From 88a8d4793473259b392241f1e2d20d39bd96b214 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Thu, 20 Jan 2022 18:34:19 +0000
Subject: use YAML.unsafe_load in Psych 4.x (Ruby 3.1+)

Psych 4.x defaults to "nanny mode" to handle untrusted data.
This causes breakage with since YAML references (aliases)
emitted by dtas-player can't be handled by Psych clients under
Ruby 3.1.  Since dtas is single user and is a shell designed to
run arbitrary code, favor the new YAML.unsafe_load API which
behaves like the old YAML.load in Ruby <= 3.0.
---
 lib/dtas.rb                | 6 ++++++
 lib/dtas/source/splitfx.rb | 4 ++--
 lib/dtas/state_file.rb     | 4 ++--
 3 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/dtas.rb b/lib/dtas.rb
index 477a176..cb7c33d 100644
--- a/lib/dtas.rb
+++ b/lib/dtas.rb
@@ -25,6 +25,12 @@ module DTAS
       Fiddle.dlopen(nil)
     end
   end
+
+  # prevent breakage in Psych 4.x; we're a shell and designed to execute code
+  def self.yaml_load(buf)
+    require 'yaml'
+    YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(buf) : YAML.load(buf)
+  end
   # :startdoc:
 end
 
diff --git a/lib/dtas/source/splitfx.rb b/lib/dtas/source/splitfx.rb
index 11e4190..afeb6a3 100644
--- a/lib/dtas/source/splitfx.rb
+++ b/lib/dtas/source/splitfx.rb
@@ -1,4 +1,4 @@
-# Copyright (C) 2014-2020 all contributors <dtas-all@nongnu.org>
+# Copyright (C) all contributors <dtas-all@nongnu.org>
 # License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 # frozen_string_literal: true
 require 'yaml'
@@ -36,7 +36,7 @@ class DTAS::Source::SplitFX < DTAS::Source::Sox # :nodoc:
 
     sfx = DTAS::SplitFX.new
     Dir.chdir(File.dirname(ymlfile)) do # ugh
-      @ymlhash = YAML.load(buf)
+      @ymlhash = DTAS.yaml_load(buf)
       @ymlhash['tracks'] ||= [ "t 0 default" ]
       sfx.import(@ymlhash)
       sfx.infile.replace(File.expand_path(sfx.infile))
diff --git a/lib/dtas/state_file.rb b/lib/dtas/state_file.rb
index eac3e2f..f16a866 100644
--- a/lib/dtas/state_file.rb
+++ b/lib/dtas/state_file.rb
@@ -1,4 +1,4 @@
-# Copyright (C) 2013-2020 all contributors <dtas-all@nongnu.org>
+# Copyright (C) all contributors <dtas-all@nongnu.org>
 # License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 # frozen_string_literal: true
 require 'yaml'
@@ -14,7 +14,7 @@ class DTAS::StateFile # :nodoc:
   end
 
   def tryload
-    YAML.load(IO.binread(@path)) if File.readable?(@path)
+    DTAS.yaml_load(IO.binread(@path)) if File.readable?(@path)
   end
 
   def dump(obj, force_fsync = false)
-- 
cgit v1.2.3-24-ge0c7