use safe load instead of load

bbengfort · Nov 11, 2017 · 8cc86a5 · 8cc86a5
1 parent aac6d50
commit 8cc86a5
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 9 deletions.
diff --git a/confire/config.py b/confire/config.py
@@ -143,7 +143,7 @@ def load(klass):
         for path in klass.CONF_PATHS:
             if os.path.exists(path):
                 with open(path, 'r') as conf:
-                    config.configure(yaml.load(conf))
+                    config.configure(yaml.safe_load(conf))
         return config
 
     def configure(self, conf={}):

diff --git a/tests/test_conf.py b/tests/test_conf.py
@@ -1,4 +1,4 @@
-# tests.conf_tests
+# tests.test_conf
 # Testing the configuration module for Confire
 #
 # Author:   Benjamin Bengfort <benjamin@bengfort.com>
@@ -7,7 +7,7 @@
 # Copyright (C) 2014 Bengfort.com
 # For license information, see LICENSE.txt
 #
-# ID: conf_tests.py [] benjamin@bengfort.com $
+# ID: test_conf.py [] benjamin@bengfort.com $
 
 """
 Testing the configuration module for Confire

diff --git a/tests/test_descriptors.py b/tests/test_descriptors.py
@@ -1,4 +1,4 @@
-# tests.descriptors_tests
+# tests.test_descriptors
 # Implements a base SettingsDescriptor for advanced configurations
 #
 # Author:   Benjamin Bengfort <benjamin@bengfort.com>
@@ -7,7 +7,7 @@
 # Copyright (C) 2015 Bengfort.com
 # For license information, see LICENSE.txt
 #
-# ID: descriptors_tests.py [] benjamin@bengfort.com $
+# ID: test_descriptors.py [] benjamin@bengfort.com $
 
 """
 Implements a base SettingsDescriptor for advanced configurations

diff --git a/tests/test_environ.py b/tests/test_environ.py
@@ -1,4 +1,4 @@
-# tests.environ_tests
+# tests.test_environ
 # Tests the environment configuration ability
 #
 # Author:   Benjamin Bengfort <benjamin@bengfort.com>
@@ -7,7 +7,7 @@
 # Copyright (C) 2014 Bengfort.com
 # For license information, see LICENSE.txt
 #
-# ID: environ_tests.py [] benjamin@bengfort.com $
+# ID: test_environ.py [] benjamin@bengfort.com $
 
 """
 Tests the environment configuration ability

diff --git a/tests/test_paths.py b/tests/test_paths.py
@@ -1,4 +1,4 @@
-# tests.paths_tests
+# tests.test_paths
 # Testing the paths descriptor
 #
 # Author:   Benjamin Bengfort <benjamin@bengfort.com>
@@ -7,7 +7,7 @@
 # Copyright (C) 2014 Bengfort.com
 # For license information, see LICENSE.txt
 #
-# ID: paths_tests.py [] benjamin@bengfort.com $
+# ID: test_paths.py [] benjamin@bengfort.com $
 
 """
 Testing the paths descriptor

diff --git a/tests/test_safety.py b/tests/test_safety.py
@@ -0,0 +1,40 @@
+# tests.test_safety
+# Test that we're using safe methods
+#
+# Author:   Benjamin Bengfort <benjamin@bengfort.com>
+# Created:  Fri Nov 10 12:22:35 2017 -0500
+#
+# Copyright (C) 2014 Bengfort.com
+# For license information, see LICENSE.txt
+#
+# ID: test_safety.py [] benjamin@bengfort.com $
+
+"""
+Testing the paths descriptor
+"""
+
+##########################################################################
+## Imports
+##########################################################################
+
+import os
+
+from unittest import mock
+
+
+# Cannot import from test_conf.py to ensure correct mock
+TESTDATA = os.path.join(os.path.dirname(__file__), "testdata")
+TESTCONF = os.path.join(TESTDATA, "testconf.yaml")
+
+
+@mock.patch('confire.config.yaml')
+def test_use_yaml_safe_load(mock_yaml):
+    """
+    Ensure we're using yaml.safe_load not yaml.load
+    """
+    from confire.config import Configuration
+    Configuration.CONF_PATHS = [TESTCONF]
+    Configuration.load()
+
+    mock_yaml.safe_load.assert_called_once()
+    mock_yaml.load.assert_not_called()