Use safe_load function to load YAML

In our use case, we are *not* reading arbitrary input that could be malicious. Still, because we know that what we're reading is made up of only dictionaries and lists and not arbitrary Python objects, we might as well use the more restrictive `safe_load` function rather than the `load` function.
2024-06-28 11:41:11 -04:00 · 2015-08-03 17:47:32 -07:00 · 2015-08-03 17:47:32 -07:00 · 32a1ea49b7
parent dcc3a1947a
commit 32a1ea49b7
1 changed files with 1 additions and 1 deletions
--- a/dotbot/config.py
+++ b/dotbot/config.py
@ -8,7 +8,7 @@ class ConfigReader(object):
    def _read(self, config_file_path):
        try:
            with open(config_file_path) as fin:
-                data = yaml.load(fin)
+                data = yaml.safe_load(fin)
            return data
        except Exception as e:
            msg = string.indent_lines(str(e))