Merge pull request #554 from jrafanie/permit_yaml_safe_load_of_aliases

Permit yaml safe_load of aliases in automate ruby methods

Author: Fryguy

lib/miq_automation_engine/engine/miq_ae_engine/drb_remote_invoker.rb

@@ -110,6 +110,14 @@ class AutomateMethodException < StandardError
   require 'drb'
   require 'yaml'
 
+  YAML.singleton_class.prepend(
+    Module.new do
+      def safe_load(yaml, aliases: false, **kwargs)
+        super(yaml, aliases: true, **kwargs)
+      end
+    end
+  )
+
   Time.zone = 'UTC'
 
   MIQ_OK    = 0

spec/engine/miq_ae_method_spec.rb

@@ -47,6 +47,38 @@ def root
       end
     end
 
+    context "with a script that tries to YAML.load with aliases" do
+      let(:script) do
+        <<-RUBY
+          YAML.load("---\na: &a\n  b: true  \n\ndevelopment:\n  <<: *a\n  c: false\n\n")
+        RUBY
+      end
+
+      it "logs and returns the correct exit status" do
+        allow($miq_ae_logger).to receive(:info).and_call_original
+        expect($miq_ae_logger).to receive(:info).with("Method exited with rc=MIQ_OK", :resource_id => 123).at_least(:once)
+        expect($miq_ae_logger).to_not receive(:error)
+
+        expect(subject).to eq(0)
+      end
+    end
+
+    context "with a script that tries to YAML.safe_load with aliases" do
+      let(:script) do
+        <<-RUBY
+          YAML.safe_load("---\na: &a\n  b: true  \n\ndevelopment:\n  <<: *a\n  c: false\n\n")
+        RUBY
+      end
+
+      it "logs and returns the correct exit status" do
+        allow($miq_ae_logger).to receive(:info).and_call_original
+        expect($miq_ae_logger).to receive(:info).with("Method exited with rc=MIQ_OK", :resource_id => 123).at_least(:once)
+        expect($miq_ae_logger).to_not receive(:error)
+
+        expect(subject).to eq(0)
+      end
+    end
+
     context "with a script that raises" do
       let(:script) do
         <<-RUBY