Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Why YAML is better than JSON (read before screaming)

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Why YAML is better than JSON (read before screaming)


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: dev.to

You have probably seen or used the YAML format in configuration files.
YAML (a recursive acronym for โ€œYAML Ainโ€™t Markup Languageโ€) is a human-friendly data serialization language for all programming languages, like the JSON format.

The YAML files are mostly written using the Python-style indentation to indicate nesting such as the following example of a Dofigen file:

# An anchor
from: &image "docker.io/bitnami/node:18"
# A string field
workdir: /app
# An object list
builders:
  # An object
  - name: module-loader
    from: *image
    workdir: /tmp/module
    adds:
      - package.json
      - package-lock.json
    script:
      - npm i --production --cache /tmp/cache
    caches:
      - /tmp/cache
  - name: builder
    from: *image
    workdir: /tmp/app
    adds:
      - .
    script:
      - npm i --cache /tmp/cache
      - npm run build
    caches:
      - /tmp/cache
artifacts:
  - builder: module-loader
    source: /tmp/module/
    destination: "."
  - builder: builder
    source: /tmp/app/dist/
    destination: dist/
  - builder: builder
    source: /tmp/app/resources/
    destination: resources/
# A string list
cmd:
  - npm
  - start
# An integer list
ports:
  - 3000
ignores:
- "**"
- "!/*.json"
- "!/src/"
- "!/resources/"

You may say:

OK, the YAML is great and very readable but how could it be better than JSON ?
They are just two different formats.

That's true, but I will show you how YAML is at least as good as JSON.

YAML is at least as good as JSON

The YAML format permits many ways to define the data.
We will see here the different ways:

  • strings
  • arrays/list
  • objects/strutures

strings

The basic string description is just writing the string:

myString: My super string

In order to disambiguate other data types like numbers or booleans, we can define the string by surrounding the value with simple quotes(') or double quotes("):

myString: "My super string"
alsoString: '10'
stringNotBoolean: "true"

For multiline strings we also can use two specific descriptions:

myString: >
  My super 
  multiline string

  Second line
otherString: |
  The other super multiline string
  Second line

Look at this website to read more about it.

arrays/lists

The main array description in YAML is the next one:

myArray:
- My string value
- 42

But YAML also permits the use of another syntax, by surrounding the array elements with brackets ([ and ]), very useful for short or empty arrays:

myShortArray: [first, second]
emptyArray: []

objects/structures

The main object description in YAML is the following one:

name: My string
age: 24
subobject: 
  nestedField: The value

That would result to the next JSON object:

{
  "name": "My string",
  "age": 24,
  "subobject": {
    "nestedField": "The value"
  }
}

But the YAML format also permits the use of braces ({ and }) to surround the object fields and they can be separated by a comma+space instead of a new line.
It also permits the use of simple quotes(') or double quotes(") arround the field name.
Here is the same object with this syntax:

{
  'name': My string,
  "age": 24,
  subobject: { nestedField: The value }
}

Merged YAML secondary format

Do you see where I'm going with this ?

Here is another way to describe the initial YAML example, but using the syntaxes seen previously:

{
  # An anchor
  "from": &image "docker.io/bitnami/node:18",
  # A string field
  "workdir": "/app",
  # An object list
  "builders": [
    # An object
    {
      "name": "module-loader",
      "from": *image,
      "workdir": "/tmp/module",
      "adds": [
        "package.json",
        "package-lock.json"
      ],
      "script": [ "npm i --production --cache /tmp/cache" ],
      "caches": [ "/tmp/cache" ]
    },
    {
      "name": "builder",
      "from": *image,
      "workdir": "/tmp/app",
      "adds": [ "." ],
      "script": [
        "npm i --cache /tmp/cache",
        "npm run build"
      ],
      "caches": [ "/tmp/cache" ]
    }
  ],
  "artifacts": [
    {
      "builder": "module-loader",
      "source": "/tmp/module/",
      "destination": "."
    },
    {
      "builder": "builder",
      "source": "/tmp/app/dist/",
      "destination": "dist/"
    },
    {
      "builder": "builder",
      "source": "/tmp/app/resources/",
      "destination": "resources/"
    }
  ],
  # A string list
  "cmd": [ "npm", "start" ],
  # An integer list
  "ports": [ 3000 ],
  "ignores": [
    "**",
    "!/*.json",
    "!/src/",
    "!/resources/"
  ]
}

Does it look familiar ?
Yes, the YAML format is fully compatible with JSON data.

But there are still some elements that you can't find in JSON format.

YAML additional features

The YAML format also has many interesting additional features, let's take a look at some of those I use in my projects.

Comments

One of the features that I miss the most in JSON files is the comments.
How many times I tried to comment a dependency in a package.json file or a configuration...

In YAML, you can comment a line by just adding a hashtag (#) before the line content.
So simple !

# my comment

Anchors

YAML format also lets you avoid repeating data in your configuration files thanks to the anchors.
With this feature you can define an anchor (&) by setting its name before a value (of any type).
You can then use an alias (*) as value of another field (later in the same YAML file).

The anchors let you change a value used many times at a single point like from Docker image in the initial example:

# An anchor
from: &image "docker.io/bitnami/node:18"
...
builders:
  # An object
  - name: module-loader
    from: *image
...

This is even more useful for objects and arrays.

YAML anchors also let you extend and override an object for a new value by entering <<: before the alias.
Here is an example with a builder:

&base
from: "docker.io/bitnami/node:18"
workdir: /app
builders:
  - <<: *base
    name: module-loader # extension to add the name
    workdir: /tmp/module # override the workdir
    adds:
      - package.json
      - package-lock.json
    script:
      - npm i --production --cache /tmp/cache
    caches:
      - /tmp/cache
    builders: # override the build to null to avoid circular references

This feature is also very useful but could lead to less readable files if not done wisely.

Conclusion

We have seen previously that the YAML format is fully compatible with the JSON one and that it has many additionnal features, but I wrote this article focusing on the human-friendly part of those languages.
This is not the only important aspect for a format.
The permissivity of the YAML format makes it more readable and easy to use (at least to me ^^), but it also can make it less efficient to process in a program...

To look for all the additionnal features see the full specification (at the current date).

Sources:

...



๐Ÿ“Œ Why YAML is better than JSON (read before screaming)


๐Ÿ“ˆ 90.95 Punkte

๐Ÿ“Œ yaml-cpp 0.5.3 YAML File HandleNode Denial of Service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-cpp 0.6.2 YAML File HandleFlowMap denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-cpp 0.5.3 YAML File HandleNode denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-cpp 0.6.2 singledocparser.cpp YAML::SingleDocParser denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-cpp 0.6.2 YAML File HandleFlowSequence denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-cpp 0.6.2 YAML File HandleFlowSequence denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ osbs-client up to 0.56.0 yaml.load() YAML File Remote Code Execution


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ yaml-rust up to 0.4.0 YAML Document load_from_str denial of service


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ ROS Actionlib actionlib/tools/library.py:132 yaml Loader yaml.safe_load input validation


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ CVE-2022-31115 | opensearch-ruby up to 2.0.0 YAML YAML.load deserialization (GHSA-977c-63xq-cgw3)


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ CVE-2022-31605 | NVIDIA NVFLARE up to 2.1.1 YAML File yaml.load deserialization (GHSA-hrf3-622q-8366)


๐Ÿ“ˆ 33.03 Punkte

๐Ÿ“Œ You better watch out, you better not cry. Better not pout, I'm telling you why: SQLite vuln fixes are coming to town


๐Ÿ“ˆ 28.77 Punkte

๐Ÿ“Œ heise+ | Markdown mit YAML und Pandoc in JSON konvertieren


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ Enum4Linux-Ng - A Next Generation Version Of Enum4Linux (A Windows/Samba Enumeration Tool) With Additional Features Like JSON/YAML Export


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ I've just released new version of BaFi (json,bson,yaml,csv,xml converter to any format using templates).


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ Introduction to Jsonnet: The YAML/JSON templating language


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ HPR3252: Simple JSON querying tool (also YAML, and to a lesser extent XML)


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ JSON To YAML Converter Software


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ YAML To JSON Converter Software


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ Convert various formats (json,bson,yaml,csv,xml) to any output format using templates


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ Convert X.509 PEM/DER certificates and GPG keys to JSON or YAML for easier parsing in scripts with JC


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ YAML vs. JSON: Decoding the Differences in Data Structure


๐Ÿ“ˆ 28.14 Punkte

๐Ÿ“Œ Why Surface Go is better for students than iPad (and why it may not be)


๐Ÿ“ˆ 25.85 Punkte

๐Ÿ“Œ Relentless Cyber Attacks Make These A Screaming Buy


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Painful Screaming Payload of DOOM - Hak5 2517


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Screaming Media Siteware 3.1 privilege escalation [CVE-2001-0555]


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Dragged kicking and screaming towards a faster web


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Screaming Deal on Apple iMac 5K: Superb Display with a FREE Computer Inside as Low as $849


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Screaming Frog Log File Analyser 5.3


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Apple stock is a screaming buy


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ Screaming Frog SEO Spider 18.2


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ A Naked Black Hole Is Screaming Through the Universe


๐Ÿ“ˆ 25.45 Punkte











matomo