Merge PR #45660

rafaelfranca · rafaelfranca · commit 4a075537dc05 · 2022-11-23T18:31:12.000Z
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   Allow per attribute setting of YAML permitted classes (safe load) and unsafe load.
+
+    *Carlos Palhares*
+
 *   Add a build persistence method
 
     Provides a wrapper for `new`, to provide feature parity with `create`s
diff --git a/activerecord/lib/active_record/attribute_methods/serialization.rb b/activerecord/lib/active_record/attribute_methods/serialization.rb
@@ -51,6 +51,9 @@ module ClassMethods
         #     using the coder's <tt>dump(value)</tt> method, and will be
         #     deserialized using the coder's <tt>load(string)</tt> method. The
         #     +dump+ method may return +nil+ to serialize the value as +NULL+.
+        # * +yaml+ - Optional. Yaml specific options. The allowed config is:
+        #   * +:permitted_classes+ - +Array+ with the permitted classes.
+        #   * +:unsafe_load+ - Unsafely load YAML blobs, allow YAML to load any class.
         #
         # ==== Options
         #
@@ -78,6 +81,12 @@ module ClassMethods
         #     serialize :preferences, Hash
         #   end
         #
+        # ===== Serializes +preferences+ to YAML, permitting select classes
+        #
+        #   class User < ActiveRecord::Base
+        #     serialize :preferences, yaml: { permitted_classes: [Symbol, Time] }
+        #   end
+        #
         # ===== Serialize the +preferences+ attribute using a custom coder
         #
         #   class Rot13JSON
@@ -100,7 +109,7 @@ module ClassMethods
         #     serialize :preferences, Rot13JSON
         #   end
         #
-        def serialize(attr_name, class_name_or_coder = Object, **options)
+        def serialize(attr_name, class_name_or_coder = Object, yaml: {}, **options)
           # When ::JSON is used, force it to go through the Active Support JSON encoder
           # to ensure special objects (e.g. Active Record models) are dumped correctly
           # using the #as_json hook.
@@ -109,7 +118,7 @@ def serialize(attr_name, class_name_or_coder = Object, **options)
           elsif [:load, :dump].all? { |x| class_name_or_coder.respond_to?(x) }
             class_name_or_coder
           else
-            Coders::YAMLColumn.new(attr_name, class_name_or_coder)
+            Coders::YAMLColumn.new(attr_name, class_name_or_coder, **yaml)
           end
 
           attribute(attr_name, **options) do |cast_type|
diff --git a/activerecord/lib/active_record/coders/yaml_column.rb b/activerecord/lib/active_record/coders/yaml_column.rb
@@ -7,9 +7,11 @@ module Coders # :nodoc:
     class YAMLColumn # :nodoc:
       attr_accessor :object_class
 
-      def initialize(attr_name, object_class = Object)
+      def initialize(attr_name, object_class = Object, permitted_classes: [], unsafe_load: nil)
         @attr_name = attr_name
         @object_class = object_class
+        @permitted_classes = permitted_classes
+        @unsafe_load = unsafe_load
         check_arity_of_constructor
       end
 
@@ -39,6 +41,14 @@ def assert_valid_value(obj, action:)
       end
 
       private
+        def permitted_classes
+          [*ActiveRecord.yaml_column_permitted_classes, *@permitted_classes]
+        end
+
+        def unsafe_load?
+          @unsafe_load.nil? ? ActiveRecord.use_yaml_unsafe_load : @unsafe_load
+        end
+
         def check_arity_of_constructor
           load(nil)
         rescue ArgumentError
@@ -47,18 +57,18 @@ def check_arity_of_constructor
 
