Use `safe_load` function to load YAML

In our use case, we are *not* reading arbitrary input that could be malicious. Still, because we know that what we're reading is made up of only dictionaries and lists and not arbitrary Python objects, we might as well use the more restrictive `safe_load` function rather than the `load` function.
author: Anish Athalye <me@anishathalye.com> 2015-08-03 17:47:32 -0700
committer: Anish Athalye <me@anishathalye.com> 2015-08-03 17:47:32 -0700
commit: 4381c4cabbeb870f3fe18da4e7bbdee9a39c55fd (patch)
tree: 4455e22c61def72ce43428fa0ab48eb7ff082f67 /dotbot
parent: dcc3a1947a85aaa038d143f9f6a0c2a1c1a76a15 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/dotbot/config.py b/dotbot/config.py
index a6ee9da..9ecf9ac 100644
--- a/dotbot/config.py
+++ b/dotbot/config.py
@@ -8,7 +8,7 @@ class ConfigReader(object):
     def _read(self, config_file_path):
         try:
             with open(config_file_path) as fin:
-                data = yaml.load(fin)
+                data = yaml.safe_load(fin)
             return data
         except Exception as e:
             msg = string.indent_lines(str(e))
author	Anish Athalye <me@anishathalye.com>	2015-08-03 17:47:32 -0700
committer	Anish Athalye <me@anishathalye.com>	2015-08-03 17:47:32 -0700
commit	4381c4cabbeb870f3fe18da4e7bbdee9a39c55fd (patch)
tree	4455e22c61def72ce43428fa0ab48eb7ff082f67 /dotbot
parent	dcc3a1947a85aaa038d143f9f6a0c2a1c1a76a15 (diff)