Skip to content

Commit

Permalink
Filter marshaled objects
Browse files Browse the repository at this point in the history
  • Loading branch information
hsbt committed Mar 19, 2024
1 parent 4797136 commit 32ff6ba
Showing 1 changed file with 26 additions and 19 deletions.
45 changes: 26 additions & 19 deletions lib/rdoc/store.rb
Original file line number Diff line number Diff line change
Expand Up @@ -556,9 +556,7 @@ def load_all
def load_cache
#orig_enc = @encoding

File.open cache_path, 'rb' do |io|
@cache = Marshal.load io.read
end
@cache = marshal_load(cache_path)

load_enc = @cache[:encoding]

Expand Down Expand Up @@ -615,9 +613,7 @@ def load_class klass_name
def load_class_data klass_name
file = class_file klass_name

File.open file, 'rb' do |io|
Marshal.load io.read
end
marshal_load(file)
rescue Errno::ENOENT => e
error = MissingFileError.new(self, file, klass_name)
error.set_backtrace e.backtrace
Expand All @@ -630,14 +626,10 @@ def load_class_data klass_name
def load_method klass_name, method_name
file = method_file klass_name, method_name

File.open file, 'rb' do |io|
obj = Marshal.load io.read
obj.store = self
obj.parent =
find_class_or_module(klass_name) || load_class(klass_name) unless
obj.parent
obj
end
obj = marshal_load(file)
obj.store = self
obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
obj
rescue Errno::ENOENT => e
error = MissingFileError.new(self, file, klass_name + method_name)
error.set_backtrace e.backtrace
Expand All @@ -650,11 +642,9 @@ def load_method klass_name, method_name
def load_page page_name
file = page_file page_name

File.open file, 'rb' do |io|
obj = Marshal.load io.read
obj.store = self
obj
end
obj = marshal_load(file)
obj.store = self
obj
rescue Errno::ENOENT => e
error = MissingFileError.new(self, file, page_name)
error.set_backtrace e.backtrace
Expand Down Expand Up @@ -976,4 +966,21 @@ def unique_modules
@unique_modules
end

private
def marshal_load(file)
File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
end

MarshalFilter = proc do |obj|
case obj
when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
else
unless obj.class.name.start_with("RDoc::")
raise TypeError, "not permitted class: #{obj.class.name}"
end
end
obj
end
private_constant :MarshalFilter

end

0 comments on commit 32ff6ba

Please sign in to comment.