Fix for CVE-2020-14343

Per suggestion https://github.com/yaml/pyyaml/issues/420#issuecomment-663888344
move a few constructors from full_load to unsafe_load.
4 files changed
tree: dda2d8790c52b49a4c493638e1c00444bba80f59
  1. .github/
  2. examples/
  3. lib/
  4. lib3/
  5. packaging/
  6. tests/
  7. yaml/
  8. .appveyor.yml
  9. .gitignore
  10. announcement.msg
  11. CHANGES
  12. LICENSE
  13. Makefile
  14. MANIFEST.in
  15. pyproject.toml
  16. README.md
  17. setup.cfg
  18. setup.py
  19. tox.ini
README.md

PyYAML

A full-featured YAML processing framework for Python

Installation

To install, type python setup.py install.

By default, the setup.py script checks whether LibYAML is installed and if so, builds and installs LibYAML bindings. To skip the check and force installation of LibYAML bindings, use the option --with-libyaml: python setup.py --with-libyaml install. To disable the check and skip building and installing LibYAML bindings, use --without-libyaml: python setup.py --without-libyaml install.

When LibYAML bindings are installed, you may use fast LibYAML-based parser and emitter as follows:

>>> yaml.load(stream, Loader=yaml.CLoader)
>>> yaml.dump(data, Dumper=yaml.CDumper)

If you don't trust the input YAML stream, you should use:

>>> yaml.safe_load(stream)

Testing

PyYAML includes a comprehensive test suite. To run the tests, type python setup.py test.

Further Information

License

The PyYAML module was written by Kirill Simonov xi@resolvent.net. It is currently maintained by the YAML and Python communities.

PyYAML is released under the MIT license.

See the file LICENSE for more details.