Use safe_load instead of normal load when reading yaml files

Grokzen · Feb 6, 2018 · 74afb81 · 74afb81
1 parent 6ac2b9c
commit 74afb81
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/pykwalify/core.py b/pykwalify/core.py
@@ -69,7 +69,7 @@ def __init__(self, source_file=None, schema_files=None, source_data=None, schema
                 if source_file.endswith(".json"):
                     self.source = json.load(stream)
                 elif source_file.endswith(".yaml") or source_file.endswith('.yml'):
-                    self.source = yaml.load(stream)
+                    self.source = yaml.safe_load(stream)
                 else:
                     raise CoreError(u"Unable to load source_file. Unknown file format of specified file path: {0}".format(source_file))
 
@@ -87,7 +87,7 @@ def __init__(self, source_file=None, schema_files=None, source_data=None, schema
                     if f.endswith(".json"):
                         data = json.load(stream)
                     elif f.endswith(".yaml") or f.endswith(".yml"):
-                        data = yaml.load(stream)
+                        data = yaml.safe_load(stream)
                         if not data:
                             raise CoreError(u"No data loaded from file : {0}".format(f))
                     else:

diff --git a/tests/test_core.py b/tests/test_core.py
@@ -525,7 +525,7 @@ def test_core_files(self):
         for passing_test_file in pass_tests:
             f = self.f(os.path.join("success", passing_test_file))
             with open(f, "r") as stream:
-                yaml_data = yaml.load_all(stream)
+                yaml_data = yaml.safe_load_all(stream)
 
                 for document_index, document in enumerate(yaml_data):
                     data = document["data"]
@@ -546,7 +546,7 @@ def test_core_files(self):
         for failing_test, exception_type in _fail_tests:
             f = self.f(os.path.join("fail", failing_test))
             with open(f, "r") as stream:
-                yaml_data = yaml.load_all(stream)
+                yaml_data = yaml.safe_load_all(stream)
 
                 for document_index, document in enumerate(yaml_data):
                     data = document["data"]

diff --git a/tests/test_unicode.py b/tests/test_unicode.py
@@ -65,7 +65,7 @@ def test_files_with_unicode_content_success(self, tmpdir):
             f = self.f(passing_test_files)
 
             with open(f, "r") as stream:
-                yaml_data = yaml.load(stream)
+                yaml_data = yaml.safe_load(stream)
                 data = yaml_data["data"]
                 schema = yaml_data["schema"]
 
@@ -120,7 +120,7 @@ def test_files_with_unicode_content_failing(self, tmpdir):
             f = self.f(failing_test)
 
             with open(f, "r") as stream:
-                yaml_data = yaml.load(stream)
+                yaml_data = yaml.safe_load(stream)
                 data = yaml_data["data"]
                 schema = yaml_data["schema"]
                 errors = yaml_data["errors"]