diff options
| author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2019-08-20 18:21:49 +0300 |
|---|---|---|
| committer | Geert Uytterhoeven <geert+renesas@glider.be> | 2021-02-11 12:45:27 +0100 |
| commit | 0f5fc51afb7d9edadb332275b171187e6474f144 (patch) | |
| tree | 73717db1e7c7e0e763163d224b7508475e100273 /scripts | |
| parent | e9d7442f1cc9b8d39cbf42f33b27dfa94f51bc81 (diff) | |
scripts: Use yaml.safe_load()
Before PyYAWL 4.1, yaml.load() can load to arbitrary code execution.
yaml.safe_load() is recommended as a safe alternative. Starting at v4.1,
yaml.load() calls yaml.safe_load().
See https://seclists.org/oss-sec/2018/q2/240 for more information.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/view.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/view.py b/scripts/view.py index 48c6f71..655d474 100755 --- a/scripts/view.py +++ b/scripts/view.py @@ -80,7 +80,7 @@ class viewer(base.base): #-------------------- def set_data(self, file): F = open(file, "r+") - self.data = yaml.load(F) + self.data = yaml.safe_load(F) F.close() self.file = file |