Default setup gives Unknown alias "database" for database yaml.

Question

Default setup gives Unknown alias "database" for database yaml.

Closed this issue 3 years ago · 1 comments

When following along with the Getting Started I ran into a minor problem:

The database.yml raises:

Psych::BadAlias:
  Unknown alias: database

This is due to the fact YAML.safe_load has aliases: false by default: https://ruby-doc.org/stdlib-2.6.1/libdoc/psych/rdoc/Psych.html#method-c-safe_load (https://stackoverflow.com/questions/22664614/rails4-psychbadalias-unknown-alias-test)

I can whip up a PR that adds an aliases: true to in lib/sequent/support/database.rb. Or I can make a PR where the database.yml has no aliases. I'd personally would go for the first, but am not entirely certain why psych has it disabled: probably it's insecure, and if so, is it still so when we control the file ourselves rather than Psych from aribtrary web-data?

Answer 1 · 2021-12-14T10:06:12.000Z

Not sure if it is unsafe, but we can safely add it when loading the database.yml since it is not user input.