Skip to content

Commit

Permalink
Specify a loader when loading YAML
Browse files Browse the repository at this point in the history 
This addresses the following deprecation warning when loading the YAML:

```
YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the
default Loader is unsafe. Please read https://msg.pyyaml.org/load for full
details.
```

This change uses the `yaml.FullLoader` which avoids arbitrary code execution and
is the default loader called by `yaml.load(input)`.
  • Loading branch information
@ColinOrr @jonbeebe
ColinOrr authored and jonbeebe committed Jun 27, 2020
1 parent 844a763 commit accd644
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion frontmatter/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def read(cls, string):
fmatter = result.group(1)
body = result.group(2)
return {
"attributes": yaml.load(fmatter),
"attributes": yaml.load(fmatter, Loader=yaml.FullLoader),
"body": body,
"frontmatter": fmatter,
}

2 comments on commit accd644

@kloczek
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to release new version because of that commit? 🤔

@kloczek
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm .. looks like even with that commit pytest is failing

+ PYTHONPATH=/home/tkloczko/rpmbuild/BUILDROOT/python-frontmatter-3.0.6-2.fc35.x86_64/usr/lib64/python3.8/site-packages:/home/tkloczko/rpmbuild/BUILDROOT/python-frontmatter-3.0.6-2.fc35.x86
+ /usr/bin/pytest -ra -m 'not network'
============================= test session starts ==============================
platform linux -- Python 3.8.16, pytest-7.3.0, pluggy-1.0.0
rootdir: /home/tkloczko/rpmbuild/BUILD/frontmatter-3.0.6
collected 0 items / 1 error

==================================== ERRORS ====================================
____________________ ERROR collecting tests/test_simple.py _____________________
tests/test_simple.py:25: in <module>
    exit(0)
/usr/lib64/python3.8/_sitebuiltins.py:26: in __call__
    raise SystemExit(code)
E   SystemExit: 0
------------------------------- Captured stdout --------------------------------

[attributes]
{'title': 'Third Post', 'date': 'Oct 8, 2018 5:26pm PST'}

[body]
This is my third post with a blockquote and footnote[^1]:

> This is what someone said.

---

This is a [link to this post]({{ ref "2018/09/first-post" }}) and [another link]({{ ref "2018/09/first-post" }}).

---

[^1]: This would be a footnote with a [link to first post]({{ ref "2018/09/first-post" }}).



[frontmatter]

title: Third Post
date: Oct 8, 2018 5:26pm PST

TEST SUCCEEDED.
=========================== short test summary info ============================
ERROR tests/test_simple.py - SystemExit: 0
!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection !!!!!!!!!!!!!!!!!!!!
=============================== 1 error in 0.09s ===============================

Please sign in to comment.