YAML::PP::Schema::Perl - Schema for serializing perl objects and special types
use YAML::PP; # This can be dangerous when loading untrusted YAML! my $yp = YAML::PP->new( schema => [qw/ JSON Perl /] ); # or my $yp = YAML::PP->new( schema => [qw/ Core Perl /] ); my $yaml = $yp->dump_string(sub { return 23 }); # loading code references # This is very dangerous when loading untrusted YAML!! my $yp = YAML::PP->new( schema => [qw/ JSON Perl +loadcode /] ); my $code = $yp->load_string(<<'EOM'); --- !perl/code | { use 5.010; my ($name) = @_; say "Hello $name!"; } EOM $code->("Ingy");
This schema allows you to load and dump perl objects and special types.
Please note that loading objects of arbitrary classes can be dangerous in Perl. You have to load the modules yourself, but if an exploitable module is loaded and an object is created, its DESTROY method will be called when the object falls out of scope. File::Temp is an example that can be exploitable and might remove arbitrary files.
DESTROY
This code is pretty new and experimental. Typeglobs are not implemented yet. Dumping code references is on by default, but not loading (because that is easily exploitable since it's using string eval).
eval
You can define the style of tags you want to support:
my $yp_perl_two_one = YAML::PP->new( schema => [qw/ JSON Perl tag=!!perl+!perl /], );
!perl
Only !perl/type tags are supported.
!perl/type
!!perl
Only !!perl/type tags are supported.
!!perl/type
!perl+!!perl
Both !perl/type and !!perl/tag are supported when loading. When dumping, !perl/type is used.
!!perl/tag
!!perl+!perl
Both !perl/type and !!perl/tag are supported when loading. When dumping, !!perl/type is used.
YAML.pm, YAML::Syck and YAML::XS are using !!perl/type when dumping.
YAML.pm and YAML::Syck are supporting both !perl/type and !!perl/type when loading. YAML::XS currently only supports the latter.
This is a list of the currently supported types and how they are dumped into YAML:
# Code [ qw/ one two three four / ] # YAML --- - one - two - three - four
# Code bless [ qw/ one two three four / ], "Just::An::Arrayref" # YAML --- !perl/array:Just::An::Arrayref - one - two - three - four
# Code my $circle = bless [ 1, 2 ], 'Circle'; push @$circle, $circle; $circle; # YAML --- &1 !perl/array:Circle - 1 - 2 - *1
# Code sub { my (%args) = @_; return $args{x} + $args{y}; } # YAML --- !perl/code |- { use warnings; use strict; (my(%args) = @_); (return ($args{'x'} + $args{'y'})); }
# Code bless sub { my (%args) = @_; return $args{x} - $args{y}; }, "I::Am::Code" # YAML --- !perl/code:I::Am::Code |- { use warnings; use strict; (my(%args) = @_); (return ($args{'x'} - $args{'y'})); }
# Code { U => 2, B => 52, } # YAML --- B: 52 U: 2
# Code bless { U => 2, B => 52, }, 'A::Very::Exclusive::Class' # YAML --- !perl/hash:A::Very::Exclusive::Class B: 52 U: 2
# Code my $ref = { a => 'hash' }; my $refref = \$ref; $refref; # YAML --- !perl/ref =: a: hash
# Code my $ref = { a => 'hash' }; my $refref = bless \$ref, 'Foo'; $refref; # YAML --- !perl/ref:Foo =: a: hash
# Code qr{unblessed} # YAML --- !perl/regexp unblessed
# Code bless qr{blessed}, "Foo" # YAML --- !perl/regexp:Foo blessed
# Code my $scalar = "some string"; my $scalarref = \$scalar; $scalarref; # YAML --- !perl/scalar =: some string
# Code my $scalar = "some other string"; my $scalarref = bless \$scalar, 'Foo'; $scalarref; # YAML --- !perl/scalar:Foo =: some other string
A class method called by YAML::PP::Schema
Perl variables of the type REF are represented in yaml like this:
REF
--- !perl/ref =: a: 1
construct_ref returns the perl data:
construct_ref
my $data = YAML::PP::Schema::Perl->construct_ref([ '=', { some => 'data' } ); my $data = \{ a => 1 };
represent_ref turns a REF variable into a YAML mapping:
represent_ref
my $data = YAML::PP::Schema::Perl->represent_ref(\{ a => 1 }); my $data = { '=' => { a => 1 } };
Perl variables of the type SCALAR are represented in yaml like this:
SCALAR
--- !perl/scalar =: string
construct_scalar returns the perl data:
construct_scalar
my $data = YAML::PP::Schema::Perl->construct_ref([ '=', 'string' ); my $data = \'string';
represent_scalar turns a SCALAR variable into a YAML mapping:
represent_scalar
my $data = YAML::PP::Schema::Perl->represent_scalar(\'string'); my $data = { '=' => 'string' };
construct_regex returns a qr{} object from the YAML string:
construct_regex
qr{}
my $qr = YAML::PP::Schema::Perl->construct_regex('foo.*');
represent_regex returns a string representing the regex object:
represent_regex
my $string = YAML::PP::Schema::Perl->represent_regex(qr{...});
evaluate_code returns a code reference from a string. The string must start with a { and end with a }.
evaluate_code
{
}
my $code = YAML::PP::Schema::Perl->evaluate_code('{ return 23 }');
represent_code returns a string representation of the code reference with the help of B::Deparse:
represent_code
my $string = YAML::PP::Schema::Perl->represent_code(sub { return 23 });
Does the same as bless:
bless
my $object = YAML::PP::Schema::Perl->object($data, $class);
To install YAML::PP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm YAML::PP
CPAN shell
perl -MCPAN -e shell install YAML::PP
For more information on module installation, please visit the detailed CPAN module installation guide.