I’m trying to set the atTime parameter of logging.config.TimedRotatingFileHandler. I can do this via standard Python code; however, my project uses the dictionary schema in YAML format.
The purpose of safe_load is specifically to avoid unsafe interpretation of the YAML contents, such as creating objects of arbitrary types (like datetime.time). If you trust the source, the documentation explains how to describe custom class instances in the YAML, but again keep in mind that this is insecure, in the same way as using Pickle.
If I put yaml datetime.timeinto a search engine I can fairly easily find a more specific solution:
In addition to the advice from @kknechtel you may want to consider not putting python objects into your yaml at all.
You could replace the atTime and class with strings that you parse and map into objects after you safe_load the yaml. That way the details of your implementation are not required in the config.
Thank you. I can see this isn’t as straightforward as I thought it was going to be. Still, it’s a good way to learn how to do things like this correctly.
At the moment, I’m the only person using the config, but that could change, and I’d prefer not to create potential security issues with yaml.load(..., yaml.Loader) if I don’t need to.
Hard-coding a timestamp in the yaml file works with yaml.safe_load(), but I think @barry-scott’s suggestion is more practical.
I really like the sound of this, although perhaps I’m misunderstanding your suggestion. logging.handlers.TimedRotatingFileHandler is a string in the returned dictionary.
Are you saying I should insert the string "logging.handlers.TimedRotatingFileHandler" into the returned dictionary?