From 27b974794780f42ee1b04d3342fe3a087a215520 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sun, 12 May 2024 18:39:03 +0200
Subject: [PATCH] update for attachment as well, using the safe version always

---
 backend/library/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/library/views.py b/backend/library/views.py
index 7baa5e4ae..4124cb947 100644
--- a/backend/library/views.py
+++ b/backend/library/views.py
@@ -133,7 +133,7 @@ def upload_library(self, request):
             attachment = request.FILES["file"]
             validate_file_extension(attachment)
             # Use safe_load to prevent arbitrary code execution.
-            library = yaml.safe_load(attachment)
+            library = yaml.load(attachment, Loader=yaml.CSafeLoader)
 
             # This code doesn't handle the library "dependencies" field yet as decribed in the architecture.
 
@@ -151,7 +151,7 @@ def upload_library(self, request):
                 json.dumps({"error": "libraryAlreadyImportedError"}),
                 status=HTTP_400_BAD_REQUEST,
             )
-        except:
+        except yaml.YAMLError:
             return HttpResponse(
                 json.dumps({"error": "invalidLibraryFileError"}),
                 status=HTTP_400_BAD_REQUEST,