Breaking change with `Yaml.safe_load` #571

poloka · 2022-01-07T19:34:51Z

poloka
Jan 7, 2022

Issue

It looks like psych-4.x included a breaking change to how YAML.safe_load executes causing a wrong number of arguments error when using the old format for performing a safe_load. Take specific note of the differences in the following output on the testing of Testing 'YAML.safe_load' with options: ([], [], true) using psych-3.3.2 on 2.6.6 vs Testing 'YAML.safe_load' with options: ([], [], true) using psych-4.0.3 on 2.6.6.

Investigation

Using the following code:

require 'yaml'
require 'erb'

def file_path
  file_path = File.join(Dir.pwd, 'test.yml')
end

def safe_load_old(**options)
  puts '*' * 100
  puts "Testing 'YAML.safe_load' with options: ([], [], #{options[:aliases]}) using psych-#{Psych::VERSION} on #{RUBY_VERSION}"
  call_function do
    puts YAML.safe_load(ERB.new(File.read(file_path)).result, [], [], options[:aliases])
  end
end

def safe_load_new(**options)
  puts '*' * 100
  puts "Testing 'YAML.safe_load' with options: (#{options}) using psych-#{Psych::VERSION} on #{RUBY_VERSION}"
  call_function do
    puts YAML.safe_load(ERB.new(File.read(file_path)).result, **options)
  end
end

def call_function
  yield
rescue Psych::DisallowedClass, Psych::BadAlias, Errno::ENOENT, ArgumentError => e
  puts "Error loading the '#{file_path}' located at '#{file_path}'. #{e.message}"
  puts "Backtrace:\n\t#{e.backtrace.join("\n\t")}"
end

safe_load_old(aliases: false)
safe_load_old(aliases: true)
safe_load_new(aliases: false)
safe_load_new(aliases: true)

Loading the following file:

default: &default
 enabled: true
 output: <%= ENV['TIMBER_OUTPUT'] || 'STDOUT' %>
 format: <%= ENV['TIMBER_FORMAT'] || 'JSON' %>

development:
 <<: *default

staging:
 <<: *default

Ruby 2.6 with psych-3.3.2 output

****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], false) using psych-3.3.2 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych.rb:362:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:31:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], true) using psych-3.3.2 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>false}) using psych-3.3.2 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych.rb:362:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:20:in `block in safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:19:in `safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:33:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>true}) using psych-3.3.2 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}

Ruby 2.6 with psych-4.0.3 output

****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], false) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. wrong number of arguments (given 4, expected 1)
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:323:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:31:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], true) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. wrong number of arguments (given 4, expected 1)
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:323:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:32:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>false}) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:335:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:20:in `block in safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:19:in `safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:33:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>true}) using psych-4.0.3 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}

ixti · 2022-01-08T16:53:39Z

ixti
Jan 8, 2022

It's not only about safe_load it also breaks load and load_file as well when anchors are used:

# file: test.rb
require "yaml"

puts "RUBY:    #{RUBY_VERSION}"
puts "PSYCH:   #{Psych::VERSION}"
puts "LIBYAML: #{Psych::LIBYAML_VERSION}"

source = <<~YAML
  foo: &foo
    a: 1
    b: 2
  bar:
    <<: *foo
    a: 2
YAML

puts YAML.load(source)

$ chruby-exec ruby-3.0 -- ruby ./test.rb
RUBY:    3.0.3
PSYCH:   3.3.2
LIBYAML: 0.2.5
{"foo"=>{"a"=>1, "b"=>2}, "bar"=>{"a"=>2, "b"=>2}}

$ chruby-exec ruby-3.1 -- ruby ./test.rb
RUBY:    3.1.0
PSYCH:   4.0.3
LIBYAML: 0.2.5
/home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias': Unknown alias: foo (Psych::BadAlias)
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
        ...

0 replies

colemannugent · 2022-01-14T19:19:23Z

colemannugent
Jan 14, 2022

Ran into this issue when devise_ldap_authenticatable attempted to parse a LDAP YAML config file that is almost identical to @poloka's original example.

It looks like load internally calls safe_load with a few preset options:

psych/lib/psych.rb

Lines 369 to 376 in ba203f1

    
           def self.load yaml, permitted_classes: [Symbol], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false 
        
             safe_load yaml, permitted_classes: permitted_classes, 
        
                             permitted_symbols: permitted_symbols, 
        
                             aliases: aliases, 
        
                             filename: filename, 
        
                             fallback: fallback, 
        
                             symbolize_names: symbolize_names, 
        
                             freeze: freeze

Based on a quick glance, it looks like this commit 1764942 8 months ago by @tenderlove is when this behavior was introduced.

