From c6813a95faf54ee6f215f4dcdb2c4d2eb33dd999 Mon Sep 17 00:00:00 2001
From: Nguyen Hung Phuong <phuongnh@vn.fujitsu.com>
Date: Tue, 13 Feb 2018 15:09:04 +0700
Subject: [PATCH] Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I1793ee3484f51dd663052e367d86f96f2f7598ea
---
 gertty/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gertty/config.py b/gertty/config.py
index 371d44b..5990b92 100644
--- a/gertty/config.py
+++ b/gertty/config.py
@@ -141,7 +141,7 @@ class Config(object):
             self.printSample()
             sys.exit(1)
 
-        self.config = yaml.load(open(self.path))
+        self.config = yaml.safe_load(open(self.path))
         schema = ConfigSchema().getSchema(self.config)
         schema(self.config)
         server = self.getServer(server)