/ 
YAML-PP-0.011_002
River stage four • 62 direct dependents • 1798 total dependents
⭐ Starred 24 GitHub stars
/ YAML::PP::Schema::Perl

NAME

YAML::PP::Schema::Perl - Schema for serializing perl objects and special types

SYNOPSIS

use YAML::PP;
# This can be dangerous when loading untrusted YAML!
my $yp = YAML::PP->new( schema => [qw/ JSON Perl /] );
# or
my $yp = YAML::PP->new( schema => [qw/ Core Perl /] );
my $yaml = $yp->dump_string(sub { return 23 });

# loading code references
# This is very dangerous when loading untrusted YAML!!
my $yp = YAML::PP->new( schema => [qw/ JSON Perl +loadcode /] );
my $code = $yp->load_string(<<'EOM');
--- !perl/code |
    {
        use 5.010;
        my ($name) = @_;
        say "Hello $name!";
    }
EOM
$code->("Ingy");

DESCRIPTION

This schema allows you to dump perl objects and special types to YAML.

Please note that loading objects of arbitrary classes can be dangerous in Perl. You have to load the modules yourself, but if an exploitable module is loaded and an object is created, its DESTROY method will be called when the object falls out of scope. File::Temp is an example that can be exploitable and might remove arbitrary files.

This code is pretty new and experimental. Typeglobs are not implemented yet. Dumping code references is on by default, but not loading (because that is easily exploitable since it's using string eval).

Currently it only supports tags with a single exclamation mark. YAML.pm and YAML::Syck are supporting both !perl/type:... and !!perl/type:.... YAML::XS currently only supports the latter.

I want to support both styles via an option.

EXAMPLES

This is a list of the currently supported types and how they are dumped into YAML:

array
# Code
[
    qw/ one two three four /
]


# YAML
---
- one
- two
- three
- four
array_blessed
# Code
bless [
    qw/ one two three four /
], "Just::An::Arrayref"


# YAML
--- !perl/array:Just::An::Arrayref
- one
- two
- three
- four
circular
# Code
my $circle = bless [ 1, 2 ], 'Circle';
push @$circle, $circle;
$circle;


# YAML
--- &1 !perl/array:Circle
- 1
- 2
- *1
coderef
# Code
sub {
    my (%args) = @_;
    return $args{x} + $args{y};
}


# YAML
--- !perl/code |-
  {
      use warnings;
      use strict;
      (my(%args) = @_);
      (return ($args{'x'} + $args{'y'}));
  }
coderef_blessed
# Code
bless sub {
    my (%args) = @_;
    return $args{x} - $args{y};
}, "I::Am::Code"


# YAML
--- !perl/code:I::Am::Code |-
  {
      use warnings;
      use strict;
      (my(%args) = @_);
      (return ($args{'x'} - $args{'y'}));
  }
hash
# Code
{
    U => 2,
    B => 52,
}


# YAML
---
B: 52
U: 2
hash_blessed
# Code
bless {
    U => 2,
    B => 52,
}, 'A::Very::Exclusive::Class'


# YAML
--- !perl/hash:A::Very::Exclusive::Class
B: 52
U: 2
refref
# Code
my $ref = { a => 'hash' };
my $refref = \$ref;
$refref;


# YAML
--- !perl/ref
=:
  a: hash
refref_blessed
# Code
my $ref = { a => 'hash' };
my $refref = bless \$ref, 'Foo';
$refref;


# YAML
--- !perl/ref:Foo
=:
  a: hash
regexp
# Code
qr{unblessed}


# YAML
--- !perl/regexp unblessed
regexp_blessed
# Code
bless qr{blessed}, "Foo"


# YAML
--- !perl/regexp:Foo blessed
scalarref
# Code
my $scalar = "some string";
my $scalarref = \$scalar;
$scalarref;


# YAML
--- !perl/scalar
=: some string
scalarref_blessed
# Code
my $scalar = "some other string";
my $scalarref = bless \$scalar, 'Foo';
$scalarref;


# YAML
--- !perl/scalar:Foo
=: some other string

METHODS

register

A class method called by YAML::PP::Schema