From c1c3625814e028261586dedc733a6da66b8a3955 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Fri, 24 May 2024 04:28:35 +0000
Subject: [PATCH] Replace unsafe `pyyaml` loader with `SafeLoader`

---
 .../normalization/transform_catalog/transform.py             | 2 +-
 .../normalization/transform_config/transform.py              | 2 +-
 .../connector_acceptance_test/utils/common.py                | 5 +++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/airbyte-integrations/bases/base-normalization/normalization/transform_catalog/transform.py b/airbyte-integrations/bases/base-normalization/normalization/transform_catalog/transform.py
index b21acb69b2e3..f3748fd1f494 100644
--- a/airbyte-integrations/bases/base-normalization/normalization/transform_catalog/transform.py
+++ b/airbyte-integrations/bases/base-normalization/normalization/transform_catalog/transform.py
@@ -73,7 +73,7 @@ def update_dbt_project_vars(self, **vars_config: Dict[str, Any]):
 
 def read_profiles_yml(profile_dir: str) -> Any:
     with open(os.path.join(profile_dir, "profiles.yml"), "r") as file:
-        config = yaml.load(file, Loader=yaml.FullLoader)
+        config = yaml.load(file, Loader=yaml.SafeLoader)
         obj = config["normalize"]["outputs"]["prod"]
         return obj
 
diff --git a/airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py b/airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py
index 7c14e02f6490..f25e95dee512 100644
--- a/airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py
+++ b/airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py
@@ -47,7 +47,7 @@ def transform(self, integration_type: DestinationType, config: Dict[str, Any]):
         data = pkgutil.get_data(self.__class__.__module__.split(".")[0], "transform_config/profile_base.yml")
         if not data:
             raise FileExistsError("Failed to load profile_base.yml")
-        base_profile = yaml.load(data, Loader=yaml.FullLoader)
+        base_profile = yaml.load(data, Loader=yaml.SafeLoader)
 
         transformed_integration_config = {
             DestinationType.BIGQUERY.value: self.transform_bigquery,
diff --git a/airbyte-integrations/bases/connector-acceptance-test/connector_acceptance_test/utils/common.py b/airbyte-integrations/bases/connector-acceptance-test/connector_acceptance_test/utils/common.py
index 929309ca0e67..4423d9e0bb2e 100644
--- a/airbyte-integrations/bases/connector-acceptance-test/connector_acceptance_test/utils/common.py
+++ b/airbyte-integrations/bases/connector-acceptance-test/connector_acceptance_test/utils/common.py
@@ -10,6 +10,7 @@
 
 import pytest
 from yaml import load
+import yaml
 
 try:
     from yaml import CLoader as Loader
@@ -34,7 +35,7 @@ def load_config(path: str) -> Config:
         pytest.fail(f"config file {path.absolute()} does not exist")
 
     with open(str(path), "r") as file:
-        data = load(file, Loader=Loader)
+        data = load(file, Loader=yaml.SafeLoader)
         return Config.parse_obj(data)
 
 
@@ -103,7 +104,7 @@ def load_yaml_or_json_path(path: Path):
         if file_ext == ".json":
             return json.loads(file_data)
         elif file_ext == ".yaml":
-            return load(file_data, Loader=Loader)
+            return load(file_data, Loader=yaml.SafeLoader)
         else:
             raise RuntimeError("path must be a '.yaml' or '.json' file")