Skip to content

Commit

Permalink
Reverting #74
Browse files Browse the repository at this point in the history
Revert "Make pyyaml safe by default."

This reverts commit bbcf95f.
This reverts commit 7b68405.
This reverts commit 517e83e.
  • Loading branch information
ingydotnet committed Jun 30, 2018
1 parent a9c28e0 commit ccc40f3
Show file tree
Hide file tree
Showing 12 changed files with 75 additions and 92 deletions.
41 changes: 16 additions & 25 deletions lib/yaml/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,48 +65,40 @@ def load(stream, Loader=Loader):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
By default resolve only basic YAML tags, if an alternate Loader is
provided, may be dangerous.
"""
loader = Loader(stream)
try:
return loader.get_single_data()
finally:
loader.dispose()
safe_load = load

def load_all(stream, Loader=Loader):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
By default resolve only basic YAML tags, if an alternate Loader is
provided, may be dangerous.
"""
loader = Loader(stream)
try:
while loader.check_data():
yield loader.get_data()
finally:
loader.dispose()
safe_load_all = load_all

def danger_load(stream):
def safe_load(stream):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
When used on untrusted input, can result in arbitrary code execution.
Resolve only basic YAML tags.
"""
return load(stream, DangerLoader)
return load(stream, SafeLoader)

def danger_load_all(stream):
def safe_load_all(stream):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
When used on untrusted input, can result in arbitrary code execution.
Resolve only basic YAML tags.
"""
return load_all(stream, DangerLoader)
return load_all(stream, SafeLoader)

def emit(events, stream=None, Dumper=Dumper,
canonical=None, indent=None, width=None,
Expand Down Expand Up @@ -201,31 +193,29 @@ def dump_all(documents, stream=None, Dumper=Dumper,
dumper.dispose()
if getvalue:
return getvalue()
safe_dump_all = dump_all

def danger_dump_all(documents, stream=None, **kwds):
def dump(data, stream=None, Dumper=Dumper, **kwds):
"""
Serialize a sequence of Python objects into a YAML stream.
Produce only basic YAML tags.
Serialize a Python object into a YAML stream.
If stream is None, return the produced string instead.
"""
return dump_all(documents, stream, Dumper=DangerDumper, **kwds)
return dump_all([data], stream, Dumper=Dumper, **kwds)

def dump(data, stream=None, Dumper=Dumper, **kwds):
def safe_dump_all(documents, stream=None, **kwds):
"""
Serialize a Python object into a YAML stream.
Serialize a sequence of Python objects into a YAML stream.
Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
return dump_all([data], stream, Dumper=Dumper, **kwds)
safe_dump = dump
return dump_all(documents, stream, Dumper=SafeDumper, **kwds)

def danger_dump(data, stream=None, **kwds):
def safe_dump(data, stream=None, **kwds):
"""
Serialize a Python object into a YAML stream.
Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
return dump_all([data], stream, Dumper=DangerDumper, **kwds)
return dump_all([data], stream, Dumper=SafeDumper, **kwds)

def add_implicit_resolver(tag, regexp, first=None,
Loader=Loader, Dumper=Dumper):
Expand Down Expand Up @@ -322,3 +312,4 @@ def to_yaml(cls, dumper, data):
return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
flow_style=cls.yaml_flow_style)
to_yaml = classmethod(to_yaml)

