Use yaml.safe_load, the safe version of yaml.load (CVE-2017-18342)

Helps with: pyvec#12
encukou · Apr 5, 2019 · c4b127e · c4b127e
1 parent a7edea9
commit c4b127e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/naucse_hooks.py b/naucse_hooks.py
@@ -73,7 +73,7 @@ def _iterate(folder: Path):
         going deeper to folders and yielding link parsed link files
     """
     for child in folder.glob("**/link.yml"):  # type: Path
-        fork = yaml.load(child.read_text())
+        fork = yaml.safe_load(child.read_text())
         yield fork