader/extension_whitelist.rb @@ -6,7 +6,7 @@ module ExtensionWhitelist included do @@extensions = Bizside.config.file_uploader.extensions_file_path.then do |filename| filename = File.join(__dir__, 'default_extensions.yml') unless filename.present? - entire_config = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(filename) : YAML.load_file(filename) + entire_config = YAML.respond_to?(:safe_load_file) ? YAML.safe_load_file(filename, aliases: true) : YAML.load_file(filename) entire_config.values end end