Allow config option to disable ERB in YAML (#303)

kmcphillips · web-flow · commit becfc062ac94 · 2021-04-09T19:18:41.000-07:00
* Allow config option to disable ERB in YAML

* Set ERB config per YAMLSource with fallback to global config
diff --git a/README.md b/README.md
@@ -205,7 +205,9 @@ You may pass a hash to `prepend_source!` as well.
 
 ## Embedded Ruby (ERB)
 
-Embedded Ruby is allowed in the configuration files. Consider the two following config files.
+Embedded Ruby is allowed in the YAML configuration files. ERB will be evaluated at load time by default, and when the `evaluate_erb_in_yaml` configuration is set to `true`.
+
+Consider the two following config files.
 
 * ```#{Rails.root}/config/settings.yml```
 
@@ -266,6 +268,7 @@ After installing `Config` in Rails, you will find automatically generated file t
 ### General
 
 * `const_name` - name of the object holing you settings. Default: `'Settings'`
+* `evaluate_erb_in_yaml` - evaluate ERB in YAML config files. Set to false if the config file contains ERB that should not be evaluated at load time. Default: `true`
 
 ### Merge customization
 
diff --git a/lib/config.rb b/lib/config.rb
@@ -24,7 +24,8 @@ module Config
     merge_nil_values: true,
     overwrite_arrays: true,
     merge_hash_arrays: false,
-    validation_contract: nil
+    validation_contract: nil,
+    evaluate_erb_in_yaml: true
   )
 
   def self.setup
diff --git a/lib/config/sources/yaml_source.rb b/lib/config/sources/yaml_source.rb
@@ -5,14 +5,20 @@ module Config
   module Sources
     class YAMLSource
       attr_accessor :path
+      attr_reader :evaluate_erb
 
-      def initialize(path)
+      def initialize(path, evaluate_erb: Config.evaluate_erb_in_yaml)
         @path = path.to_s
+        @evaluate_erb = !!evaluate_erb
       end
 
       # returns a config hash from the YML file
       def load
-        result = YAML.load(ERB.new(IO.read(@path)).result) if @path and File.exist?(@path)
+        if @path and File.exist?(@path)
+          file_contents = IO.read(@path)
+          file_contents = ERB.new(file_contents).result if evaluate_erb
+          result = YAML.load(file_contents)
+        end
 
         result || {}
 
diff --git a/lib/generators/config/templates/config.rb b/lib/generators/config/templates/config.rb
@@ -52,4 +52,7 @@
   #   required(:email).filled(format?: EMAIL_REGEX)
   # end
 
+  # Evaluate ERB in YAML config files at load time.
+  #
+  # config.evaluate_erb_yaml = true
 end
diff --git a/spec/fixtures/with_malformed_erb.yml b/spec/fixtures/with_malformed_erb.yml
@@ -0,0 +1 @@
+malformed_erb: <%= = %>
diff --git a/spec/sources/yaml_source_spec.rb b/spec/sources/yaml_source_spec.rb
@@ -27,7 +27,7 @@ module Config::Sources
 
     context "yml file with erb tags" do
       let(:source) do
-        YAMLSource.new "#{fixture_path}/with_erb.yml"
+        YAMLSource.new("#{fixture_path}/with_erb.yml")
       end
 
       it "should properly evaluate the erb" do
@@ -40,6 +40,62 @@ module Config::Sources
         expect(results["section"]["computed1"]).to eq(1)
         expect(results["section"]["computed2"]).to eq(2)
       end
+
+      context "with malformed erb tags" do
+        let(:source) do
+          YAMLSource.new("#{fixture_path}/with_malformed_erb.yml")
+        end
+
+        it "should properly evaluate the erb" do
+          expect {
+            source.load
+          }.to raise_error(SyntaxError)
+        end
+      end
+    end
+
+    context "yaml file with erb tags but erb disabled" do
+      let(:source) do
+        YAMLSource.new("#{fixture_path}/with_erb.yml", evaluate_erb: false)
+      end
+
+      it "should load the file and leave the erb without being evaluated" do
+        results = source.load
+        expect(results["computed"]).to eq("<%= 1 + 2 + 3 %>")
+        expect(results["section"]["computed1"]).to eq("<%= \"1\" %>")
+      end
+
+      context "with global config" do
+        let(:source) do
+          YAMLSource.new("#{fixture_path}/with_erb.yml")
+        end
+
+        around do |example|
+          original_evaluate_erb_in_yaml = Config.evaluate_erb_in_yaml
+          Config.evaluate_erb_in_yaml = false
+          example.run
+          Config.evaluate_erb_in_yaml = original_evaluate_erb_in_yaml
+        end
+
+        it "should load the file and leave the erb without being evaluated" do
+          results = source.load
+          expect(results["computed"]).to eq("<%= 1 + 2 + 3 %>")
+          expect(results["section"]["computed1"]).to eq("<%= \"1\" %>")
+        end
+      end
+
+      context "with malformed erb tags" do
+        let(:source) do
+          YAMLSource.new("#{fixture_path}/with_malformed_erb.yml", evaluate_erb: false)
+        end
+
+        it "should properly evaluate the erb" do
+          expect {
+            results = source.load
+            expect(results["malformed_erb"]).to eq("<%= = %>")
+          }.to_not raise_error
+        end
+      end
     end
 
     context "missing yml file" do

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,8 @@ module Config`
`24`	`24`	`merge_nil_values: true,`
`25`	`25`	`overwrite_arrays: true,`
`26`	`26`	`merge_hash_arrays: false,`
`27`		`- validation_contract: nil`
	`27`	`+ validation_contract: nil,`
	`28`	`+ evaluate_erb_in_yaml: true`
`28`	`29`	`)`
`29`	`30`
`30`	`31`	`def self.setup`