Use `safe_load` function to load YAML

In our use case, we are *not* reading arbitrary input that could be
malicious. Still, because we know that what we're reading is made up of
only dictionaries and lists and not arbitrary Python objects, we might
as well use the more restrictive `safe_load` function rather than the
`load` function.
pull/45/merge v1.6.1
Anish Athalye 8 years ago
parent dcc3a1947a
commit 4381c4cabb
  1. 2
      dotbot/config.py

@ -8,7 +8,7 @@ class ConfigReader(object):
def _read(self, config_file_path):
try:
with open(config_file_path) as fin:
data = yaml.load(fin)
data = yaml.safe_load(fin)
return data
except Exception as e:
msg = string.indent_lines(str(e))

Loading…
Cancel
Save