Project

mitre-settingslogic

0.0
Low commit activity in last 3 years
mitre-settingslogicmitre/settingslogicHomepageDocumentationSource CodeBug TrackerWiki
A simple and straightforward settings solution that uses an ERB enabled YAML file and a singleton design pattern. This is a MITRE-maintained fork with Ruby 3.x and Rails 7.x compatibility.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
270
Stars
1
Forks
0
Watchers
0
 Releases
Current version
3.0.3
Total releases
4
First release
2025-08-11
Latest release
2025-08-11
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2022-04-07
Reverse Dependencies
0

 Dependencies

Development

bundler-audit
~> 0.9
rake
~> 13.2
rspec
~> 3.13
rubocop
~> 1.65
rubocop-performance
~> 1.21
rubocop-rspec
~> 3.0
simplecov
~> 0.22

Runtime

bigdecimal
~> 3.1
 Project Readme

Settingslogic - MITRE Fork

CI Gem Version

A simple and straightforward settings solution that uses an ERB enabled YAML file and a singleton design pattern. This is a MITRE-maintained fork with Ruby 3.x and Rails 7.x+ compatibility.

๐ŸŽฏ Why This Fork?

The original settingslogic gem hasn't been updated since 2012 but is still widely used. This fork provides:

  • โœ… Ruby 3.x compatibility - Full support for Ruby 3.0, 3.1, 3.2, 3.3, and 3.4
  • โœ… Psych 4 support - Handles YAML aliases correctly with Ruby 3.1+
  • โœ… Rails 7.x/8.x compatibility - Works with modern Rails versions
  • โœ… Security updates - Modern security practices and dependency updates
  • โœ… Maintained - Active maintenance and support

๐Ÿ“ฆ Installation

Add this to your Gemfile:

# Use the MITRE fork for Ruby 3.x compatibility
gem 'settingslogic', github: 'mitre/settingslogic', branch: 'main'

Or if we publish to RubyGems:

gem 'mitre-settingslogic'

๐Ÿš€ Quick Start

1. Define your settings class

# app/models/settings.rb (for Rails)
# or anywhere in your Ruby project
class Settings < Settingslogic
  source "#{Rails.root}/config/application.yml"
  namespace Rails.env
end

2. Create your YAML configuration

# config/application.yml
defaults: &defaults
  host: localhost
  port: 3000
  ssl: false
  
development:
  <<: *defaults
  database: myapp_development
  
production:
  <<: *defaults
  host: production.example.com
  port: 443
  ssl: true
  database: myapp_production

3. Use your settings

Settings.host          # => "localhost" in development, "production.example.com" in production
Settings.port          # => 3000 in development, 443 in production
Settings.ssl?          # => false in development, true in production
Settings.database      # => "myapp_development" in development

# Nested settings
Settings.smtp.address  # => Access nested configuration
Settings['smtp']['address']  # => Hash-style access also works

๐Ÿ”ง Advanced Features

Dynamic Settings

# Settings with ERB
production:
  secret_key: <%= ENV['SECRET_KEY_BASE'] %>
  redis_url: <%= ENV['REDIS_URL'] || 'redis://localhost:6379' %>

Multiple Configuration Files

class DatabaseSettings < Settingslogic
  source "#{Rails.root}/config/database_settings.yml"
  namespace Rails.env
end

class FeatureFlags < Settingslogic
  source "#{Rails.root}/config/features.yml"
  namespace Rails.env
end

Suppress Errors

class Settings < Settingslogic
  source "#{Rails.root}/config/application.yml"
  namespace Rails.env
  suppress_errors true  # Returns nil instead of raising errors for missing keys
end

Dynamic Access

# Access nested keys with dot notation
Settings.get('database.pool.size')  # => 5
Settings.get('redis.cache.ttl')     # => 3600

๐Ÿ—๏ธ What's Fixed in This Fork

Psych 4 / Ruby 3.1+ Compatibility

The main issue with the original gem is that Ruby 3.1+ ships with Psych 4, which disables YAML aliases by default. This fork handles that correctly:

# This YAML with aliases now works correctly in Ruby 3.1+
defaults: &defaults
  timeout: 30
  retries: 3

production:
  <<: *defaults  # This alias expansion works!
  timeout: 60

Other Improvements

  • โœ… Fixed deprecated has_key? โ†’ key?
  • โœ… Added to_ary method for RSpec compatibility
  • โœ… Improved symbolize_keys for nested hashes
  • โœ… Added stringify_keys for Rails compatibility
  • โœ… Better error messages
  • โœ… Security improvements for eval usage
  • โœ… Frozen string literals
  • โœ… Modern Ruby idioms

๐Ÿงช Compatibility

Tested and working with:

  • Ruby: 2.7, 3.0, 3.1, 3.2, 3.3, 3.4
  • Rails: 5.2, 6.0, 6.1, 7.0, 7.1, 8.0
  • Psych: 3.x and 4.x

๐Ÿ”’ Security

YAML Safe Loading (v3.0.0+)

  • Default behavior: Uses YAML.safe_load to prevent arbitrary code execution
  • Permitted classes: Symbol, Date, Time, DateTime, BigDecimal
  • Custom classes: Add via Settingslogic.yaml_permitted_classes += [MyClass]
  • Migration path: Temporary opt-out with Settingslogic.use_yaml_unsafe_load = true (deprecated, will be removed in v4.0.0)

Other Security Features

  • URL loading uses Net::HTTP instead of vulnerable open-uri
  • All eval usage includes proper __FILE__ and __LINE__ tracking
  • No arbitrary code execution vulnerabilities in default configuration

๐Ÿค Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

๐Ÿ“„ License

This project is licensed under the MIT License - see LICENSE.md for details.

๐Ÿ™ Acknowledgments

๐Ÿ“š Documentation

๐Ÿข About MITRE

This fork is maintained by MITRE Corporation to support our Ruby applications, particularly Vulcan and other security tools.

Maintained with โค๏ธ by the MITRE Security Automation Framework Team