Use yaml.safe_load for untrusted yaml input (#651)

ros-infrastructure · Jan 24, 2019 · 38a839f · 38a839f
1 parent 30a631f
commit 38a839f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/rosdep2/loader.py b/src/rosdep2/loader.py
@@ -55,7 +55,7 @@ def load_rosdep_yaml(self, yaml_contents, origin):
         :raises: :exc:`yaml.YAMLError`
         """
         try:
-            return yaml.load(yaml_contents)
+            return yaml.safe_load(yaml_contents)
         except yaml.YAMLError as e:
             raise InvalidData('Invalid YAML in [%s]: %s' % (origin, e), origin=origin)