ets-labs/python-dependency-injector
1
1
Fork 0
mirror of https://github.com/ets-labs/python-dependency-injector.git synced 2025-07-05 21:03:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Replace unsafe yaml.Loader in config.from_yaml

Browse Source 
As I mentioned in [here](https://github.com/ets-labs/python-dependency-injector/issues/369#issuecomment-764913870), Loader is not safe and can be easily exploited.
This commit is contained in:
Stefano Frazzetto 2021-01-21 21:07:55 +00:00 committed by GitHub
parent 349c252b50
commit 2f18e2dce9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/dependency_injector/providers.pyx
View File

@ -1336,7 +1336,7 @@ cdef class ConfigurationOption(Provider):
try: try:
with open(filepath) as opened_file: with open(filepath) as opened_file:
config = yaml.load(opened_file, yaml.Loader) config = yaml.load(opened_file, yaml.SafeLoader)
except IOError: except IOError:
return return