Use more secure yaml.safe_load() instead of yaml.load()

The function yaml.load() provides the ability to construct an arbitrary Python object. For security, we use yaml.safe_load() instead which limits this ability to simple Python objects(like integers or lists). ref: https://en.wikipedia.org/wiki/YAML#Security Change-Id: Iea2a2d79c764d635b02c5d6d36c9a5652010d716
2016-02-11 14:22:23 +08:00 · 2016-02-11 14:22:23 +08:00 · 668062ed07
commit 668062ed07
parent 1cc3b9c80e
1 changed files with 1 additions and 1 deletions
--- a/tools/simulator.py
+++ b/tools/simulator.py
@ -54,7 +54,7 @@ Usage example:
 def init_random_generator():
    data = []
    with open('./messages_length.yaml') as m_file:
-        content = yaml.load(m_file)
+        content = yaml.safe_load(m_file)
        data += [int(n) for n in content[
            'test_data']['string_lengths'].split(', ')]