From 1833897d18fe0930984215372e1343cff1531b61 Mon Sep 17 00:00:00 2001
From: lhinds <lhinds@redhat.com>
Date: Sat, 8 Jul 2017 16:51:27 +0100
Subject: Utilize yaml.safe_load

The patch changes instances of yaml.load with yaml.safe_load
which is more secure at blocking arbitrary code execution.

The following blog has a decent explaination:

https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html

Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2
Signed-off-by: lhinds <lhinds@redhat.com>
---
 repo/gen_ins_pkg_script.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'repo')

diff --git a/repo/gen_ins_pkg_script.py b/repo/gen_ins_pkg_script.py
index 38d08c23..9af34143 100644
--- a/repo/gen_ins_pkg_script.py
+++ b/repo/gen_ins_pkg_script.py
@@ -32,7 +32,7 @@ def get_packages_name_list(file_list, special_packages):
     package_name_list = []
 
     for file in file_list:
-        datas = yaml.load(open(file))
+        datas = yaml.safe_load(open(file))
         if not datas:
             continue
 
-- 
cgit 1.2.3-korg