Use `safe_load` function to load YAML
In our use case, we are *not* reading arbitrary input that could be malicious. Still, because we know that what we're reading is made up of only dictionaries and lists and not arbitrary Python objects, we might as well use the more restrictive `safe_load` function rather than the `load` function.
This commit is contained in:
Anish Athalye
parent
dcc3a1947a
commit
4381c4cabb
|
|
@ -8,7 +8,7 @@ class ConfigReader(object):
|
||||||
def _read(self, config_file_path):
|
def _read(self, config_file_path):
|
||||||
try:
|
try:
|
||||||
with open(config_file_path) as fin:
|
with open(config_file_path) as fin:
|
||||||
data = yaml.load(fin)
|
data = yaml.safe_load(fin)
|
||||||
return data
|
return data
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
msg = string.indent_lines(str(e))
|
msg = string.indent_lines(str(e))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue