Use yaml.safe_load rather than yaml.load for security.

jammycakes · jammycakes · commit 3aa4727c7c75 · 2018-02-17T16:38:49.000Z
diff --git a/lambda_tools/configuration.py b/lambda_tools/configuration.py
@@ -329,7 +329,7 @@ def upgrade(data):
 
 def load(filename):
     with open(filename) as f:
-        raw_data = yaml.load(f)
+        raw_data = yaml.safe_load(f)
         data = upgrade(raw_data)
         config = mapper.parse(Configuration, data)
         config.root = os.path.dirname(filename)
diff --git a/tests/test_configuration.py b/tests/test_configuration.py
@@ -11,7 +11,7 @@
 def load_yaml(filename):
     testfile = os.path.join(os.path.dirname(__file__), filename)
     with open(testfile) as f:
-        return yaml.load(f)
+        return yaml.safe_load(f)
 
 class TestSchema(unittest.TestCase):
 
