switch to ruamel.yaml, use C loader if available, only load safely (#20)

mr-c · mr-c · commit 2514a23c3bde · 2016-04-28T13:46:28.000+02:00
diff --git a/README.rst b/README.rst
@@ -70,6 +70,6 @@ provides for robust support of inline documentation.
 .. _JSON-LD: http://json-ld.org
 .. _Avro: http://avro.apache.org
 .. _metaschema: https://github.com/common-workflow-language/schema_salad/blob/master/schema_salad/metaschema/metaschema.yml
-.. _specification: https://common-workflow-language.github.io/draft-3/SchemaSalad.html
+.. _specification: http://www.commonwl.org/draft-3/SchemaSalad.html
 .. _Language: https://github.com/common-workflow-language/common-workflow-language/blob/master/draft-3/CommandLineTool.yml
 .. _RDF: https://www.w3.org/RDF/
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
 requests
-PyYAML
+ruamel.yaml
 rdflib >= 4.1.
 rdflib-jsonld >= 0.3.0
 mistune
diff --git a/schema_salad/jsonld_context.py b/schema_salad/jsonld_context.py
@@ -1,6 +1,10 @@
 import shutil
 import json
-import yaml
+import ruamel.yaml as yaml
+try:
+        from ruamel.yaml import CSafeLoader as SafeLoader
+except ImportError:
+        from ruamel.yaml import SafeLoader
 import os
 import subprocess
 import copy
@@ -157,6 +161,6 @@ def salad_to_jsonld_context(j, schema_ctx):
 
 if __name__ == "__main__":
     with open(sys.argv[1]) as f:
-        j = yaml.load(f)
+        j = yaml.load(f, Loader=SafeLoader)
         (ctx, g) = salad_to_jsonld_context(j)
         print(json.dumps(ctx, indent=4, sort_keys=True))
diff --git a/schema_salad/main.py b/schema_salad/main.py
@@ -9,7 +9,6 @@
 import json
 from rdflib import Graph, plugin
 from rdflib.serializer import Serializer
-import yaml
 import os
 try:
     import urlparse
diff --git a/schema_salad/makedoc.py b/schema_salad/makedoc.py
@@ -1,7 +1,6 @@
 import mistune
 from . import schema
 import json
-import yaml
 import os
 import copy
 import re
diff --git a/schema_salad/ref_resolver.py b/schema_salad/ref_resolver.py
@@ -9,7 +9,11 @@
     import urlparse
 except:
     import urllib.parse as urlparse
-import yaml
+import ruamel.yaml as yaml
+try:
+        from ruamel.yaml import CSafeLoader as SafeLoader
+except ImportError:
+        from ruamel.yaml import SafeLoader
 from . import validate
 import pprint
 try:
@@ -456,7 +460,7 @@ def fetch(self, url):
             else:
                 text = StringIO(text)
             text.name = url
-            result = yaml.load(text)
+            result = yaml.load(text, Loader=SafeLoader)
         except yaml.parser.ParserError as e:
             raise validate.ValidationException("Syntax error %s" % (e))
         if isinstance(result, dict) and self.identifiers:
diff --git a/schema_salad/schema.py b/schema_salad/schema.py
@@ -4,7 +4,11 @@
 import sys
 import pprint
 from pkg_resources import resource_stream
-import yaml
+import ruamel.yaml as yaml
+try:
+        from ruamel.yaml import CSafeLoader as SafeLoader
+except ImportError:
+        from ruamel.yaml import SafeLoader
 import avro.schema
 from . import validate
 import json
@@ -142,7 +146,8 @@ def get_metaschema():
     loader.cache["https://w3id.org/cwl/salad"] = rs.read()
     rs.close()
 
-    j = yaml.load(loader.cache["https://w3id.org/cwl/salad"])
+    j = yaml.load(loader.cache["https://w3id.org/cwl/salad"],
+            Loader=SafeLoader)
     j, _ = loader.resolve_all(j, "https://w3id.org/cwl/salad#")
 
     #pprint.pprint(j)
diff --git a/schema_salad/validate.py b/schema_salad/validate.py
@@ -1,6 +1,5 @@
 import pprint
 import avro.schema
-import yaml
 import sys
 try:
     import urlparse
diff --git a/setup.py b/setup.py
@@ -24,13 +24,13 @@
     # In tox, it will cover them anyway.
     requirements = []
 
-install_requires=[
-      'requests',
-      'PyYAML',
-      'rdflib >= 4.1.0',
-      'rdflib-jsonld >= 0.3.0',
-      'mistune',
-      'typing']
+install_requires = [
+    'requests',
+    'ruamel.yaml',
+    'rdflib >= 4.1.0',
+    'rdflib-jsonld >= 0.3.0',
+    'mistune',
+    'typing']
 
 if sys.version_info.major < 3:
     install_requires.append("avro")
diff --git a/tests/test_examples.py b/tests/test_examples.py
@@ -3,7 +3,11 @@
 import schema_salad.main
 import schema_salad.schema
 import rdflib
-import yaml
+import ruamel.yaml as yaml
+try:
+        from ruamel.yaml import CSafeLoader as SafeLoader
+except ImportError:
+        from ruamel.yaml import SafeLoader
 
 class TestSchemas(unittest.TestCase):
     def test_schemas(self):
@@ -111,11 +115,13 @@ def test_examples(self):
         for a in ["field_name", "ident_res", "link_res", "vocab_res"]:
             ldr, _, _ = schema_salad.schema.load_schema("schema_salad/metaschema/%s_schema.yml" % a)
             with open("schema_salad/metaschema/%s_src.yml" % a) as src_fp:
-                src = ldr.resolve_all(yaml.load(src_fp), "")[0]
+                src = ldr.resolve_all(yaml.load(src_fp, Loader=SafeLoader), "")[0]
             with open("schema_salad/metaschema/%s_proc.yml" % a) as src_proc:
-                proc = yaml.load(src_proc)
+                proc = yaml.load(src_proc, Loader=SafeLoader)
             self.assertEqual(proc, src)
 
+    def test_yaml_float_test(self):
+        self.assertEqual(yaml.load("float-test: 2e-10")["float-test"], 2e-10)
 
 if __name__ == '__main__':
     unittest.main()
