From fa8889403637dd04cf3d35954412ffd8a07efd09 Mon Sep 17 00:00:00 2001 From: Roey Prat Date: Thu, 22 Aug 2019 15:46:56 +0300 Subject: [PATCH] RED-32089 safe load the yaml. According to py-yaml docs, it is not safe to call yaml.load with any data received from an untrusted source. (cherry picked from commit 91d749585bc3546927dee51bf702cb24d20703d8) --- log_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log_collector.py b/log_collector.py index e4d10ec..7db811a 100755 --- a/log_collector.py +++ b/log_collector.py @@ -232,7 +232,7 @@ def get_namespace_from_config(): if rc: return - config = yaml.load(out) + config = yaml.safe_load(out) current_context = config.get('current-context') if not current_context: return