From 668062ed07eaba096ec17363bd3f5721707b960b Mon Sep 17 00:00:00 2001 From: Javeme Date: Thu, 11 Feb 2016 14:22:23 +0800 Subject: [PATCH] Use more secure yaml.safe_load() instead of yaml.load() The function yaml.load() provides the ability to construct an arbitrary Python object. For security, we use yaml.safe_load() instead which limits this ability to simple Python objects(like integers or lists). ref: https://en.wikipedia.org/wiki/YAML#Security Change-Id: Iea2a2d79c764d635b02c5d6d36c9a5652010d716 --- tools/simulator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/simulator.py b/tools/simulator.py index 872ac0edd..8c5c85e3b 100755 --- a/tools/simulator.py +++ b/tools/simulator.py @@ -54,7 +54,7 @@ Usage example: def init_random_generator(): data = [] with open('./messages_length.yaml') as m_file: - content = yaml.load(m_file) + content = yaml.safe_load(m_file) data += [int(n) for n in content[ 'test_data']['string_lengths'].split(', ')]