From https://pyyaml.org/wiki/PyYAMLDocumentation
- Loader supports all predefined tags and may construct an arbitrary Python object. Therefore it is not safe to use Loader to load a document received from an untrusted source. By default, the functions scan, parse, compose, construct, and others use Loader.
- SafeLoader(stream) supports only standard YAML tags and thus it does not construct class instances and probably safe to use with documents received from an untrusted source. The functions safe_load and safe_load_all use SafeLoader to parse a stream.
- BaseLoader(stream) does not resolve or support any tags and construct only basic Python objects: lists, dictionaries and Unicode strings.
For our project we are using the Baseloader, and do not want to use safeLoader, as this would not leave integer values as strings. The baseloader is not the unsafe FullLoader, and should not be flagged as an exception to S506.
Code to reproduce:
with open('testfile.yaml') as fhandle:
loader_yaml = yaml.load(fhandle, Loader=yaml.Baseloader)Ruff setting: [select = "S506"]
Ruff version: 0.6.8
From https://pyyaml.org/wiki/PyYAMLDocumentation
For our project we are using the Baseloader, and do not want to use safeLoader, as this would not leave integer values as strings. The baseloader is not the unsafe FullLoader, and should not be flagged as an exception to S506.
Code to reproduce:
Ruff setting: [select = "S506"]
Ruff version: 0.6.8