diff options
author | Ingy döt Net <ingy@ingy.net> | 2018-06-29 10:04:58 -0700 |
---|---|---|
committer | Ingy döt Net <ingy@ingy.net> | 2018-06-30 15:46:56 -0700 |
commit | ccc40f3e2ba384858c0d32263ac3e3a6626ab15e (patch) | |
tree | bd96c72e0cf655753fd893f63bfb7b818a4f59ef /lib3 | |
parent | a9c28e0b521967f5330f0316edd90a57f99cdd32 (diff) | |
download | pyyaml-ccc40f3e2ba384858c0d32263ac3e3a6626ab15e.tar.gz |
Reverting https://github.com/yaml/pyyaml/pull/74
Revert "Make pyyaml safe by default."
This reverts commit bbcf95fa051fdba9bbf879332e2f7999b195cf95.
This reverts commit 7b68405c81db889f83c32846462b238ccae5be80.
This reverts commit 517e83e8058e9d6850ab432ef22d84c2ac2bba5a.
Diffstat (limited to 'lib3')
-rw-r--r-- | lib3/yaml/__init__.py | 40 | ||||
-rw-r--r-- | lib3/yaml/cyaml.py | 15 | ||||
-rw-r--r-- | lib3/yaml/dumper.py | 8 | ||||
-rw-r--r-- | lib3/yaml/loader.py | 8 |
4 files changed, 30 insertions, 41 deletions
diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index cbb8417..2592785 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -66,24 +66,17 @@ def load(stream, Loader=Loader): """ Parse the first YAML document in a stream and produce the corresponding Python object. - - By default resolve only basic YAML tags, if an alternate Loader is - provided, may be dangerous. """ loader = Loader(stream) try: return loader.get_single_data() finally: loader.dispose() -safe_load = load def load_all(stream, Loader=Loader): """ Parse all YAML documents in a stream and produce corresponding Python objects. - - By default resolve only basic YAML tags, if an alternate Loader is - provided, may be dangerous. """ loader = Loader(stream) try: @@ -91,23 +84,22 @@ def load_all(stream, Loader=Loader): yield loader.get_data() finally: loader.dispose() -safe_load_all = load_all -def danger_load(stream): +def safe_load(stream): """ Parse the first YAML document in a stream and produce the corresponding Python object. - When used on untrusted input, can result in arbitrary code execution. + Resolve only basic YAML tags. """ - return load(stream, DangerLoader) + return load(stream, SafeLoader) -def danger_load_all(stream): +def safe_load_all(stream): """ Parse all YAML documents in a stream and produce corresponding Python objects. - When used on untrusted input, can result in arbitrary code execution. + Resolve only basic YAML tags. """ - return load_all(stream, DangerLoader) + return load_all(stream, SafeLoader) def emit(events, stream=None, Dumper=Dumper, canonical=None, indent=None, width=None, @@ -199,31 +191,29 @@ def dump_all(documents, stream=None, Dumper=Dumper, dumper.dispose() if getvalue: return getvalue() -safe_dump_all = dump_all -def danger_dump_all(documents, stream=None, **kwds): +def dump(data, stream=None, Dumper=Dumper, **kwds): """ - Serialize a sequence of Python objects into a YAML stream. - Produce only basic YAML tags. + Serialize a Python object into a YAML stream. If stream is None, return the produced string instead. """ - return dump_all(documents, stream, Dumper=DangerDumper, **kwds) + return dump_all([data], stream, Dumper=Dumper, **kwds) -def dump(data, stream=None, Dumper=Dumper, **kwds): +def safe_dump_all(documents, stream=None, **kwds): """ - Serialize a Python object into a YAML stream. + Serialize a sequence of Python objects into a YAML stream. + Produce only basic YAML tags. If stream is None, return the produced string instead. """ - return dump_all([data], stream, Dumper=Dumper, **kwds) -safe_dump = dump + return dump_all(documents, stream, Dumper=SafeDumper, **kwds) -def danger_dump(data, stream=None, **kwds): +def safe_dump(data, stream=None, **kwds): """ Serialize a Python object into a YAML stream. Produce only basic YAML tags. If stream is None, return the produced string instead. """ - return dump_all([data], stream, Dumper=DangerDumper, **kwds) + return dump_all([data], stream, Dumper=SafeDumper, **kwds) def add_implicit_resolver(tag, regexp, first=None, Loader=Loader, Dumper=Dumper): diff --git a/lib3/yaml/cyaml.py b/lib3/yaml/cyaml.py index ac8b0b7..d5cb87e 100644 --- a/lib3/yaml/cyaml.py +++ b/lib3/yaml/cyaml.py @@ -1,6 +1,6 @@ -__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', 'CDangerLoader', - 'CBaseDumper', 'CSafeDumper', 'CDumper', 'CDangerDumper'] +__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', + 'CBaseDumper', 'CSafeDumper', 'CDumper'] from _yaml import CParser, CEmitter @@ -18,15 +18,14 @@ class CBaseLoader(CParser, BaseConstructor, BaseResolver): BaseConstructor.