I'm currently working around this by removing the anchor and aliases and manually duplicating some config.

I'm still kinda new to the Ruby software ecosystem, but this seems particularly annoying since most users of Psych don't pull it in as a gem and thus don't explicitly vendor it in their Gemfiles.

0 replies

tenderlove · 2022-01-22T21:48:08Z

tenderlove
Jan 22, 2022
Maintainer

@colemannugent if the YAML documents you're loading are trusted (IOW can't be controlled by external users) you can use YAML.unsafe_load

0 replies

colemannugent · 2022-01-27T19:22:06Z

colemannugent
Jan 27, 2022

@tenderlove In this case I'm not calling Psych directly. I ran into this issue when a gem I use (devise_ldap_authenticatable) attempted to parse a YAML config file that I used anchors and aliases in to avoid repetition.

It looks like the way to resolve this is to alert most downstream users of Psych that they'll have examine where they load YAML and determine if it's safe to use unsafe_load.

0 replies

nbeyer · 2022-02-09T18:27:50Z

nbeyer
Feb 9, 2022

FWIW - A contributor to this situation is an update to rdoc for version 6.4. Version 6.4 of rdoc added a psych >= 4.0.0 dependency. It seems rdoc is requiring a major version change to a dependency in a minor version change.

0 replies

dgm · 2022-02-28T15:56:43Z

dgm
Feb 28, 2022

I also ran into this from a github dependabot upgrade of rdoc. (sdoc -> rdoc -> psych)

0 replies

ashish-dimri4 · 2022-05-18T15:00:23Z

ashish-dimri4
May 18, 2022

sdoc -> rdoc -> psych

@dgm I also ran into this issue. Please guide if there is any solution.

0 replies

Farom · 2022-05-24T07:17:56Z

Farom
May 24, 2022

This change breaks facter "custom facts" in production.

Please guide if there is any solution.

0 replies

MadhuraVp7 · 2022-08-07T18:14:14Z

MadhuraVp7
Aug 7, 2022

Hi is there any solution, Even I am facing similar kind of issue. Which is working fine locally but failing at Jenkins when running in a container.
Please find the error attached
Error: failed to execute "ruby": /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'initialize': No such file or directory @ rb_sysopen - util/ccr_directory_mapping_v2.yaml (Errno::ENOENT) from /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'open' from /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'load_file'

0 replies

truptimemoryai · 2023-01-24T09:16:07Z

truptimemoryai
Jan 24, 2023

This worked for me on psych 4.0.3 and Ruby 3.1.2
Replaced
YAML.safe_load(yaml, [],[], true) which gave wrong number of arguments (given 4, expected 1) (ArgumentError)
with
YAML.safe_load(yaml, aliases: true)
Reference: https://ruby-doc.org/stdlib-3.1.2/libdoc/psych/rdoc/Psych.html#method-c-safe_load

0 replies

poloka · 2023-10-30T14:41:40Z

poloka
Oct 30, 2023
Author

When running the test with the latest psych-5.1.1.1 looks like there is a more descriptive error message. 4.0.6 would indicate:

Unknown alias: default

And 5.1.1.1 now indicates

Alias parsing was not enabled. To enable it, pass `aliases: true` to 'Psych::load' or 'Psych::safe_load'.

So it would seem that the breaking change to how the safe_load remains and it requires consumer to update their rubygem to pass the aliases: true option.

0 replies

arinchoi03 · 2024-02-01T20:18:14Z

arinchoi03
Feb 1, 2024

I replaced YAML.safe_load(yaml, options || {}, aliases: true) which gave wrong number of arguments (given 2, expected 1) (ArgumentError)
to
YAML.safe_load(yaml, **options || {}, aliases: true) which let me pass my tests...

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Breaking change with `Yaml.safe_load` #571

{{title}}

Replies: 12 comments

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

Select a reply

Breaking change with Yaml.safe_load #571

Issue

Investigation

Ruby 2.6 with psych-3.3.2 output

Ruby 2.6 with psych-4.0.3 output

Replies: 12 comments

tenderlove Jan 22, 2022 Maintainer

poloka Oct 30, 2023 Author

Breaking change with `Yaml.safe_load` #571

tenderlove
Jan 22, 2022
Maintainer

poloka
Oct 30, 2023
Author