1001Ferramentas
๐Ÿ”„ Validators

YAML Anchor Circular Reference Validator

Detect anchors with circular references (loops) in YAML documents, common in complex Helm/Kubernetes configurations.

YAML anchors, aliases and circular references

YAML lets you reuse data without repeating it. An anchor &name labels a node, an alias *name references it, and the merge key << folds an anchored mapping into another. These are powerful, but they also open the door to circular references โ€” an alias that ultimately resolves back into its own anchor โ€” which can crash or hang a naive parser.

How anchors and aliases work

  • &anchor โ€” defines an anchor on the value that follows it.
  • *anchor โ€” an alias that inserts a copy of the anchored node.
  • <<: *anchor โ€” the merge key, which merges an anchored mapping's keys into the current one.

A circular reference happens when an anchored node contains an alias pointing back to itself, directly or through a chain.

The "Billion Laughs" attack

The classic abuse is the Billion Laughs / YAML-bomb denial-of-service: each anchor references the previous one many times, so a tiny document expands exponentially and exhausts memory or CPU. A truly circular reference is even worse, producing an infinite structure. Safe parsers detect cycles and cap expansion, rejecting such input.

Common pitfalls

  • Loading untrusted YAML with a full-power loader instead of yaml.safe_load.
  • Assuming aliases are always harmless โ€” nested aliases can blow up exponentially.
  • Building a self-referential structure by accident (an alias inside the very node it points to).
  • Relying on a parser that does not cap alias expansion when handling external input.
  • Confusing the merge key << with a normal key named <<.

FAQ

Are anchors and aliases dangerous by themselves? Not inherently โ€” they are useful for DRY config. The danger is uncontrolled expansion or cycles when parsing untrusted input.

How do I parse YAML safely? Use a safe loader (e.g. yaml.safe_load in PyYAML); many parsers also let you disable arbitrary aliasing or cap expansion entirely.

Will a strict YAML parser reject a circular reference? Yes โ€” well-behaved parsers detect the cycle and raise an error rather than looping forever.

Related Tools

โœ…

CPF Validator

Validate Brazilian CPF numbers instantly using the official algorithm. Useful for testing document validation in applications. No data sent to servers.
๐Ÿ“‹

Batch CPF Validator

Validate a list of CPFs (one per line) and see which are valid and which are not. No data sent to servers.
๐Ÿ“‹

Batch CNPJ Validator

Validate a list of CNPJs (one per line) with a summary of valid, invalid and total. No data sent to servers.