feat: Use PyYAML's safe_load for better security (#1383)

* Use yaml.safe_load over yaml.full_load in pyhf.utils.options_from_eqdelimstring * Further safeguards against things like CVE-2020-14343 - c.f. PR #1378
scikit-hep · Mar 29, 2021 · df6f53e · df6f53e
1 parent 99212ea
commit df6f53e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/pyhf/utils.py b/src/pyhf/utils.py
@@ -55,7 +55,7 @@ def options_from_eqdelimstring(opts):
     document = '\n'.join(
         f"{opt.split('=', 1)[0]}: {opt.split('=', 1)[1]}" for opt in opts
     )
-    return yaml.full_load(document)
+    return yaml.safe_load(document)
 
 
 class EqDelimStringParamType(click.ParamType):