From c81b1cbc20f9b52e09621573d3b34b7a6b7dbd73 Mon Sep 17 00:00:00 2001
From: kevinlondon <kevinlondon@gmail.com>
Date: Sun, 20 Sep 2015 19:41:20 -0700
Subject: [PATCH 1/2] Switch from yaml.load to yaml.safe_load for security.

---
 ua_parser/user_agent_parser.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ua_parser/user_agent_parser.py b/ua_parser/user_agent_parser.py
index ca7954b..888f78a 100644
--- a/ua_parser/user_agent_parser.py
+++ b/ua_parser/user_agent_parser.py
@@ -170,7 +170,7 @@ def _repl(m):
           if index < len(group):
             return group[index]
           return ''
-          
+
         _string = re.sub(r'\$(\d)', _repl, string)
         _string = re.sub(r'^\s+|\s+$', '', _string)
         if _string == '':
@@ -180,7 +180,7 @@ def _repl(m):
     def Parse(self, user_agent_string):
         device, brand, model = None, None, None
         match = self.user_agent_re.search(user_agent_string)
-        if match:            
+        if match:
             if self.device_replacement:
                 device = self.MultiReplace(self.device_replacement, match)
             else:
@@ -444,7 +444,7 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
     import yaml
 
     yamlFile = open(UA_PARSER_YAML)
-    regexes = yaml.load(yamlFile)
+    regexes = yaml.safe_load(yamlFile)
     yamlFile.close()
 
 # If UA_PARSER_YAML is not specified, load regexes from regexes.json before
@@ -458,7 +458,7 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
         import yaml
 
         yamlFile = open(yamlPath)
-        regexes = yaml.load(yamlFile)
+        regexes = yaml.safe_load(yamlFile)
         yamlFile.close()
 
 

From 9f68bc82085179844ea694810c0e55ad3abd66fc Mon Sep 17 00:00:00 2001
From: kevinlondon <kevinlondon@gmail.com>
Date: Mon, 21 Sep 2015 13:05:16 -0700
Subject: [PATCH 2/2] Replace setup with a safer version of load as well.

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index b7103bd..9b5a22b 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@ def install_regexes():
     import json
     import yaml
     json_dest = yaml_dest.replace('.yaml', '.json')
-    regexes = yaml.load(open(yaml_dest))
+    regexes = yaml.safe_load(open(yaml_dest))
     with open(json_dest, "w") as f:
         json.dump(regexes, f)