class HashParser

Whiltelist based hash string parser

Constants

ALLOWED_CLASSES: a literal is strings, regex, numeric github.com/seattlerb/ruby_parser/blob/master/lib/ruby19_parser.y#L890
BadHash
VERSION

Public Instance Methods

safe_load(string) click to toggle source

# File lib/hash_parser.rb, line 13
def safe_load(string)
  raise BadHash, "#{ string } is a bad hash" unless safe?(string)
  eval(string)
end

Private Instance Methods

safe?(string) click to toggle source

# File lib/hash_parser.rb, line 20
def safe?(string)
  expression = RubyParser.new.parse(string)
  return false unless expression.head == :hash # root has to be a hash

  # can be optimized to do an ACTUAL_CLASSES - ALLOWED_CLASSES == []
  expression.deep_each.all? do |child|
    ALLOWED_CLASSES.include?(child.head)
  end
end