Python difference between yaml.load and yaml.safe_load

Question

I am seeing that PyYaml, truncates zero's while loading from yaml file, if one uses: yaml.safe_load(stream).

It can be fixed, if one uses yaml.load(stream, Loader=yaml.BaseLoader), but is that advisable?

It works with yaml.load and zeros are not truncated.

I want to understand that would it be safe to switch to yaml.load instead of yaml.safe_load?

Example:

Test yaml content:

$cat test.yml
number: 5.10

Code:

$python -c 'import yaml, sys; content = yaml.safe_load(sys.stdin); 
print(content) ' < test.yml
{'number': 5.1}

<< It truncates the 0 at the end. But that is due to floating point value >>

whereas what I want is the exact number as is.

$python -c 'import yaml, sys; content = yaml.load(sys.stdin, 
Loader=yaml.BaseLoader); print(content) ' < test.yml
{u'number': u'5.10'}

Is that the correct approach to change it to yaml.load ?

Answer 1

yaml.safe_load(sys.stdin) just does yaml.load(sys.stdin, Loader=yaml.SafeLoader).

The facilities to execute arbitrary Python code (which makes loading unsafe) are implemented in yaml.Loader which is used by default. yaml.BaseLoader does not contain them. Therefore, if you use yaml.BaseLoader, loading will not execute arbitrary Python code (that is, unless you yourself register custom constructors with yaml.BaseLoader).