Switch from yaml.load to yaml.safe_load for security.

kevinlondon · kevinlondon · commit c81b1cbc20f9 · 2015-09-20T19:41:20.000-07:00
diff --git a/ua_parser/user_agent_parser.py b/ua_parser/user_agent_parser.py
@@ -170,7 +170,7 @@ def _repl(m):
           if index < len(group):
             return group[index]
           return ''
-          
+
         _string = re.sub(r'\$(\d)', _repl, string)
         _string = re.sub(r'^\s+|\s+$', '', _string)
         if _string == '':
@@ -180,7 +180,7 @@ def _repl(m):
     def Parse(self, user_agent_string):
         device, brand, model = None, None, None
         match = self.user_agent_re.search(user_agent_string)
-        if match:            
+        if match:
             if self.device_replacement:
                 device = self.MultiReplace(self.device_replacement, match)
             else:
@@ -444,7 +444,7 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
     import yaml
 
     yamlFile = open(UA_PARSER_YAML)
-    regexes = yaml.load(yamlFile)
+    regexes = yaml.safe_load(yamlFile)
     yamlFile.close()
 
 # If UA_PARSER_YAML is not specified, load regexes from regexes.json before
@@ -458,7 +458,7 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
         import yaml
 
         yamlFile = open(yamlPath)
-        regexes = yaml.load(yamlFile)
+        regexes = yaml.safe_load(yamlFile)
         yamlFile.close()
 
 
