Use more secure yaml.safe_load() instead of yaml.load()

The function yaml.load() provides the ability to construct an arbitrary
Python object. For security, we use yaml.safe_load() instead which
limits this ability to simple Python objects(like integers or lists).

ref: https://en.wikipedia.org/wiki/YAML#Security

Change-Id: Iea2a2d79c764d635b02c5d6d36c9a5652010d716
This commit is contained in:
Javeme 2016-02-11 14:22:23 +08:00
parent 1cc3b9c80e
commit 668062ed07
1 changed files with 1 additions and 1 deletions

View File

@ -54,7 +54,7 @@ Usage example:
def init_random_generator():
data = []
with open('./messages_length.yaml') as m_file:
content = yaml.load(m_file)
content = yaml.safe_load(m_file)
data += [int(n) for n in content[
'test_data']['string_lengths'].split(', ')]