Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

yaml.load() is insecure and dangerous. (first google result) We should be using yaml.safeLoad().

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

peterbecommented, May 13, 2020

I tried to write a quick patch but I noticed that one of the examples uses un-“safe” YAML which would break if you use yaml.safeLoad(). So I guess it would need to be something like this:

fm(payload, { yaml: 'unsafe' })

if you need to support unsafe Yaml parsing.

ajinabrahamcommented, May 18, 2020

PR looks good to me 👍

Read more comments on GitHub >

github_iconTop Results From Across the Web

PyYAML Documentation
safe_load(stream) parses the given stream and returns a Python object constructed from for the first document in the stream. If there are no...
Read more >
YAML Safe_Load() - Linux Hint
Practical guide that demonstrates the multiple methods for reading the YAML content from the files and Python objects by utilizing the safe_load() method....
Read more >
js-yaml.safeLoad JavaScript and Node.js code examples
Best JavaScript code snippets using js-yaml.safeLoad(Showing top 15 results out of 432) · lib/bootstrap.js/loadLandoFile · lib/config.js/_. · integrations/lando- ...
Read more >
safeLoad (string [ , options ]). Recommended loading way. Parses string as single YAML document. Returns a JavaScript object or throws YAMLException on...
Read more >
How can I parse a YAML file in Python - Stack Overflow
Use safe_load() unless you really have full control over the input, need it (seldom the case) and know what you are doing. If...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found