From 2216fa9bd0bfa1dca809b42293234b75230d343e Mon Sep 17 00:00:00 2001 From: thinkAmi Date: Thu, 14 Feb 2019 23:40:40 +0900 Subject: [PATCH] =?UTF-8?q?yaml.load()=E3=82=92yaml.safe=5Fload()=E3=81=AB?= =?UTF-8?q?=E5=B7=AE=E3=81=97=E6=9B=BF=E3=81=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GitHubで CVE-2017-18342 のアラートが出ていた。 対応策として以下のissueがあった。 - https://github.com/yaml/pyyaml/issues/193#issuecomment-457387449 - https://github.com/yaml/pyyaml/issues/207#issuecomment-457146429 そのため、yaml.safe_load()へと差し替えた --- apps/cultivar/apple.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cultivar/apple.py b/apps/cultivar/apple.py index b752a08..44de21f 100644 --- a/apps/cultivar/apple.py +++ b/apps/cultivar/apple.py @@ -10,7 +10,7 @@ def __init__(self): def load_cultivars(self) -> dict: """ プロジェクト直下にあるapples.yamlから品種名を取得する """ with open(os.path.join(settings.BASE_DIR, 'apples.yaml'), 'r', encoding='utf-8') as f: - cultivars = yaml.load(f) + cultivars = yaml.safe_load(f) return cultivars def get_color(self, cultivar: str) -> str: