diff options
| author | Ingy döt Net <ingy@ingy.net> | 2018-06-28 10:39:26 -0700 |
|---|---|---|
| committer | Ingy döt Net <ingy@ingy.net> | 2018-06-28 10:39:26 -0700 |
| commit | 3dc3f5f0fc41db52e894f65cc4eec9470ffdf725 (patch) | |
| tree | df9613f63a21f3dcfaaea9c8a2ea8a885fdc486c /tests/lib/test_recursive.py | |
| parent | d3eb7daf88e29bc20ffd4cfb833da3c49c617625 (diff) | |
| download | pyyaml-git-safety-api.tar.gz | |
Rework the safety related API codesafety-api
The main change is that 'Danger' has been renamed to 'Python' and that
the default `dump()` and `dump_all()` functions use the 'Python' schema
to be able to dump any Python data structure.
NOTE: In YAML, 'Schema' is used to mean all the semantics and rules of
what a YAML document means and how it is processed.
The `load()` and `load_all()` functions continue to use the Safe schema.
The dump() and load() sugar functions should be similar in that they
both do the must useful and safe operations.
There are top level functions for each schema (Safe and Python) and
those functions should be used when feeding data from one system to the
other and expecting the same semantics (schema):
* safe_dump safe_dump_all
* safe_load safe_load_all
* python_dump python_dump_all
* python_load python_load_all
When we have a schema language for YAML, the generic methods with be:
* yaml.dump(node, Schema='foo.schema')
* yaml.load(yaml, Schema='foo.schema')
A loader class like SafeLoader is a loader with a hardcoded schema.
Right now pyyaml has 2 schemas:
* Python - serialize any python data
* Safe - only serialize in a way that won't trigger code
'Danger' was used in response to a situation where people were caught
unaware that something bad could happen in a seemingly normal, default
situation. Now we've fixed the default to be safe, and Safe is an OK
name for a schema, but Danger really is not. It's not the purpose of the
schema to be dangerous. The purpose is to serialize Python data
structures.
The danger_ API functions can be removed because they have only been
released for a couple days and they aren't documented anywhere.
----
This also fixes a bug in that safe_load() and load() were aliases. They
shouldn't be, because load() accepts a Loader kwarg, and safe_load()
should not. ie safe_load(yaml, Loader=PythonLoader) shouldn't be
allowed.
Diffstat (limited to 'tests/lib/test_recursive.py')
| -rw-r--r-- | tests/lib/test_recursive.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/lib/test_recursive.py b/tests/lib/test_recursive.py index c67c170..d368b35 100644 --- a/tests/lib/test_recursive.py +++ b/tests/lib/test_recursive.py @@ -29,9 +29,9 @@ def test_recursive(recursive_filename, verbose=False): value2 = None output2 = None try: - output1 = yaml.danger_dump(value1) - value2 = yaml.danger_load(output1) - output2 = yaml.danger_dump(value2) + output1 = yaml.python_dump(value1) + value2 = yaml.python_load(output1) + output2 = yaml.python_dump(value2) assert output1 == output2, (output1, output2) finally: if verbose: |