diff options
author | Anish Athalye <me@anishathalye.com> | 2015-08-03 17:47:32 -0700 |
---|---|---|
committer | Anish Athalye <me@anishathalye.com> | 2015-08-03 17:47:32 -0700 |
commit | 4381c4cabbeb870f3fe18da4e7bbdee9a39c55fd (patch) | |
tree | 4455e22c61def72ce43428fa0ab48eb7ff082f67 /dotbot | |
parent | dcc3a1947a85aaa038d143f9f6a0c2a1c1a76a15 (diff) |
Use `safe_load` function to load YAML
In our use case, we are *not* reading arbitrary input that could be
malicious. Still, because we know that what we're reading is made up of
only dictionaries and lists and not arbitrary Python objects, we might
as well use the more restrictive `safe_load` function rather than the
`load` function.
Diffstat (limited to 'dotbot')
-rw-r--r-- | dotbot/config.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/dotbot/config.py b/dotbot/config.py index a6ee9da..9ecf9ac 100644 --- a/dotbot/config.py +++ b/dotbot/config.py @@ -8,7 +8,7 @@ class ConfigReader(object): def _read(self, config_file_path): try: with open(config_file_path) as fin: - data = yaml.load(fin) + data = yaml.safe_load(fin) return data except Exception as e: msg = string.indent_lines(str(e)) |