Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to disable limits added by PR #515 #632

Open
bartle-stripe opened this issue Jun 25, 2020 · 3 comments
Open

Add option to disable limits added by PR #515 #632

bartle-stripe opened this issue Jun 25, 2020 · 3 comments

Comments

@bartle-stripe
Copy link

A limit around aliases was added in #515 that's breaking parsing of YAML files. While I can appreciate wanting to address CVE-2019-11253, it seems like there ought to be an option to disable limits for trusted YAML files.
@niemeyer
Copy link
Contributor

Have you had trouble with the limits? Do you have a real-world sample document you can share?

Thanks for the report.

@bartle-stripe
Copy link
Author

It's from internal YAML configuration so I can't directly share it. The general pattern looks like:

common:
   foo: &foo
      <lots of lines>
   bar: &bar
      <lots of lines>
   ...
A:
  << *foo
  << *bar
  something: else
  another: thing

B:
  << *foo
  << *bar
  something: else
  another: thing

We're currently unable to upgrade past that PR, so yes, it's causing trouble.

@niemeyer
Copy link
Contributor

Okay, thanks, I'll look into it. We have a PR that I'm late on reviewing that is the first step towards supporting options in a better fashion. We can add that option afterwards.

@NathanZook NathanZook mentioned this issue Apr 22, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@niemeyer @bartle-stripe