mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-03 19:05:38 +00:00
Compare commits
7 Commits
d91418bdde
...
bd28be0b1e
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
bd28be0b1e | ||
|
|
8e2c9b612d | ||
|
|
0970cd4b05 | ||
|
|
bf3591a234 | ||
|
|
09f1565d51 | ||
|
|
13d340ff51 | ||
|
|
be5d5da882 |
6
.github/workflows/codeql.yml
vendored
6
.github/workflows/codeql.yml
vendored
@ -44,7 +44,7 @@ jobs:
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
|
||||
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
@ -55,7 +55,7 @@ jobs:
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
|
||||
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
@ -69,4 +69,4 @@ jobs:
|
||||
# make release
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
|
||||
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||
|
||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@ -43,7 +43,7 @@ jobs:
|
||||
man.md
|
||||
|
||||
- name: Install cosign
|
||||
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
|
||||
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
|
||||
|
||||
- name: Cross compile
|
||||
run: |
|
||||
|
||||
2
.github/workflows/scorecard.yml
vendored
2
.github/workflows/scorecard.yml
vendored
@ -73,6 +73,6 @@ jobs:
|
||||
# Upload the results to GitHub's code scanning dashboard (optional).
|
||||
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
|
||||
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM golang:1.26.4@sha256:68cb6d68bed024785b69195b89af7ac7a444f27791435f98647edff595aa0479 AS builder
|
||||
FROM golang:1.26.4@sha256:11fd8f7f63db3b6fb198797042ba4c40a4a34dc83325d3328ca3bc4bb7726786 AS builder
|
||||
|
||||
WORKDIR /go/src/mikefarah/yq
|
||||
|
||||
@ -10,7 +10,7 @@ RUN ./scripts/acceptance.sh
|
||||
|
||||
# Choose alpine as a base image to make this useful for CI, as many
|
||||
# CI tools expect an interactive shell inside the container
|
||||
FROM alpine:3@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 AS production
|
||||
FROM alpine:3@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 AS production
|
||||
LABEL maintainer="Mike Farah <mikefarah@users.noreply.github.com>"
|
||||
|
||||
COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM golang:1.26.4@sha256:68cb6d68bed024785b69195b89af7ac7a444f27791435f98647edff595aa0479
|
||||
FROM golang:1.26.4@sha256:11fd8f7f63db3b6fb198797042ba4c40a4a34dc83325d3328ca3bc4bb7726786
|
||||
|
||||
COPY scripts/devtools.sh /opt/devtools.sh
|
||||
|
||||
|
||||
6
go.mod
6
go.mod
@ -22,7 +22,7 @@ require (
|
||||
go.yaml.in/yaml/v4 v4.0.0-rc.5
|
||||
golang.org/x/mod v0.36.0
|
||||
golang.org/x/net v0.55.0
|
||||
golang.org/x/text v0.37.0
|
||||
golang.org/x/text v0.38.0
|
||||
)
|
||||
|
||||
require (
|
||||
@ -33,9 +33,9 @@ require (
|
||||
github.com/mattn/go-colorable v0.1.14 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
|
||||
golang.org/x/sync v0.20.0 // indirect
|
||||
golang.org/x/sync v0.21.0 // indirect
|
||||
golang.org/x/sys v0.45.0 // indirect
|
||||
golang.org/x/tools v0.44.0 // indirect
|
||||
golang.org/x/tools v0.45.0 // indirect
|
||||
)
|
||||
|
||||
go 1.25.0
|
||||
|
||||
12
go.sum
12
go.sum
@ -74,15 +74,15 @@ golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
|
||||
golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
|
||||
golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
|
||||
golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
|
||||
golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
|
||||
golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
|
||||
golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
|
||||
golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
|
||||
golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
|
||||
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
|
||||
golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
|
||||
golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
|
||||
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
|
||||
golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
|
||||
golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
|
||||
golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
||||
@ -81,10 +81,13 @@ var base64Scenarios = []formatScenario{
|
||||
scenarioType: "decode",
|
||||
},
|
||||
{
|
||||
skipDoc: true,
|
||||
description: "decode yaml document",
|
||||
input: base64EncodedYaml,
|
||||
expected: base64DecodedYaml + "\n",
|
||||
skipDoc: true,
|
||||
description: "decode yaml document",
|
||||
input: base64EncodedYaml,
|
||||
// The decoded payload ("a: apple\n") would re-parse as a map if
|
||||
// emitted bare, so the yaml encoder keeps it as a block literal to
|
||||
// preserve roundtrip safety. See issue #2608.
