From 1833897d18fe0930984215372e1343cff1531b61 Mon Sep 17 00:00:00 2001 From: lhinds Date: Sat, 8 Jul 2017 16:51:27 +0100 Subject: Utilize yaml.safe_load The patch changes instances of yaml.load with yaml.safe_load which is more secure at blocking arbitrary code execution. The following blog has a decent explaination: https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2 Signed-off-by: lhinds --- build/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'build') diff --git a/build/parser.py b/build/parser.py index 602d7c21..63eb494f 100644 --- a/build/parser.py +++ b/build/parser.py @@ -80,7 +80,7 @@ def usage(): def build_parser(build_file_name): cache = load_env() - cfg = yaml.load(file(build_file_name, 'r')) + cfg = yaml.safe_load(file(build_file_name, 'r')) print "Starting building...." for pkg in cfg.get("packages"): -- cgit 1.2.3-korg