Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ValueError on "._" input #168

Closed
Barro opened this issue May 26, 2018 · 5 comments · Fixed by #497
Closed

ValueError on "._" input #168

Barro opened this issue May 26, 2018 · 5 comments · Fixed by #497
Labels
task:bug

Comments

@Barro
Copy link

Barro commented May 26, 2018

Following piece of code results in ValueError when given "._" input for PyYAML 3.12 to parse:

import sys
import yaml

try:
    list(yaml.safe_load_all(sys.stdin))
except yaml.YAMLError:
    pass

And is then run:

$ echo "._" | python validate-yaml.py
Traceback (most recent call last):
  File "validate-yaml.py", line 5, in <module>
    list(yaml.safe_load_all(sys.stdin))
  File "/home/jussi/.local/lib/python2.7/site-packages/yaml/__init__.py", line 83, in load_all
    yield loader.get_data()
  File "/home/jussi/.local/lib/python2.7/site-packages/yaml/constructor.py", line 33, in get_data
    return self.construct_document(self.get_node())
  File "/home/jussi/.local/lib/python2.7/site-packages/yaml/constructor.py", line 43, in construct_document
    data = self.construct_object(node)
  File "/home/jussi/.local/lib/python2.7/site-packages/yaml/constructor.py", line 88, in construct_object
    data = constructor(self, node)
  File "/home/jussi/.local/lib/python2.7/site-packages/yaml/constructor.py", line 282, in construct_yaml_float
    return sign*float(value)
ValueError: could not convert string to float: .

I would expect PyYAML only to return errors of type yaml.YAMLError, as documented, so that I can avoid catching arbitrary errors from that function, as that's generally considered bad style.
@perlpunk
Copy link
Member

It seems the regular expression for floats used by pyyaml is not correct.
http://yaml.org/type/float.html
[-+]?([0-9][0-9_]*)?\.[0-9.]*([eE][-+][0-9]+)? (base 10)
Underscores are not allowed after the dot.
The ._ case could be fixed by disallowing only _ after the dot, but OTOH, according to the spec, underscores shouldn't be allowed there at all. Also, 1._ is recognized as a float by python, so currently it accepts 1._ but not ._.

Then again, the regex from the spec seems to be broken because it allows multiple dots.

Some tests are failing if I take out the _ after the dot.

Not sure what would be the best to do here.

@The-Compiler The-Compiler mentioned this issue Mar 25, 2019
Closed
MrFlynn pushed a commit to minds-ai/zoom-drive-connector that referenced this issue Apr 8, 2019
Updated pyyaml to most recent full release.
91c4dc5 
Fixes CVE-2017-18342 referenced in yaml/pyyaml#168
MrFlynn pushed a commit to minds-ai/zoom-drive-connector that referenced this issue Apr 8, 2019
Bump pyyaml version in conda environment.
8b60c6a 
Fixes CVE in yaml/pyyaml#168.
@perlpunk perlpunk mentioned this issue Jan 29, 2021
Open
This was referenced Feb 6, 2021
Merged
Closed
@perlpunk
Copy link
Member

perlpunk commented Feb 6, 2021

I created #497

@tongxiaoge1001
Copy link

I created #497

Is this patch effective? I found that the communities were not merged. @perlpunk (26fd944)

@The-Compiler
Copy link
Contributor

PyYAML 6.0 was released where this is fixed via #497, so I think this can be closed?

@ingydotnet
Copy link
Member

@The-Compiler thanks. Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix yaml11 float resolver for '.' perlpunk/pyyaml
5 participants
@ingydotnet @Barro @The-Compiler @perlpunk @tongxiaoge1001