config: use yaml.safe_load() (!7) · Merge requests · Information Services / DevOps / Lecture Capture / Event Scheduler

Dr Rich Wareham requested to merge issue-3-yaml-safe-load into master Feb 04, 2019

The default yaml.load() function allows creation of arbitrary Python objects. Since we're using YAML as a passive configuration file format, use safe_load() instead.

This vulnerability was found using the GitLab SAST scanner.

Closes #3 (closed).

config: use yaml.safe_load()

Merge request reports