Skip to content

Added yaml.safe_load instead of yaml.load #1278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 6, 2021

Conversation

mstfbl
Copy link
Contributor

@mstfbl mstfbl commented Apr 5, 2021

This PR fixes an issue pointed out by Bandit w.r.t. using yaml.load, where it'd allow for unsafe loading of arbitrary objects, by using yaml.safe_load instead.

Bandit output:

>> Issue: [B506:yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
   Severity: Medium   Confidence: High
   Location: ./.circleci/utils/test_sort_yaml.py:14
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b506_yaml_load.html
13	
14	sys.stdout.write(yaml.dump(yaml.load(sys.stdin, Loader=yaml.FullLoader), sort_keys=True))

@codecov
Copy link

codecov bot commented Apr 5, 2021

Codecov Report

Merging #1278 (dbd8538) into master (803651c) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1278   +/-   ##
=======================================
  Coverage   78.80%   78.80%           
=======================================
  Files          67       67           
  Lines        3624     3624           
=======================================
  Hits         2856     2856           
  Misses        768      768           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 803651c...dbd8538. Read the comment docs.

@malfet malfet merged commit c37f8a0 into pytorch:master Apr 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants