Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.


PyYaml SafeLoader -- how to secure?

  • Shaun Cutts
    Shaun Cutts


    I was writing a little routine to guess the type of a string -- buildng a PyYaml.SafeLoader on a string, then calling get_single_node to get a node, and looking at the type.

    But I noticed that SafeLoader will build a node even if the content is an arbitrary object. Is this the desired behavior? Is there a good way to tell if a given tag is "safe" -- except by checking for "python" in the string, which seems like a hack?


    -- Shaun Cutts