From 0f5fc51afb7d9edadb332275b171187e6474f144 Mon Sep 17 00:00:00 2001
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Tue, 20 Aug 2019 18:21:49 +0300
Subject: scripts: Use yaml.safe_load()

Before PyYAWL 4.1, yaml.load() can load to arbitrary code execution.
yaml.safe_load() is recommended as a safe alternative. Starting at v4.1,
yaml.load() calls yaml.safe_load().

See https://seclists.org/oss-sec/2018/q2/240 for more information.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
---
 scripts/view.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'scripts')

diff --git a/scripts/view.py b/scripts/view.py
index 48c6f71..655d474 100755
--- a/scripts/view.py
+++ b/scripts/view.py
@@ -80,7 +80,7 @@ class viewer(base.base):
     #--------------------
     def set_data(self, file):
         F = open(file, "r+")
-        self.data = yaml.load(F)
+        self.data = yaml.safe_load(F)
         F.close()
         self.file = file
 
-- 
cgit v1.2.3