|
||||
expected: "|\n a: apple\n",
|
||||
scenarioType: "decode",
|
||||
},
|
||||
{
|
||||
|
||||
@ -35,7 +35,7 @@ func (ye *yamlEncoder) Encode(writer io.Writer, node *CandidateNode) error {
|
||||
if strings.Contains(node.LeadingContent, "\r\n") {
|
||||
lineEnding = "\r\n"
|
||||
}
|
||||
if node.Kind == ScalarNode && ye.prefs.UnwrapScalar {
|
||||
if node.Kind == ScalarNode && ye.prefs.UnwrapScalar && !bareStringNeedsQuoting(node) {
|
||||
valueToPrint := node.Value
|
||||
if node.LeadingContent == "" || valueToPrint != "" {
|
||||
valueToPrint = valueToPrint + lineEnding
|
||||
@ -78,3 +78,28 @@ func (ye *yamlEncoder) Encode(writer io.Writer, node *CandidateNode) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// bareStringNeedsQuoting reports whether a top-level string scalar would be
|
||||
// structurally reinterpreted if emitted as an unquoted bare value. The
|
||||
// unwrap-scalar fast-path writes node.Value verbatim, which silently turns a
|
||||
// string like "this: should really work" into a mapping on the next read, or
|
||||
// "- item" into a sequence. When this returns true the caller falls through
|
||||
// to the full yaml encoder, which applies the quoting style required by the
|
||||
// YAML spec. Scalar-to-scalar reinterpretations (e.g. "123" parsing as an int
|
||||
// tag) are not covered here: they preserve the node shape and are handled by
|
||||
// callers that care about explicit tag preservation.
|
||||
func bareStringNeedsQuoting(node *CandidateNode) bool {
|
||||
if node.Tag != "!!str" {
|
||||
return false
|
||||
}
|
||||
var parsed yaml.Node
|
||||
if err := yaml.Unmarshal([]byte(node.Value), &parsed); err != nil {
|
||||
// Unparseable bare form (e.g. control characters): leave it on the
|
||||
// fast-path so callers that check for those characters still see them.
|
||||
return false
|
||||
}
|
||||
if parsed.Kind != yaml.DocumentNode || len(parsed.Content) != 1 {
|
||||
return false
|
||||
}
|
||||
return parsed.Content[0].Kind != yaml.ScalarNode
|
||||
}
|
||||
|
||||
84
pkg/yqlib/encoder_yaml_test.go
Normal file
84
pkg/yqlib/encoder_yaml_test.go
Normal file
@ -0,0 +1,84 @@
|
||||
package yqlib
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
// TestYamlEncoderUnwrapScalarRoundtripSafety verifies that a top-level string
|
||||
// scalar whose unquoted form would re-parse as a non-scalar node (map or
|
||||
// sequence) is emitted quoted even when UnwrapScalar is enabled. Safe plain
|
||||
// strings continue to round-trip through the existing fast-path. See #2608.
|
||||
func TestYamlEncoderUnwrapScalarRoundtripSafety(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
value string
|
||||
wantBare bool // true: output equals value+"\n"; false: output must differ
|
||||
}{
|
||||
{name: "colon_parses_as_map", value: "this: should really work"},
|
||||
{name: "dash_parses_as_seq", value: "- item"},
|
||||
{name: "multiline_maplike", value: "a: a\nb: b"},
|
||||
{name: "safe_plain_string", value: "hello world", wantBare: true},
|
||||
{name: "safe_identifier", value: "cat", wantBare: true},
|
||||
{name: "safe_digits_preserved", value: "123", wantBare: true},
|
||||
{name: "safe_null_word_preserved", value: "null", wantBare: true},
|
||||
{name: "safe_tag_shorthand_preserved", value: "!!int", wantBare: true},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
prefs := NewDefaultYamlPreferences()
|
||||
prefs.UnwrapScalar = true
|
||||
|
||||
var buf bytes.Buffer
|
||||
err := NewYamlEncoder(prefs).Encode(&buf, &CandidateNode{
|
||||
Kind: ScalarNode,
|
||||
Tag: "!!str",
|
||||
Value: tc.value,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatalf("encode failed: %v", err)
|
||||
}
|
||||
got := buf.String()
|
||||
|
||||
if tc.wantBare {
|
||||
if got != tc.value+"\n" {
|
||||
t.Fatalf("expected bare %q, got %q", tc.value+"\n", got)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Ambiguous input: must not be emitted as the bare value.
|
||||
if got == tc.value+"\n" {
|
||||
t.Fatalf("value %q was emitted bare; expected quoted form", tc.value)
|
||||
}
|
||||
|
||||
// The output must round-trip back to a string scalar with the
|
||||
// same value, proving structural roundtrip safety.
|
||||
decoder := NewYamlDecoder(NewDefaultYamlPreferences())
|
||||
nodes, err := readDocuments(strings.NewReader(got), "test.yaml", 0, decoder)
|
||||
if err != nil {
|
||||
t.Fatalf("decode of %q failed: %v", got, err)
|
||||
}
|
||||
if nodes.Len() != 1 {
|
||||
t.Fatalf("expected one document, got %d", nodes.Len())
|
||||
}
|
||||
candidate := nodes.Front().Value.(*CandidateNode)
|
||||
// readDocuments wraps the document; descend to the scalar.
|
||||
scalar := candidate
|
||||
for scalar.Kind != ScalarNode && len(scalar.Content) == 1 {
|
||||
scalar = scalar.Content[0]
|
||||
}
|
||||
if scalar.Kind != ScalarNode {
|
||||
t.Fatalf("round-tripped node is not a scalar: kind=%v value=%q", scalar.Kind, scalar.Value)
|
||||
}
|
||||
if scalar.Tag != "!!str" {
|
||||
t.Fatalf("round-tripped tag is %q, want !!str", scalar.Tag)
|
||||
}
|
||||
if scalar.Value != tc.value {
|
||||
t.Fatalf("round-tripped value is %q, want %q", scalar.Value, tc.value)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user