Rename load to dangerous_load

Issue #3 new
Devin Jeanpierre
created an issue

As per Ned Batchelder's proposal, why not rename load to dangerous_load, and alias safe_load to load? (Or perhaps, leave load undefined, so that secure code doesn't become insecure when run on an earlier version of PyYAML)

If this is done, code can no longer be accidentally insecure through forgetfulness or lack of care. Instead, people will only have the ability to run arbitrary code if they specifically intend for that and all its consequences.

The downside is losing backwards compatibility. Maybe the move could be done in a two-step process that deprecates load first?

Comments (5)

  1. TomRitchford

    It's a security vulnerability - old code should break if there isn't an automatic way to fix it.

    I would, however, suggest keeping load_safe/dump_safe etc for at least a couple of releases, as that costs you nothing.

  2. Nicholas Chammas

    I second the suggestion to keep the safe_() methods arounds for a bit. I would also suggest unsafe_() as an alternative to dangerous_(), since that terminology is more common.

    So the methods would end up looking like this:

    • Safe methods:
      • safe_load(), load()
      • safe_dump(), dump()
    • Unsafe methods:
      • unsafe_load()
      • unsafe_dump()
  3. Log in to comment