psi-jack/dotbot
1
0
Fork 0
mirror of synced 2024-06-30 12:41:09 -04:00
Code Issues Releases Wiki Activity

Use safe_load function to load YAML

Browse source 
In our use case, we are *not* reading arbitrary input that could be
malicious. Still, because we know that what we're reading is made up of
only dictionaries and lists and not arbitrary Python objects, we might
as well use the more restrictive `safe_load` function rather than the
`load` function.
This commit is contained in:
Anish Athalye 2015-08-03 17:47:32 -07:00
parent dcc3a1947a
commit 32a1ea49b7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dotbot/config.py
View file

@ -8,7 +8,7 @@ class ConfigReader(object):
def _read(self, config_file_path): def _read(self, config_file_path):
try: try:
with open(config_file_path) as fin: with open(config_file_path) as fin:
data = yaml.load(fin) data = yaml.safe_load(fin)
return data return data
except Exception as e: except Exception as e:
msg = string.indent_lines(str(e)) msg = string.indent_lines(str(e))