Merge pull request #281 from fecgov/use-yaml-safe-load

Use `yaml.safe_load()` instead of `load()`
marshmallow-code · Sep 8, 2018 · e9f10e2 · e9f10e2
2 parents 5ed0e91 + 56fe1c6
commit e9f10e2
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/AUTHORS.rst b/AUTHORS.rst
@@ -51,3 +51,4 @@ Contributors (chronological)
 - Christina Long `@cvlong <https://github.com/cvlong>`_
 - Felix Yan `@felixonmars <https://github.com/felixonmars>`_
 - Guoli Lyu `@Guoli-Lyu <https://github.com/Guoli-Lyu>`_
+- Laura Beaufort `@lbeaufort <https://github.com/lbeaufort>`_
diff --git a/apispec/yaml_utils.py b/apispec/yaml_utils.py
@@ -46,7 +46,7 @@ def load_yaml_from_docstring(docstring):
 
     yaml_string = '\n'.join(split_lines[cut_from:])
     yaml_string = dedent(yaml_string)
-    return yaml.load(yaml_string) or {}
+    return yaml.safe_load(yaml_string) or {}
 
 
 PATH_KEYS = set([

diff --git a/docs/special_topics.rst b/docs/special_topics.rst
@@ -87,7 +87,7 @@ Here is an example that includes a `Security Scheme Object <https://github.com/O
           bearerFormat: JWT
     """
 
-    settings = yaml.load(OPENAPI_SPEC)
+    settings = yaml.safe_load(OPENAPI_SPEC)
     # retrieve  title, version, and openapi version
     title = settings['info'].pop('title')
     spec_version = settings['info'].pop('version')

diff --git a/tests/test_core.py b/tests/test_core.py
@@ -163,7 +163,7 @@ def test_to_yaml(self, spec):
             properties=self.properties,
             enum=enum,
         )
-        assert spec.to_dict() == yaml.load(spec.to_yaml())
+        assert spec.to_dict() == yaml.safe_load(spec.to_yaml())
 
 class TestPath:
     paths = {