/ 
YAML-PP-0.012_001
River stage four • 62 direct dependents • 1798 total dependents
⭐ Starred 24 GitHub stars
/ YAML::PP::Schema::Perl

NAME

YAML::PP::Schema::Perl - Schema for serializing perl objects and special types

SYNOPSIS

use YAML::PP;
# This can be dangerous when loading untrusted YAML!
my $yp = YAML::PP->new( schema => [qw/ JSON Perl /] );
# or
my $yp = YAML::PP->new( schema => [qw/ Core Perl /] );
my $yaml = $yp->dump_string(sub { return 23 });

# loading code references
# This is very dangerous when loading untrusted YAML!!
my $yp = YAML::PP->new( schema => [qw/ JSON Perl +loadcode /] );
my $code = $yp->load_string(<<'EOM');
--- !perl/code |
    {
        use 5.010;
        my ($name) = @_;
        say "Hello $name!";
    }
EOM
$code->("Ingy");

DESCRIPTION

This schema allows you to load and dump perl objects and special types.

Please note that loading objects of arbitrary classes can be dangerous in Perl. You have to load the modules yourself, but if an exploitable module is loaded and an object is created, its DESTROY method will be called when the object falls out of scope. File::Temp is an example that can be exploitable and might remove arbitrary files.

This code is pretty new and experimental. Typeglobs are not implemented yet. Dumping code references is on by default, but not loading (because that is easily exploitable since it's using string eval).

TAG STYLES

You can define the style of tags you want to support:

my $yp_perl_two_one = YAML::PP->new(
    schema => [qw/ JSON Perl tag=!!+! /],
);
!

Only !perl/type tags are supported.

!!

Only !!perl/type tags are supported.

!+!!

Both !perl/type and !!perl/tag are supported when loading. When dumping, !perl/type is used.

!!+!

Both !perl/type and !!perl/tag are supported when loading. When dumping, !!perl/type is used.

YAML.pm, YAML::Syck and YAML::XS are using !!perl/type when dumping.

YAML.pm and YAML::Syck are supporting both !perl/type and !!perl/type when loading. YAML::XS currently only supports the latter.

EXAMPLES

This is a list of the currently supported types and how they are dumped into YAML:

array
# Code
[
    qw/ one two three four /
]


# YAML
---
- one
- two
- three
- four
array_blessed
# Code
bless [
    qw/ one two three four /
], "Just::An::Arrayref"


# YAML
--- !perl/array:Just::An::Arrayref
- one
- two
- three
- four
circular
# Code
my $circle = bless [ 1, 2 ], 'Circle';
push @$circle, $circle;
$circle;


# YAML
--- &1 !perl/array:Circle
- 1
- 2
- *1
coderef
# Code
sub {
    my (%args) = @_;
    return $args{x} + $args{y};
}


# YAML
--- !perl/code |-
  {
      use warnings;
      use strict;
      (my(%args) = @_);
      (return ($args{'x'} + $args{'y'}));
  }
coderef_blessed
# Code
bless sub {
    my (%args) = @_;
    return $args{x} - $args{y};
}, "I::Am::Code"


# YAML
--- !perl/code:I::Am::Code |-
  {
      use warnings;
      use strict;
      (my(%args) = @_);
      (return ($args{'x'} - $args{'y'}));
  }
hash
# Code
{
    U => 2,
    B => 52,
}


# YAML
---
B: 52
U: 2
hash_blessed
# Code
bless {
    U => 2,
    B => 52,
}, 'A::Very::Exclusive::Class'


# YAML
--- !perl/hash:A::Very::Exclusive::Class
B: 52
U: 2
refref
# Code
my $ref = { a => 'hash' };
my $refref = \$ref;
$refref;


# YAML
--- !perl/ref
=:
  a: hash
refref_blessed
# Code
my $ref = { a => 'hash' };
my $refref = bless \$ref, 'Foo';
$refref;


# YAML
--- !perl/ref:Foo
=:
  a: hash
regexp
# Code
qr{unblessed}


# YAML
--- !perl/regexp unblessed
regexp_blessed
# Code
bless qr{blessed}, "Foo"


# YAML
--- !perl/regexp:Foo blessed
scalarref
# Code
my $scalar = "some string";
my $scalarref = \$scalar;
$scalarref;


# YAML
--- !perl/scalar
=: some string
scalarref_blessed
# Code
my $scalar = "some other string";
my $scalarref = bless \$scalar, 'Foo';
$scalarref;


# YAML
--- !perl/scalar:Foo
=: some other string

METHODS

register

A class method called by YAML::PP::Schema