Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#31896 closed New feature (wontfix)

Using unsafe PyYAML utils when loading fixtures.

Reported by: German Prostakov Owned by: nobody
Component: Core (Serialization) Version: 3.1
Severity: Normal Keywords: fixtures
Cc: Aymeric Augustin Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by German Prostakov)

Currently, Django uses PyYAML's SafeLoader to load fixtures which prevent to use some advance utils like !!python/object/apply. To create dates related to the current date, for example, and not static dates that you have to update over time so that they aren't too old.

Anyway, there could be many reasons why a developer would want to use such an util in fixtures. And I believe it should be safe to use UnsafeLoader for fixtures since this is certainly a data that developers create themselves.

Opened a PR:

Change History (4)

comment:1 by German Prostakov, 4 years ago

Description: modified (diff)

comment:2 by German Prostakov, 4 years ago

Description: modified (diff)

comment:3 by Mariusz Felisiak, 4 years ago

Cc: Aymeric Augustin added
Component: Core (Management commands)Core (Serialization)
Resolution: wontfix
Status: newclosed
Summary: Allow using unsafe PyYAML utils when loading fixturesUsing unsafe PyYAML utils when loading fixtures.

Thanks for this ticket, however we've changed to a safe loader in Django 1.4 (see d71b4309ca3c4c7aafc446404f86499c7366a771) and I don't see a strong reason to revert it. You can always create your own serializer, and add it to the SERIALIZATION_MODULES setting if you need to use the UnsafeLoader.

comment:4 by German Prostakov, 4 years ago

Oh, thanks! I did not think about SERIALIZATION_MODULES, this seems like a better approach indeed!

Note: See TracTickets for help on using tickets.
Back to Top