__init__(self) BaseResolver.__init__(self) -class CLoader(CParser, SafeConstructor, Resolver): +class CSafeLoader(CParser, SafeConstructor, Resolver): def __init__(self, stream): CParser.__init__(self, stream) SafeConstructor.__init__(self) Resolver.__init__(self) -CSafeLoader = CLoader -class CDangerLoader(CParser, Constructor, Resolver): +class CLoader(CParser, Constructor, Resolver): def __init__(self, stream): CParser.__init__(self, stream) @@ -50,7 +49,7 @@ class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver): default_flow_style=default_flow_style) Resolver.__init__(self) -class CDumper(CEmitter, SafeRepresenter, Resolver): +class CSafeDumper(CEmitter, SafeRepresenter, Resolver): def __init__(self, stream, default_style=None, default_flow_style=None, @@ -66,9 +65,8 @@ class CDumper(CEmitter, SafeRepresenter, Resolver): SafeRepresenter.__init__(self, default_style=default_style, default_flow_style=default_flow_style) Resolver.__init__(self) -CSafeDumper = CDumper -class CDangerDumper(CEmitter, Serializer, Representer, Resolver): +class CDumper(CEmitter, Serializer, Representer, Resolver): def __init__(self, stream, default_style=None, default_flow_style=None, @@ -84,3 +82,4 @@ class CDangerDumper(CEmitter, Serializer, Representer, Resolver): Representer.__init__(self, default_style=default_style, default_flow_style=default_flow_style) Resolver.__init__(self) + diff --git a/lib3/yaml/dumper.py b/lib3/yaml/dumper.py index b2d3a07..0b69128 100644 --- a/lib3/yaml/dumper.py +++ b/lib3/yaml/dumper.py @@ -1,5 +1,5 @@ -__all__ = ['BaseDumper', 'SafeDumper', 'Dumper', 'DangerDumper'] +__all__ = ['BaseDumper', 'SafeDumper', 'Dumper'] from .emitter import * from .serializer import * @@ -24,7 +24,7 @@ class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver): default_flow_style=default_flow_style) Resolver.__init__(self) -class Dumper(Emitter, Serializer, SafeRepresenter, Resolver): +class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver): def __init__(self, stream, default_style=None, default_flow_style=None, @@ -41,9 +41,8 @@ class Dumper(Emitter, Serializer, SafeRepresenter, Resolver): SafeRepresenter.__init__(self, default_style=default_style, default_flow_style=default_flow_style) Resolver.__init__(self) -SafeDumper = Dumper -class DangerDumper(Emitter, Serializer, Representer, Resolver): +class Dumper(Emitter, Serializer, Representer, Resolver): def __init__(self, stream, default_style=None, default_flow_style=None, @@ -60,3 +59,4 @@ class DangerDumper(Emitter, Serializer, Representer, Resolver): Representer.__init__(self, default_style=default_style, default_flow_style=default_flow_style) Resolver.__init__(self) + diff --git a/lib3/yaml/loader.py b/lib3/yaml/loader.py index 16e9fab..08c8f01 100644 --- a/lib3/yaml/loader.py +++ b/lib3/yaml/loader.py @@ -1,5 +1,5 @@ -__all__ = ['BaseLoader', 'SafeLoader', 'Loader', 'DangerLoader'] +__all__ = ['BaseLoader', 'SafeLoader', 'Loader'] from .reader import * from .scanner import * @@ -18,7 +18,7 @@ class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolve BaseConstructor.__init__(self) BaseResolver.__init__(self) -class Loader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): +class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): def __init__(self, stream): Reader.__init__(self, stream) @@ -27,9 +27,8 @@ class Loader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): Composer.__init__(self) SafeConstructor.__init__(self) Resolver.__init__(self) -SafeLoader = Loader -class DangerLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver): +class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver): def __init__(self, stream): Reader.__init__(self, stream) @@ -38,3 +37,4 @@ class DangerLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver): Composer.__init__(self) Constructor.__init__(self) Resolver.__init__(self) + |