luke
/
prjxray
mirror of https://github.com/openXC7/prjxray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

utils: xyaml: Do not use deprecated function 

From the official PyYAML documentation:

"Warning: It is not safe to call yaml.load with any data received from an
untrusted source! yaml.load is as powerful as pickle.load and so may call
any Python function. Check the yaml.safe_load function though."

Signed-off-by: Daniel Schultz <d.schultz@phytec.de>
This commit is contained in:
Daniel Schultz 2021-01-05 23:36:24 +01:00
parent d3fba0c6a0
commit ec15a221d6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/xyaml.py
View File

@ -23,7 +23,7 @@ def load(f):
data = data.decode('utf-8') data = data.decode('utf-8')
# Strip out of !<tags> # Strip out of !<tags>
data = re.sub("!<[^>]*>", "", data) data = re.sub("!<[^>]*>", "", data)
return yaml.load(io.StringIO(data)) return yaml.safe_load(io.StringIO(data))
def tojson(f): def tojson(f):