snakeyaml / snakeyaml / issues / #549 - Require a key in mapping to be a scalar — Bitbucket

Issue #549 open

Andrey Somov created an issue 2022-09-12

To avoid endless false positives with parsing untrusted data we may prohibit the key in mapping to be a complex structure (sequence or mapping). Only scalars will be accepted (str, number, boolean etc)

‌

Comments (4)

Andrey Somov reporter
- changed status to open
- 2022-09-12T15:14:26+00:00
Andrey Somov reporter
- changed title to Require a key in mapping to be a scalar
- 2022-09-12T17:19:47+00:00
Matt D.
Will this create a problem with mapping JavaBeans which contain other complex beans?

‌
- 2022-09-23T06:53:19+00:00
Andrey Somov reporter
it will. The configuration will serve a single purpose - to stop low quality tooling to report vulnerabilities.
When parsing from untrusted source, it will reject a document quickly when it contains complex data structures.
When the YAML document is trusted, this setting is useless and should not be used
- 2022-09-23T08:45:44+00:00
Log in to comment

Assignee: Andrey Somov

Type: enhancement

Priority: major

Status: open

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!