Skip to content

Commit

Permalink
update for attachment as well, using the safe version always
Browse files Browse the repository at this point in the history
  • Loading branch information
ab-smith committed May 12, 2024
1 parent db62217 commit 27b9747
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions backend/library/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ def upload_library(self, request):
attachment = request.FILES["file"]
validate_file_extension(attachment)
# Use safe_load to prevent arbitrary code execution.
library = yaml.safe_load(attachment)
library = yaml.load(attachment, Loader=yaml.CSafeLoader)

# This code doesn't handle the library "dependencies" field yet as decribed in the architecture.

Expand All @@ -151,7 +151,7 @@ def upload_library(self, request):
json.dumps({"error": "libraryAlreadyImportedError"}),
status=HTTP_400_BAD_REQUEST,
)
except:
except yaml.YAMLError:
return HttpResponse(
json.dumps({"error": "invalidLibraryFileError"}),
status=HTTP_400_BAD_REQUEST,
Expand Down

0 comments on commit 27b9747

Please sign in to comment.