Use safe_load function to load YAML

In our use case, we are *not* reading arbitrary input that could be malicious. Still, because we know that what we're reading is made up of only dictionaries and lists and not arbitrary Python objects, we might as well use the more restrictive `safe_load` function rather than the `load` function.
anishathalye · Aug 4, 2015 · 4381c4c · 4381c4c
1 parent dcc3a19
commit 4381c4c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/dotbot/config.py b/dotbot/config.py
@@ -8,7 +8,7 @@ def __init__(self, config_file_path):
     def _read(self, config_file_path):
         try:
             with open(config_file_path) as fin:
-                data = yaml.load(fin)
+                data = yaml.safe_load(fin)
             return data
         except Exception as e:
             msg = string.indent_lines(str(e))