GitHub/PyLink
3
0
Fork 0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 09:19:23 +01:00
Code Issues Projects Releases Wiki Activity

Use yaml.safe_load instead of yaml.load to prevent executing arbitrary code (#589)

Browse Source
This commit is contained in:
Jordy Zomer 2018-03-29 21:43:13 +02:00 committed by James Lu
parent 9f6e4306cd
commit 7a1dcbd460
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf.py
View File

@ -118,7 +118,7 @@ def loadConf(filename, errors_fatal=True, logger=None):
confname = os.path.splitext(os.path.basename(filename))[0] confname = os.path.splitext(os.path.basename(filename))[0]
try: try:
with open(filename, 'r') as f: with open(filename, 'r') as f:
conf = yaml.load(f) conf = yaml.safe_load(f)
conf = validateConf(conf, logger=logger) conf = validateConf(conf, logger=logger)
except Exception as e: except Exception as e:
print('ERROR: Failed to load config from %r: %s: %s' % (filename, type(e).__name__, e), file=sys.stderr) print('ERROR: Failed to load config from %r: %s: %s' % (filename, type(e).__name__, e), file=sys.stderr)