[Fleet] Replace all references to unsafe YML load/dump methods in Fleet codebase (#190659)

## Summary Replaces any unsafe YML operations with their safe alternatives. `load` -> `safeLoad` `dump` -> `safeDump`
2025-04-24 09:48:58 -04:00 · 2024-08-19 11:35:25 -04:00 · 2024-08-19 11:35:25 -04:00 · 439c7fa84c
commit 439c7fa84c
parent 4eeb35d21b
4 changed files with 8 additions and 8 deletions
--- a/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/dataset/ingest_pipeline.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/dataset/ingest_pipeline.ts
@ -5,7 +5,7 @@
 * 2.0.
 */

-import * as yaml from 'js-yaml';
+import { safeDump } from 'js-yaml';

 // NOTE: The install methods will take care of adding a reference to a @custom pipeline. We don't need to add one here.
 export const createDefaultPipeline = (dataset: string, type: string) => {
@ -25,5 +25,5 @@ export const createDefaultPipeline = (dataset: string, type: string) => {
      managed: true,
    },
  };
-  return yaml.dump(pipeline);
+  return safeDump(pipeline);
 };
--- a/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/dataset/manifest.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/dataset/manifest.ts
@ -4,7 +4,7 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
-import * as yaml from 'js-yaml';
+import { safeDump } from 'js-yaml';

 import { convertStringToTitle } from '../../utils';
 import type { AssetOptions } from '../generate';
@ -17,5 +17,5 @@ export const createDatasetManifest = (dataset: string, assetOptions: AssetOption
    title: convertStringToTitle(dataset),
    type,
  };
-  return yaml.dump(manifest);
+  return safeDump(manifest);
 };
--- a/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/manifest.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/custom_integrations/assets/manifest.ts
@ -4,7 +4,7 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
-import * as yaml from 'js-yaml';
+import { safeDump } from 'js-yaml';

 import type { AssetOptions } from './generate';

@ -34,5 +34,5 @@ export const createManifest = (assetOptions: AssetOptions) => {
    },
  };

-  return yaml.dump(manifest);
+  return safeDump(manifest);
 };
--- a/x-pack/plugins/fleet/server/services/epm/packages/utils.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/utils.test.ts
@ -5,7 +5,7 @@
 * 2.0.
 */

-import { dump } from 'js-yaml';
+import { safeDump } from 'js-yaml';

 import type { AssetsMap } from '../../../../common/types';

@ -14,7 +14,7 @@ import type { RegistryDataStream } from '../../../../common';
 import { resolveDataStreamFields } from './utils';

 describe('resolveDataStreamFields', () => {
-  const statusAssetYml = dump([
+  const statusAssetYml = safeDump([
    {
      name: 'apache.status',
      type: 'group',