Safe load yaml files

2026-04-07 14:31:25 +00:00 · 2024-11-01 09:42:00 -04:00
parent 47288a1629
commit 09b269273a
2 changed files with 12 additions and 2 deletions
--- a/db/seeds/exchanges.rb
+++ b/db/seeds/exchanges.rb
@@ -1,5 +1,10 @@
 # Load exchanges from YAML configuration
-exchanges_config = YAML.load_file(Rails.root.join('config', 'exchanges.yml'))
+exchanges_config = YAML.safe_load(
+  File.read(Rails.root.join('config', 'exchanges.yml')),
+  permitted_classes: [],
+  permitted_symbols: [],
+  aliases: true
+)

 exchanges_config.each do |exchange|
  next unless exchange['mic'].present? # Skip any invalid entries
--- a/lib/money/currency.rb
+++ b/lib/money/currency.rb
@@ -23,7 +23,12 @@ class Money::Currency
    end

    def all
-      @all ||= YAML.load_file(CURRENCIES_FILE_PATH)
+      @all ||= YAML.safe_load(
+        File.read(CURRENCIES_FILE_PATH),
+        permitted_classes: [],
+        permitted_symbols: [],
+        aliases: true
+      )
    end

    def all_instances