"BANU" and "BANG" is unexpectedly parsed as true/false
YusukeIwaki opened this issue · comments
With this test plist,
<plist version="1.0">
<dict>
<key>Token</key>
<data>
BANUb2tlbg==
</data>
</dict>
</plist>
require 'plist'
puts Plist.parse_xml('token.plist') # => {"Token"=>true}
With python's plistlib, it prints {'Token': b'\x04\x03Token'}
, and it is expected output.
It seems that a string starting with \x04\x03T
is interpretated as true
on Marshal.load
here
https://github.com/patsplat/plist/blob/v3.6.0/lib/plist/parser.rb#L247
Thanks for reporting this and for finding the problematic Marshal.load
. Do you have a suggestion on how we should fix this? I am not familiar with this part of the code.
A quick and dirty fix is like this.
class PData < PTag
def to_ruby
data = Base64.decode64(text.gsub(/\s+/, '')) unless text.nil?
begin
return Marshal.load(data).tap do |_data|
# true: "\x04\x03T" false: "\x04\x03F". Both have only 3 chars.
raise 'unexpected true/false' if (_data == true || _data == false) && text.gsub(/\s+/, '').length > 3
end
rescue Exception
io = StringIO.new
io.write data
io.rewind
return io
end
end
end
I think it is hard to modify the behavior. of Marshal.load
. So we can just check the result and compare it with the original text.
@YusukeIwaki instead of a quick and dirty fix, would it be better to provide an option to disable Marshal
entirely? Do you need the Marshal
functionality for your use case?
@YusukeIwaki would something like #61 work for you?
Sorry for late response, The option would work and souds good :)