Skip to content

Use yaml.safe_load to read the configuration #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 10, 2019
Merged

Use yaml.safe_load to read the configuration #25

merged 1 commit into from
Jul 10, 2019

Conversation

@suutari-ai
Copy link
Member

@suutari-ai suutari-ai commented Jul 10, 2019

Use "yaml.safe_load" rather than the unsafe "yaml.load" to load the
configuration file.

Using bare "yaml.load" allows arbitary commands being executed from the
configuration file, which we probably don't want to allow. See the link
below for details.

This fixes the following deprecation warning:

YAMLLoadWarning: calling yaml.load() without Loader=... is
deprecated, as the default Loader is unsafe. Please read
https://msg.pyyaml.org/load for full details.

@suutari-ai
Use yaml.safe_load to read the configuration
eda5ba9 
Use "yaml.safe_load" rather than the unsafe "yaml.load" to load the
configuration file.

Using bare "yaml.load" allows arbitary commands being executed from the
configuration file, which we probably don't want to allow.  See the link
below for details.

This fixes the following deprecation warning:

    YAMLLoadWarning: calling yaml.load() without Loader=... is
    deprecated, as the default Loader is unsafe. Please read
    https://msg.pyyaml.org/load for full details.
@suutari-ai suutari-ai requested review from RauliL and ehaivala July 10, 2019 12:04
@suutari-ai
Copy link
Member Author

suutari-ai commented Jul 10, 2019

Here's the link for convenience, since GitHub didn't make it clickable in the description: https://msg.pyyaml.org/load

@codecov
Copy link

codecov bot commented Jul 10, 2019
edited
Loading

Codecov Report

Merging #25 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #25   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files          13     13           
  Lines         474    474           
  Branches       97     97           
=====================================
  Hits          474    474
Impacted Files Coverage Δ
database_sanitizer/config.py 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 25c3c73...eda5ba9. Read the comment docs.

@suutari-ai suutari-ai merged commit ace4e08 into andersinno:master Jul 10, 2019
@suutari-ai suutari-ai deleted the yaml-safe-load branch July 10, 2019 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehaivala ehaivala Awaiting requested review from ehaivala

1 more reviewer

@RauliL RauliL RauliL approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suutari-ai @RauliL