From 444181c008e7ea76cfe422fe3bd328134975e42e Mon Sep 17 00:00:00 2001
From: Eric Brown <browne@vmware.com>
Date: Sun, 24 Oct 2021 10:58:21 -0700
Subject: [PATCH] Always use a Loader in yaml.load

A recent change within pyyaml 6.0 has enforce use of a Loader argument
to yaml.load [1].

To comply, Bandit will use yaml.load with a Loader always. The plugin
to check for unsafe loaders of yaml module still applies.

[1] https://github.com/yaml/pyyaml/pull/561

Closes #744

Signed-off-by: Eric Brown <browne@vmware.com>
---
 tests/unit/formatters/test_yaml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/unit/formatters/test_yaml.py b/tests/unit/formatters/test_yaml.py
index aad57c63d..aefd4fd12 100644
--- a/tests/unit/formatters/test_yaml.py
+++ b/tests/unit/formatters/test_yaml.py
@@ -70,7 +70,7 @@ def test_report(self, get_issue_list):
                           self.issue.confidence)
 
         with open(self.tmp_fname) as f:
-            data = yaml.load(f.read())
+            data = yaml.load(f.read(), Loader=yaml.SafeLoader)
             self.assertIsNotNone(data['generated_at'])
             self.assertEqual(self.tmp_fname, data['results'][0]['filename'])
             self.assertEqual(self.issue.severity,