15 changes: 7 additions & 8 deletions lib/yaml/cyaml.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', 'CDangerLoader',
'CBaseDumper', 'CSafeDumper', 'CDumper', 'CDangerDumper']
__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader',
'CBaseDumper', 'CSafeDumper', 'CDumper']

from _yaml import CParser, CEmitter

Expand All @@ -18,15 +18,14 @@ def __init__(self, stream):
BaseConstructor.__init__(self)
BaseResolver.__init__(self)

class CLoader(CParser, SafeConstructor, Resolver):
class CSafeLoader(CParser, SafeConstructor, Resolver):

def __init__(self, stream):
CParser.__init__(self, stream)
SafeConstructor.__init__(self)
Resolver.__init__(self)
CSafeLoader = CLoader

class CDangerLoader(CParser, Constructor, Resolver):
class CLoader(CParser, Constructor, Resolver):

def __init__(self, stream):
CParser.__init__(self, stream)
Expand All @@ -50,7 +49,7 @@ def __init__(self, stream,
default_flow_style=default_flow_style)
Resolver.__init__(self)

class CDumper(CEmitter, SafeRepresenter, Resolver):
class CSafeDumper(CEmitter, SafeRepresenter, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -66,9 +65,8 @@ def __init__(self, stream,
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
CSafeDumper = CDumper

class CDangerDumper(CEmitter, Serializer, Representer, Resolver):
class CDumper(CEmitter, Serializer, Representer, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -84,3 +82,4 @@ def __init__(self, stream,
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)

8 changes: 4 additions & 4 deletions lib/yaml/dumper.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

__all__ = ['BaseDumper', 'SafeDumper', 'Dumper', 'DangerDumper']
__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']

from emitter import *
from serializer import *
Expand All @@ -24,7 +24,7 @@ def __init__(self, stream,
default_flow_style=default_flow_style)
Resolver.__init__(self)

class Dumper(Emitter, Serializer, SafeRepresenter, Resolver):
class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -41,9 +41,8 @@ def __init__(self, stream,
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
SafeDumper = Dumper

class DangerDumper(Emitter, Serializer, Representer, Resolver):
class Dumper(Emitter, Serializer, Representer, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -60,3 +59,4 @@ def __init__(self, stream,
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)

8 changes: 4 additions & 4 deletions lib/yaml/loader.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

__all__ = ['BaseLoader', 'SafeLoader', 'Loader', 'DangerLoader']
__all__ = ['BaseLoader', 'SafeLoader', 'Loader']

from reader import *
from scanner import *
Expand All @@ -18,7 +18,7 @@ def __init__(self, stream):
BaseConstructor.__init__(self)
BaseResolver.__init__(self)

class Loader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):

def __init__(self, stream):
Reader.__init__(self, stream)
Expand All @@ -27,9 +27,8 @@ def __init__(self, stream):
Composer.__init__(self)
SafeConstructor.__init__(self)
Resolver.__init__(self)
SafeLoader = Loader

class DangerLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):

def __init__(self, stream):
Reader.__init__(self, stream)
Expand All @@ -38,3 +37,4 @@ def __init__(self, stream):
Composer.__init__(self)
Constructor.__init__(self)
Resolver.__init__(self)

40 changes: 15 additions & 25 deletions lib3/yaml/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,48 +66,40 @@ def load(stream, Loader=Loader):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
By default resolve only basic YAML tags, if an alternate Loader is
provided, may be dangerous.
"""
loader = Loader(stream)
try:
return loader.get_single_data()
finally:
loader.dispose()
safe_load = load

def load_all(stream, Loader=Loader):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
By default resolve only basic YAML tags, if an alternate Loader is
provided, may be dangerous.
"""
loader = Loader(stream)
try:
while loader.check_data():
yield loader.get_data()
finally:
loader.dispose()
safe_load_all = load_all

def danger_load(stream):
def safe_load(stream):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
When used on untrusted input, can result in arbitrary code execution.
Resolve only basic YAML tags.
"""
return load(stream, DangerLoader)
return load(stream, SafeLoader)

def danger_load_all(stream):
def safe_load_all(stream):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
When used on untrusted input, can result in arbitrary code execution.
Resolve only basic YAML tags.
"""
return load_all(stream, DangerLoader)
return load_all(stream, SafeLoader)

