Fix code execution vulnerability by switching to yaml.safe_load

Ref: yaml/pyyaml#5
ypid · Feb 21, 2017 · 77004f6 · 77004f6
1 parent ade5c2b
commit 77004f6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ansigenome/utils.py b/ansigenome/utils.py
@@ -212,9 +212,9 @@ def yaml_load(path, input="", err_quit=False):
     """
     try:
         if len(input) > 0:
-            return yaml.load(input)
+            return yaml.safe_load(input)
         elif len(path) > 0:
-            return yaml.load(file_to_string(path))
+            return yaml.safe_load(file_to_string(path))
     except Exception as err:
         file = os.path.basename(path)
         ui.error("",