Module: RosettAi::YamlLoader

Defined in:

lib/rosett_ai/yaml_loader.rb

Overview

Centralized YAML loading with bounds checking.

Enforces file-size, nesting-depth, and key-count limits to prevent denial-of-service via maliciously crafted YAML payloads.

Constant Summary

MAX_FILE_SIZE =

1 MB

1_048_576

MAX_DEPTH =

10

MAX_KEY_COUNT =

1000

Class Method Summary

• .load_file(path, permitted_classes: [Date, Time]) ⇒ Hash

  Loads and validates a YAML file with bounds checking.

Class Method Details

.load_file(path, permitted_classes: [Date, Time]) ⇒ Hash

Loads and validates a YAML file with bounds checking.

Enforces file size, nesting depth, and key count limits before returning the parsed data.

Parameters:

• path (String) —

  absolute path to the YAML file

• permitted_classes (Array<Class>) (defaults to: [Date, Time]) —

  classes allowed during safe loading

Returns:

• (Hash) —

  parsed YAML data

Raises:

• (RosettAi::ValidationError) —

  if file size, nesting depth, or key count exceeds the configured limits

# File 'lib/rosett_ai/yaml_loader.rb', line 28

def self.load_file(path, permitted_classes: [Date, Time])
  check_file_size!(path)
  data = YAML.safe_load_file(path, permitted_classes: permitted_classes)
  check_depth!(data, path)
  check_key_count!(data, path)
  data
end