New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add caching for YAML.safe_load_file #375
Comments
It wasn't done because to be efficient, the caching must be doable statically through the precompile command, so at this stage we have no idea what kind of arguments will be used. So at best we could support safe loading only when a strict subset of arguments are used. |
Arf, I remember now why I didn't do it. For options such as YAML.safe_load_file("foo.yml") # raises because the file has aliases or other unsafe constructs
YAML.unsafe_load_file("foo.yml") # works fine and the cache is stored
YAML.safe_load_file("foo.yml") # would succeed because it would load the cache directly. I really don't see any way around this. |
Isn't this already an issue with Psych 4 since
If I'm reading this right, the only possible supported options are If that's the case then passing That would mean The only issue is if any code parses an untrusted, user controlled yml file using I don't have the answer and recognize this is tricky. |
No because bootsnap/lib/bootsnap/compile_cache/yaml.rb Lines 62 to 64 in e1882c5
The problem isn't when |
Ah, neat. So is this an accurate summary?
|
It is yes. One thing though |
So #392 fixes most of this. It still doesn't cache |
I made sure the issue is in bootsnap
I learned today that files loaded by YAML.safe_load_file are not cached. Searching this repository suggests this is the case with YAML.load_file and YAML.unsafe_load_file being supported but not YAML.safe_load_file.
Steps to reproduce
The application where this is relevant is using the Faker gem, thus stuck at Psych 3.3. To use safe_load_file in Psych 3.3 it has to be called explicitly (in Psych 4.0 it is the default for load_file).
Expected behavior
Files loaded with YAML.safe_load_file should be cached (at least for simple use cases).
Actual behavior
Files loaded with YAML.safe_load_file are not cached.
System configuration
Bootsnap version: 1.9.1
Ruby version: 2.6.3, 2.7.1
Rails version: 6.1.4.1
The text was updated successfully, but these errors were encountered: