The code was done in a hurry for a conference, and this needed
to be fixed.
According to the help:
safe_load(stream)
Parse the first YAML document in a stream
and produce the corresponding Python object.
Resolve only basic YAML tags. This is known
to be safe for untrusted input.
So this should normally be safe for untrusted yaml input.
Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org>
---
data/lineageos_wiki/find_lineageos_devices.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/lineageos_wiki/find_lineageos_devices.py
b/data/lineageos_wiki/find_lineageos_devices.py
index c75da3b..e1ce72a 100755
--- a/data/lineageos_wiki/find_lineageos_devices.py
+++ b/data/lineageos_wiki/find_lineageos_devices.py
@@ -280,7 +280,7 @@ def find_devices(path):
filepath = path + os.sep + basedir + os.sep + filename
if re.search("\.yml$", filepath):
yaml_file = open(filepath, 'r')
- document = yaml.load(yaml_file)
+ document = yaml.safe_load(yaml_file)
if still_supported(document) and
interesting_for_replicant(document):
store_infos(results, document)
print_results(results)
--
2.25.2
_______________________________________________
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant
