The code was done in a hurry for a conference, and this needed to be fixed.
According to the help: safe_load(stream) Parse the first YAML document in a stream and produce the corresponding Python object. Resolve only basic YAML tags. This is known to be safe for untrusted input. So this should normally be safe for untrusted yaml input. Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> --- data/lineageos_wiki/find_lineageos_devices.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/lineageos_wiki/find_lineageos_devices.py b/data/lineageos_wiki/find_lineageos_devices.py index c75da3b..e1ce72a 100755 --- a/data/lineageos_wiki/find_lineageos_devices.py +++ b/data/lineageos_wiki/find_lineageos_devices.py @@ -280,7 +280,7 @@ def find_devices(path): filepath = path + os.sep + basedir + os.sep + filename if re.search("\.yml$", filepath): yaml_file = open(filepath, 'r') - document = yaml.load(yaml_file) + document = yaml.safe_load(yaml_file) if still_supported(document) and interesting_for_replicant(document): store_infos(results, document) print_results(results) -- 2.25.2 _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant