From a5f9d5edf820f37310864f7dfbd584f8c30f8016 Mon Sep 17 00:00:00 2001 From: Sutou Kouhei Date: Mon, 18 May 2026 13:26:45 +0900 Subject: [PATCH] Fix a bug that `Gem::YAMLSerializer.load` ignores quotation `"a: b"` must be processed as a string value (`a: b`) not a map value (`{"a" => "b"}`). --- lib/rubygems/yaml_serializer.rb | 4 ++++ test/rubygems/test_gem_safe_yaml.rb | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/lib/rubygems/yaml_serializer.rb b/lib/rubygems/yaml_serializer.rb index 46e665196b2b..9d0f429375e6 100644 --- a/lib/rubygems/yaml_serializer.rb +++ b/lib/rubygems/yaml_serializer.rb @@ -95,6 +95,10 @@ def parse_node(base_indent) if stripped.start_with?("- ") || stripped == "-" parse_sequence(indent, anchor) + elsif stripped.start_with?("\"") && stripped.end_with?("\"") + parse_plain_scalar(indent, anchor) + elsif stripped.start_with?("'") && stripped.end_with?("'") + parse_plain_scalar(indent, anchor) elsif stripped =~ MAPPING_KEY_RE && !stripped.start_with?("!ruby/object:") parse_mapping(indent, anchor) elsif stripped.start_with?("!ruby/object:") diff --git a/test/rubygems/test_gem_safe_yaml.rb b/test/rubygems/test_gem_safe_yaml.rb index fbf19776405c..d6fef1d7de9f 100644 --- a/test/rubygems/test_gem_safe_yaml.rb +++ b/test/rubygems/test_gem_safe_yaml.rb @@ -318,6 +318,20 @@ def test_requirements_hash_converted_to_array assert_kind_of Hash, reqs end + def test_requirement_quote + yaml = <<~YAML + requirements: + - "system: arrow-glib>=25.0.0: amazon_linux: arrow-glib-devel" + - 'system: arrow-glib>=25.0.0: fedora: libarrow-glib-devel' + YAML + + expected = [ + "system: arrow-glib>=25.0.0: amazon_linux: arrow-glib-devel", + "system: arrow-glib>=25.0.0: fedora: libarrow-glib-devel", + ] + assert_equal expected, yaml_load(yaml)["requirements"] + end + def test_rdoc_options_hash_converted_to_array # Some gemspecs incorrectly have rdoc_options: {} instead of rdoc_options: [] yaml = <<~YAML