Safe load yaml files

maybe-finance · Nov 1, 2024 · 09b2692 · 09b2692
1 parent 47288a1
commit 09b2692
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/db/seeds/exchanges.rb b/db/seeds/exchanges.rb
@@ -1,5 +1,10 @@
 # Load exchanges from YAML configuration
-exchanges_config = YAML.load_file(Rails.root.join('config', 'exchanges.yml'))
+exchanges_config = YAML.safe_load(
+  File.read(Rails.root.join('config', 'exchanges.yml')),
+  permitted_classes: [],
+  permitted_symbols: [],
+  aliases: true
+)
 
 exchanges_config.each do |exchange|
   next unless exchange['mic'].present? # Skip any invalid entries

diff --git a/lib/money/currency.rb b/lib/money/currency.rb
@@ -23,7 +23,12 @@ def new(object)
     end
 
     def all
-      @all ||= YAML.load_file(CURRENCIES_FILE_PATH)
+      @all ||= YAML.safe_load(
+        File.read(CURRENCIES_FILE_PATH),
+        permitted_classes: [],
+        permitted_symbols: [],
+        aliases: true
+      )
     end
 
     def all_instances