From 4381c4cabbeb870f3fe18da4e7bbdee9a39c55fd Mon Sep 17 00:00:00 2001
From: Anish Athalye <me@anishathalye.com>
Date: Mon, 3 Aug 2015 17:47:32 -0700
Subject: Use `safe_load` function to load YAML

In our use case, we are *not* reading arbitrary input that could be
malicious. Still, because we know that what we're reading is made up of
only dictionaries and lists and not arbitrary Python objects, we might
as well use the more restrictive `safe_load` function rather than the
`load` function.
---
 dotbot/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'dotbot')

diff --git a/dotbot/config.py b/dotbot/config.py
index a6ee9da..9ecf9ac 100644
--- a/dotbot/config.py
+++ b/dotbot/config.py
@@ -8,7 +8,7 @@ class ConfigReader(object):
     def _read(self, config_file_path):
         try:
             with open(config_file_path) as fin:
-                data = yaml.load(fin)
+                data = yaml.safe_load(fin)
             return data
         except Exception as e:
             msg = string.indent_lines(str(e))
-- 
cgit v1.2.3