def test_read_yaml_exec_flaw(capfd):
# We don't execute anything remote, but someone could give a bad build.yml..
util.read_yaml(
"""!!python/object/apply:os.system\nargs: ['echo arbitrary code execution!']"""
)
out, err = capfd.readouterr()
assert not out
assert not err
def test_read_yaml_exec_flaw(capfd):
# We don't execute anything remote, but someone could give a bad build.yml..
with pytest.raises(util.QuiltException) as exc_info:
util.read_yaml(
"""!!python/object/apply:os.system\nargs: ['echo arbitrary code execution!']"""
)
assert "could not determine a constructor for the tag" in str(
exc_info.value)
def test_read_yaml(tmpdir):
# Read a string
parsed_string = util.read_yaml(TEST_YAML)
fname = tmpdir / 'test_read_yaml.yml'
util.write_yaml(parsed_string, fname)
# Read file descriptor..
with fname.open('r') as f:
parsed_file = util.read_yaml(f)
assert parsed_file == parsed_string
# Read Path object
parsed_path_obj = util.read_yaml(pathlib.Path(fname))
assert parsed_string == parsed_path_obj
def test_yaml_has_comments(tmpdir):
no_comments_yaml = """blah: foo\nfizz: boop"""
assert not util.yaml_has_comments(util.read_yaml(no_comments_yaml))
assert util.yaml_has_comments(util.read_yaml(TEST_YAML))