def emit(events, stream=None, Dumper=Dumper,
canonical=None, indent=None, width=None,
Expand Down Expand Up @@ -199,31 +191,29 @@ def dump_all(documents, stream=None, Dumper=Dumper,
dumper.dispose()
if getvalue:
return getvalue()
safe_dump_all = dump_all

def danger_dump_all(documents, stream=None, **kwds):
def dump(data, stream=None, Dumper=Dumper, **kwds):
"""
Serialize a sequence of Python objects into a YAML stream.
Produce only basic YAML tags.
Serialize a Python object into a YAML stream.
If stream is None, return the produced string instead.
"""
return dump_all(documents, stream, Dumper=DangerDumper, **kwds)
return dump_all([data], stream, Dumper=Dumper, **kwds)

def dump(data, stream=None, Dumper=Dumper, **kwds):
def safe_dump_all(documents, stream=None, **kwds):
"""
Serialize a Python object into a YAML stream.
Serialize a sequence of Python objects into a YAML stream.
Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
return dump_all([data], stream, Dumper=Dumper, **kwds)
safe_dump = dump
return dump_all(documents, stream, Dumper=SafeDumper, **kwds)

def danger_dump(data, stream=None, **kwds):
def safe_dump(data, stream=None, **kwds):
"""
Serialize a Python object into a YAML stream.
Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
return dump_all([data], stream, Dumper=DangerDumper, **kwds)
return dump_all([data], stream, Dumper=SafeDumper, **kwds)

def add_implicit_resolver(tag, regexp, first=None,
Loader=Loader, Dumper=Dumper):
Expand Down
15 changes: 7 additions & 8 deletions lib3/yaml/cyaml.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', 'CDangerLoader',
'CBaseDumper', 'CSafeDumper', 'CDumper', 'CDangerDumper']
__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader',
'CBaseDumper', 'CSafeDumper', 'CDumper']

from _yaml import CParser, CEmitter

Expand All @@ -18,15 +18,14 @@ def __init__(self, stream):
BaseConstructor.__init__(self)
BaseResolver.__init__(self)

class CLoader(CParser, SafeConstructor, Resolver):
class CSafeLoader(CParser, SafeConstructor, Resolver):

def __init__(self, stream):
CParser.__init__(self, stream)
SafeConstructor.__init__(self)
Resolver.__init__(self)
CSafeLoader = CLoader

class CDangerLoader(CParser, Constructor, Resolver):
class CLoader(CParser, Constructor, Resolver):

def __init__(self, stream):
CParser.__init__(self, stream)
Expand All @@ -50,7 +49,7 @@ def __init__(self, stream,
default_flow_style=default_flow_style)
Resolver.__init__(self)

class CDumper(CEmitter, SafeRepresenter, Resolver):
class CSafeDumper(CEmitter, SafeRepresenter, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -66,9 +65,8 @@ def __init__(self, stream,
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
CSafeDumper = CDumper

class CDangerDumper(CEmitter, Serializer, Representer, Resolver):
class CDumper(CEmitter, Serializer, Representer, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -84,3 +82,4 @@ def __init__(self, stream,
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)

8 changes: 4 additions & 4 deletions lib3/yaml/dumper.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

__all__ = ['BaseDumper', 'SafeDumper', 'Dumper', 'DangerDumper']
__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']

from .emitter import *
from .serializer import *
Expand All @@ -24,7 +24,7 @@ def __init__(self, stream,
default_flow_style=default_flow_style)
Resolver.__init__(self)

class Dumper(Emitter, Serializer, SafeRepresenter, Resolver):
class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -41,9 +41,8 @@ def __init__(self, stream,
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
SafeDumper = Dumper

class DangerDumper(Emitter, Serializer, Representer, Resolver):
class Dumper(Emitter, Serializer, Representer, Resolver):

def __init__(self, stream,
default_style=None, default_flow_style=None,
Expand All @@ -60,3 +59,4 @@ def __init__(self, stream,
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)

Loading

0 comments on commit ccc40f3

Please sign in to comment.