Skip to content

Commit

Permalink
Added a security policy and updated README to warn against untrusted …
Browse files Browse the repository at this point in the history 
…schemas. (#175)

Added a security policy and updated README to warn against untrusted schemas.
  • Loading branch information
@sarahc23
sarahc23 authored Oct 11, 2021
1 parent 4384f79 commit 3e6b032
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
11 changes: 11 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
Yamale (ya·ma·lē)
=================

| :warning: Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally malicious schemas. |
|:------------|

<img src="https://github.com/23andMe/Yamale/blob/master/yamale.png?raw=true" alt="Yamale" width="400"/>

A schema and validator for YAML.
Expand Down Expand Up @@ -134,6 +137,10 @@ yamale.validate(schema, data)
```

### Schema

| :warning: Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally malicious schemas. |
|:------------|

To use Yamale you must make a schema. A schema is a valid YAML file with one or more documents
inside. Each node terminates in a string which contains valid Yamale syntax. For example, `str()`
represents a [String validator](#validators).
Expand Down Expand Up @@ -436,6 +443,10 @@ schema = yamale.make_schema('./schema.yaml', validators=validators)

Examples
--------

| :warning: Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally malicious schemas. |
|:------------|

### Using keywords
#### Schema:
```yaml
Expand Down
19 changes: 19 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Reporting Security Issues

Please see [Releases](https://github.com/23andMe/Yamale/releases). We accept
vulnerability reports for the latest major version.

If you believe you have found a security issue in this project, we encourage
you to submit your finding through 23andMe's
[Bugcrowd program](https://bugcrowd.com/twentythree-and-me) so that we can
appropriately reward you. If you're unable to do so, please use
[the security report form](https://www.23andme.com/security-report/) on our
website to reach us. We will respond to your report within 3 business
days.

Please follow the rules and guidelines stated in the
[Bugcrowd program brief](https://bugcrowd.com/twentythree-and-me). You can also
find our Responsible Disclosure Policy on our
[security report page](https://www.23andme.com/security-report/).

We appreciate your efforts in helping keep our software secure!

0 comments on commit 3e6b032

Please sign in to comment.