From d124f83643a4aed1e7cb55120f7af1475da2f808 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Tue, 24 Feb 2015 14:03:25 +0100 Subject: [PATCH] Use yaml.safe_load() instead of yaml.load() According to Bandit yaml.safe_load() should be used instead of yaml.load(). Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Change-Id: I7dd536c61ff53bf0b07cf4681df64fbec99140b6 --- cleanup/retf/retf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cleanup/retf/retf.py b/cleanup/retf/retf.py index 1d3596e6..926f66d1 100755 --- a/cleanup/retf/retf.py +++ b/cleanup/retf/retf.py @@ -194,7 +194,7 @@ def load_disabled_rules(src): if src: try: - listing = yaml.load(open(src)) + listing = yaml.safe_load(open(src)) for rule in listing: logger.debug("Rule '%s' is disabled.", rule)