loading untrusted YAML

D

David Garamond

If I only allow up to, say, 1MB of a completely untrusted YAML file to
be loaded, can I be certain that the possibly maliciously constructed
YAML cannot do anything dangerous (including executing unwanted code or
gulping too much memory) when being parsed?

Could someone point on how to extend yaml.rb to only accept certain
classes (like only Hash, Array, Numeric, String, NilClass, TrueClass,
FalseClass, and Symbol) to be loaded?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Oppinions on RCR for dup on immutable classes 66
[ANN] JRuby 1.4.0RC1 Released 0
[ANN] JRuby 1.4.0 Released 2
[ANN] JRuby 1.4.0RC3 Released 0
[ANN] JRuby 1.4.0RC2 Released 0
Inspect, looking in from the outside 3
[ANN] Facets 1.8 4
Worth an RCR? static_type_check, polymorphic_type_check,quacks_like 17

Members online

No members online now.
Total: 2,675 (members: 0, guests: 2,675)
Robots: 124

Forum statistics

Threads
474,145
Messages
2,570,826
Members
47,371
Latest member
Brkaa

Latest Threads

Top