Merge pull request #44 from jamiemccarthy/jm-unsafe-load

Check syntax with unsafe_load / load
shortdudey123 · May 5, 2022 · 5cd0d51 · 5cd0d51
2 parents dab69a1 + 395f051
commit 5cd0d51
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ This file is used to list changes made in each version of the YamlLint gem.
 - **[PR #30](https://github.com/shortdudey123/yamllint/pull/30)** - Fix Style/PercentLiteralDelimiters offense
 - **[PR #37](https://github.com/shortdudey123/yamllint/pull/37)** - Update trollop to optimist to remove deprecation warnings
 - **[PR #42](https://github.com/shortdudey123/yamllint/pull/42)** - Allow empty YAML files
+- **[PR #44](https://github.com/shortdudey123/yamllint/pull/44)** - Check syntax with unsafe_load / load
 
 ## v0.0.9 (2016-09-16)
 - **[PR #24](https://github.com/shortdudey123/yamllint/pull/24)** - Update RSpec raise_error to be more specific

diff --git a/lib/yamllint/linter.rb b/lib/yamllint/linter.rb
@@ -102,7 +102,15 @@ def check_data(yaml_data, errors_array)
 
     # Check that the data is valid YAML
     def check_syntax_valid?(yaml_data, errors_array)
-      YAML.safe_load(yaml_data)
+      # For rationale behind the use of unsafe_load, and discussion, see:
+      # https://github.com/shortdudey123/yamllint/issues/43
+      # rubocop:disable Security/YAMLLoad
+      if YAML.respond_to?(:unsafe_load)
+        YAML.unsafe_load(yaml_data)
+      else
+        YAML.load(yaml_data)
+      end
+      # rubocop:enable Security/YAMLLoad
       true
     rescue YAML::SyntaxError => e
       errors_array << e.message