0

We recently updated a client's application from Rails 4 to rails 5. However, after running the test suite the following issue appeared whilst trying to create an object:

       Failure/Error:
         @ens_response = EnsResponse.create!(
           edi_request_body:    @response.edi_request_body,
           edi_body:            @response.edi_data,
           reject_reason:       @response.attributes.try(:[], :reject_reason).try(:[], :text),
           response_attributes: @response.attributes
         )
       
       Psych::DisallowedClass:
         Tried to load unspecified class: Policy

Where Policy is a model in our app/models/ folder.

We tried changing the loading of the YAML to the following:

      @service_hash ||= YAML.load_file(
        Rails.root.join('config', 'mcp_services.yml'),
        permitted_classes: [Policy ],
        aliases: true
      )[Rails.env]

But it was to no avail.

We also tried changing the application.rb file to use the following line:

    config.active_record.yaml_column_permitted_classes = [
      Symbol,
      ActiveSupport::HashWithIndifferentAccess,
      ActionController::Parameters

but just got the error:

Failure/Error: require File.expand_path("../../config/environment", __FILE__)

NoMethodError:
  undefined method `yaml_column_permitted_classes=' for ActiveRecord::Base:Class

Any idea what might be causing this issue? Local psych is at version psych (default: 3.0.2) and rails is on gem 'rails', '5.2.8'

Thanks in advance! :)

angelov_mm
  • 13
  • 2

2 Answers2

1

Quick unsafe hack is to set this in application.rb...

  config.active_record.use_yaml_unsafe_load = true

More involved is to add an initializer in config/initializers. The initializer tells rails what classes to allow when loading yaml.

config/initializers/yaml_loader.rb

Psych::ClassLoader::ALLOWED_PSYCH_CLASSES = [Policy,
                                                  ActionController::Parameters,
                                                  ActiveSupport::HashWithIndifferentAccess,
                                                  ActiveSupport::TimeWithZone,
                                                  ActiveSupport::TimeZone,
                                                  DateTime,
                                                ]
    
    module Psych
      class ClassLoader
        ALLOWED_PSYCH_CLASSES = [] unless defined? ALLOWED_PSYCH_CLASSES
        class Restricted < ClassLoader
          def initialize classes, symbols
            @classes = classes + Psych::ClassLoader::ALLOWED_PSYCH_CLASSES.map(&:to_s)
            @symbols = symbols
            super()
          end
        end
      end
    end
dbugger
  • 15,868
  • 9
  • 31
  • 33
  • adding the `yaml_loader.rb` file causes a similar error: `Tried to load unspecified class: ActiveModel::Attribute::FromDatabase` and if I try to add this item to the list of allowed classes I get ` private constant ActiveModel::Attribute::FromDatabase referenced`. The first hack to use in `application.rb` also doesn't work as it spews the error " undefined method `use_yaml_unsafe_load=' for ActiveRecord::Base:Class" – Shannarra Apr 03 '23 at 09:51
  • turns out `use_yaml_unsafe_load` doesn't exist until Rails 7. As for the private constant error for ActiveModel::Attribute::FromDatabase -- some of your serialized objects contain attributes tagged as such, which were legal in Rails 4, but are no longer so in Rails 5. – dbugger Apr 03 '23 at 11:29
0

After more thorough investigation, it turns out that the error is being caused by accessing the @response.attributes property, something similar to this:

@ens_response = EnsResponse.create!(response_attributes: @response.attributes)

It was due the fact that the aforementioned property is Hash, that contains several objects, including a property called policy: that is an object from the same model class (Policy), hence Psych trying to load an unspecified class caused an error.

The fix was to force-convert this property to a JSON string (since that's the schema row value type required):

         @ens_response = EnsResponse.create!(
           edi_request_body:    @response.edi_request_body,
           edi_body:            @response.edi_data,
           reject_reason:       @response.attributes.try(:[], :reject_reason).try(:[], :text),
           response_attributes: @response.attributes.to_json
         )

Moral of the story: Use debuggers such as Pry and check the properties of all items before serialization.

Shannarra
  • 521
  • 4
  • 17