- changed status to open
Require a key in mapping to be a scalar
Issue #549
open
To avoid endless false positives with parsing untrusted data we may prohibit the key in mapping to be a complex structure (sequence or mapping). Only scalars will be accepted (str, number, boolean etc)
Comments (4)
-
reporter -
reporter - changed title to Require a key in mapping to be a scalar
-
Will this create a problem with mapping JavaBeans which contain other complex beans?
-
reporter it will. The configuration will serve a single purpose - to stop low quality tooling to report vulnerabilities.
When parsing from untrusted source, it will reject a document quickly when it contains complex data structures.
When the YAML document is trusted, this setting is useless and should not be used - Log in to comment