From 37f71c1eace8f1cb4931a7e4c316b94c67688d14 Mon Sep 17 00:00:00 2001 From: John Hawthorn Date: Wed, 11 Mar 2026 18:01:25 -0700 Subject: [PATCH 1/5] Restore original SafeYAML.load under Psych This was changed to unsafe_load with the swap to YAMLSerializer. But this method did not previously do an unsafe load and we shouldn't provide that. --- lib/rubygems/safe_yaml.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb index c59b46535862..4f6968798139 100644 --- a/lib/rubygems/safe_yaml.rb +++ b/lib/rubygems/safe_yaml.rb @@ -50,11 +50,7 @@ def self.safe_load(input) def self.load(input) if Gem.use_psych? - if ::Psych.respond_to?(:unsafe_load) - ::Psych.unsafe_load(input) - else - ::Psych.load(input) - end + ::Psych.safe_load(input, permitted_classes: [::Symbol]) else Gem::YAMLSerializer.load( input, From 227df53bc526a8274deef2bba9bff14aa2ab6380 Mon Sep 17 00:00:00 2001 From: John Hawthorn Date: Wed, 11 Mar 2026 18:14:40 -0700 Subject: [PATCH 2/5] Unpend owner_command test --- test/rubygems/test_gem_commands_owner_command.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb index 8cd40e0eedde..08df696616b8 100644 --- a/test/rubygems/test_gem_commands_owner_command.rb +++ b/test/rubygems/test_gem_commands_owner_command.rb @@ -57,10 +57,6 @@ def test_show_owners def test_show_owners_dont_load_objects Gem.load_yaml - # Gem::SafeYAML.load uses Psych.unsafe_load when Psych is enabled, - # which does not restrict classes. Only YAMLSerializer restricts object tags. - pend "Gem::SafeYAML.load uses Psych.unsafe_load which does not restrict classes" if Gem.use_psych? - response = < Date: Wed, 11 Mar 2026 18:14:56 -0700 Subject: [PATCH 3/5] Use safe_load from owner_command This had been the only user of Gem::SafeYAML.load for a long time. We might as well be consistent with all other uses and use safe_load. --- lib/rubygems/commands/owner_command.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rubygems/commands/owner_command.rb b/lib/rubygems/commands/owner_command.rb index 12bfe3a834b7..18e612bc1b64 100644 --- a/lib/rubygems/commands/owner_command.rb +++ b/lib/rubygems/commands/owner_command.rb @@ -75,7 +75,7 @@ def show_owners(name) end with_response response do |resp| - owners = Gem::SafeYAML.load clean_text(resp.body) + owners = Gem::SafeYAML.safe_load clean_text(resp.body) say "Owners for gem: #{name}" owners.each do |owner| From 51544ebfd8304226419ebca0be6b84849f1585fc Mon Sep 17 00:00:00 2001 From: John Hawthorn Date: Wed, 11 Mar 2026 18:39:03 -0700 Subject: [PATCH 4/5] Update load_yaml test helper to use safe_load --- test/rubygems/helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/rubygems/helper.rb b/test/rubygems/helper.rb index 783818b6eb6f..5f5f2e03b101 100644 --- a/test/rubygems/helper.rb +++ b/test/rubygems/helper.rb @@ -735,10 +735,10 @@ def write_dummy_extconf(gem_name) end ## - # Load a YAML string, the psych 3 way + # Load a YAML string using the safe loader with gem-spec permitted classes. def load_yaml(yaml) - Gem::SafeYAML.load(yaml) + Gem::SafeYAML.safe_load(yaml) end ## From d8d927f889ffe77398dbea6cec5f8c461c8dd650 Mon Sep 17 00:00:00 2001 From: John Hawthorn Date: Wed, 11 Mar 2026 19:55:44 -0700 Subject: [PATCH 5/5] Make SafeYAML.load an alias of safe_load Using Psych, load was actually more restrictive than safe_load. Using Gem::YAMLSerializer they were identical. We might as well use the same path for both methods. --- lib/rubygems/safe_yaml.rb | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb index 4f6968798139..f4bba001365f 100644 --- a/lib/rubygems/safe_yaml.rb +++ b/lib/rubygems/safe_yaml.rb @@ -48,17 +48,8 @@ def self.safe_load(input) end end - def self.load(input) - if Gem.use_psych? - ::Psych.safe_load(input, permitted_classes: [::Symbol]) - else - Gem::YAMLSerializer.load( - input, - permitted_classes: PERMITTED_CLASSES, - permitted_symbols: PERMITTED_SYMBOLS, - aliases: aliases_enabled? - ) - end + class << self + alias_method :load, :safe_load end end end