YAML and more at the Perl Toolchain Summit 2019
This year, I was happy to hear I would be invited again to the Perl Toolchain Summit, an annual event with about 30-35 people hacking four days on toolchain related stuff, improving user experience.
This time it was held in Marlow, a small city two hours from London, in an old abbey which was beautiful (but cold!).
YAML::PP
My main goal was to get a big step closer to make YAML::PP more compatible to existing YAML modules.
You should now (v0.013) be able to use it for many cases as a drop-in replacement for YAML.pm, YAML::XS or YAML::Syck. Version 0.014 is on its way but there are CPAN infrastructure problems.
Generic Perl Objects and Types
In the weeks before the summit I had already implemented loading and dumping of generic perl objects and types (scalar references, regexes, code, ...). This is how you use it:
my $yp = YAML::PP->new( schema => [qw/ JSON Perl /] );
For convenience, you can also use YAML::PP::Perl:
my $yp = YAML::PP::Perl->new;
Dumping code references is on by default, as it is not dangerous. (Well, please let me know if it is...).
You can activate (dangerous) loading code like this:
my $yp = YAML::PP->new( schema => [qw/ JSON Perl +loadcode /] );
Now one issue was that YAML.pm, YAML::XS and YAML::Syck used the tag
!!perl...
for that, while the YAML spec rather recommends using
!perl...
, as two exclamation marks are a shorthand for the official
YAML namespace. Python for example uses !python...
.
See Support both !perl/...
and !!perl/...
tags.
So I decided to support both and let users choose.
With the next version you can decide which tag type you want to use. You can also use both for loading and one for dumping.
my $yp = YAML::PP->new(
schema => [qw/ JSON Perl tag=!!perl+!perl /],
);
!perl
: Only!perl/type
tags are supported. (default)!!perl
: Only!!perl/type
tags are supported.!perl+!!perl
: Both!perl/type
and!!perl/tag
are supported when loading. When dumping,!perl/type
is used.!!perl+!perl
: Both!perl/type
and!!perl/tag
are supported when loading. When dumping,!!perl/type
is used.
Additionally, all supported types are documented clearly in the EXAMPLES section. I use this data for testing and generate the documentation from it to make sure everything is documented at all times.
Please note that in version 0.013 the tag style notation looked different. I wanted to upload version 0.014 but currently something in the CPAN infrastructure seems broken, so no new modules are showing up on MetaCPAN.
How to serialize Binary Data in YAML?
This is possible by encoding the binary data with Base64. A special tag
!!binary
exists for that. It's not explicitly mentioned in the YAML 1.2 Spec.
It's listed in the Type Repository under Binary Data
Language-Independent Type for YAML™ Version
1.1.
canonical: !!binary "\
R0lGODlhDAAMAIQAAP//9/X17unp5WZmZgAAAOfn515eXvPz7Y6OjuDg4J+fn5\
OTk6enp56enmlpaWNjY6Ojo4SEhP/++f/++f/++f/++f/++f/++f/++f/++f/+\
+f/++f/++f/++f/++f/++SH+Dk1hZGUgd2l0aCBHSU1QACwAAAAADAAMAAAFLC\
AgjoEwnuNAFOhpEMTRiggcz4BNJHrv/zCFcLiwMWYNG84BwwEeECcgggoBADs="
description:
The binary value above is a tiny arrow encoded as a gif image.
You can use this by adding the Binary
Schema:
my $yp = YAML::PP->new( schema => [qw/ JSON Binary /] );
It also encodes binary data when dumping. It looks if there are any non-ASCII characters in a string, and if it is utf8 decoded or not. Please try it out and let me know if it is encoding data which shouldn't be encoded.
Outlook
There is more stuff that I did on YAML::PP and plan to do soon. I will blog about that seperately.
The modules are still not completely compatible, for example regarding
how things like null
, true
, True
, TRUE
, etc. are loaded.
YAML.pm, YAML::XS and YAML::Syck never really implemented the official types and also are different to each other, so it's hard to provide a compatible drop-in replacement. Not complicated, but a lot of typing and testing.
YAML.pm
I did a security fix to YAML.pm. You
(hopefully) know that you shouldn't use the default YAML loader on untrusted
input, because $YAML::LoadBlessed
is true by default. The exploit is tricky
and might not work in every case. However, there's a much simpler exploit which
lets you set any package variable by loading a specially crafted YAML file:
--- !!perl/glob
PACKAGE: YAML
NAME: LoadCode
SCALAR: 1
EOM
You can probably guess that after loading this YAML, loading code is
activated, which involves an eval
.
Please update YAML.pm to 1.28, where you have to enable glob loading via
the $YAML::LoadCode
option itself.
When I stumbled upon this last year, I made it already safer by only loading
globs when $YAML::LoadBlessed
is set, but that is still try by default,
and actually it isn't related to bless
ing.
Inline.pm
There were some issues and Pull Requests for Inline.pm. I reviewed, quickly checked with Ingy and made a new release.
MetaCPAN command line client
I started a little command line client which uses MetaCPAN::Client.
It uses my App::Spec framework. It uses subcommands and completion and I hope it will make it easier to play around with the MetaCPAN API.
So far it is only on GitHub.
Thanks
Thanks to the organizers and sponsors for this Summit!
Organizers
Everything went smooth, which is usually a result of hard working organizers, Neil, BooK and Laurent.
Special thanks to Neil for baking us vegan blueberry muffins!
Food
One thing I always look forward to is the excellent catering by Wendy. A lot of healthy vegetables (and not so healthy sweets). I like eating raw vegetables, but at home I'm often too lazy to prepare it. Wendy went shopping, cut and peeled stuff and also took care for vegan needs, for example. ❤️❤️❤️
Sponsors for the Perl Toolchain Summit 2019
Booking.com, cPanel, MaxMind, FastMail, ZipRecruiter, Cogendo, Elastic, OpenCage Data, Perl Services, Zoopla, Archer Education, OpusVL, Oetiker+Partner, SureVoIP, YEF.
It's always a pleasure to take care of the needs of the vegans, vegetarians, allergics, picky, and the others. Finding the right stuff is always a challenge. And you are always so grateful, it is so nice to see you eat more than you expected. And I am a little bit sorry I giggled when you said you ate too much and your belly was now showing.
No need for being sorry, Wendy! =)