Use yaml.safe_load() instead of yaml.load()

According to Bandit yaml.safe_load() should be used instead of yaml.load(). Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Change-Id: I7dd536c61ff53bf0b07cf4681df64fbec99140b6
2015-02-24 14:03:25 +01:00 · 2015-02-24 14:03:25 +01:00 · d124f83643
parent 658f29cc2e
commit d124f83643
1 changed files with 1 additions and 1 deletions
--- a/cleanup/retf/retf.py
+++ b/cleanup/retf/retf.py
@ -194,7 +194,7 @@ def load_disabled_rules(src):
    if src:
        try:
-            listing = yaml.load(open(src))
+            listing = yaml.safe_load(open(src))
            for rule in listing:
                logger.debug("Rule '%s' is disabled.", rule)