         if YAML.respond_to?(:unsafe_load)
           def yaml_load(payload)
-            if ActiveRecord.use_yaml_unsafe_load
+            if unsafe_load?
               YAML.unsafe_load(payload)
             else
-              YAML.safe_load(payload, permitted_classes: ActiveRecord.yaml_column_permitted_classes, aliases: true)
+              YAML.safe_load(payload, permitted_classes: permitted_classes, aliases: true)
             end
           end
         else
           def yaml_load(payload)
-            if ActiveRecord.use_yaml_unsafe_load
+            if unsafe_load?
               YAML.load(payload)
             else
-              YAML.safe_load(payload, permitted_classes: ActiveRecord.yaml_column_permitted_classes, aliases: true)
+              YAML.safe_load(payload, permitted_classes: permitted_classes, aliases: true)
             end
           end
         end
diff --git a/activerecord/test/cases/coders/yaml_column_test.rb b/activerecord/test/cases/coders/yaml_column_test.rb
@@ -6,9 +6,14 @@ module ActiveRecord
   module Coders
     class YAMLColumnTest < ActiveRecord::TestCase
       setup do
+        @use_yaml_unsafe_load = ActiveRecord.use_yaml_unsafe_load
         ActiveRecord.use_yaml_unsafe_load = true
       end
 
+      teardown do
+        ActiveRecord.use_yaml_unsafe_load = @use_yaml_unsafe_load
+      end
+
       def test_initialize_takes_class
         coder = YAMLColumn.new("attr_name", Object)
         assert_equal Object, coder.object_class
@@ -69,10 +74,16 @@ def test_load_doesnt_handle_undefined_class_or_module
 
     class YAMLColumnTestWithSafeLoad < YAMLColumnTest
       setup do
+        @use_yaml_unsafe_load = ActiveRecord.use_yaml_unsafe_load
         @yaml_column_permitted_classes_default = ActiveRecord.yaml_column_permitted_classes
         ActiveRecord.use_yaml_unsafe_load = false
       end
 
+      teardown do
+        ActiveRecord.use_yaml_unsafe_load = @use_yaml_unsafe_load
+        ActiveRecord.yaml_column_permitted_classes = @yaml_column_permitted_classes_default
+      end
+
       def test_yaml_column_permitted_classes_are_consumed_by_safe_load
         ActiveRecord.yaml_column_permitted_classes = [Symbol, Time]
 
@@ -84,8 +95,45 @@ def test_yaml_column_permitted_classes_are_consumed_by_safe_load
           coder.load(time_yaml)
           coder.load(symbol_yaml)
         end
+      end
 
-        ActiveRecord.yaml_column_permitted_classes = @yaml_column_permitted_classes_default
+      def test_yaml_column_permitted_classes_option
+        ActiveRecord.yaml_column_permitted_classes = [Symbol]
+
+        coder = YAMLColumn.new("attr_name", permitted_classes: [Time])
+        time_yaml = YAML.dump(Time.new)
+        symbol_yaml = YAML.dump(:somesymbol)
+
+        assert_nothing_raised do
+          coder.load(time_yaml)
+          coder.load(symbol_yaml)
+        end
+      end
+
+      def test_yaml_column_unsafe_load_option
+        ActiveRecord.use_yaml_unsafe_load = false
+        ActiveRecord.yaml_column_permitted_classes = []
+
+        coder = YAMLColumn.new("attr_name", unsafe_load: true)
+        time_yaml = YAML.dump(Time.new)
+        symbol_yaml = YAML.dump(:somesymbol)
+
+        assert_nothing_raised do
+          coder.load(time_yaml)
+          coder.load(symbol_yaml)
+        end
+      end
+
+      def test_yaml_column_override_unsafe_load_option
+        ActiveRecord.use_yaml_unsafe_load = true
+        ActiveRecord.yaml_column_permitted_classes = []
+
+        coder = YAMLColumn.new("attr_name", unsafe_load: false)
+        time_yaml = YAML.dump(Time.new)
+
+        assert_raises(Psych::DisallowedClass) do
+          coder.load(time_yaml)
+        end
       end
 
       def test_load_doesnt_handle_undefined_class_or_module
