Fixing LCM vulnerabilities

[osm/LCM.git] / osm_lcm / ROclient.py

diff --git a/osm_lcm/ROclient.py b/osm_lcm/ROclient.py
index 32dd1bf..e3cb7f7 100644 (file)
--- a/osm_lcm/ROclient.py
+++ b/osm_lcm/ROclient.py
@@ -190,7 +190,7 @@ class ROClient:
             )
         if descriptor_format != "json":
             try:
-                return yaml.load(descriptor)
+                return yaml.safe_load(descriptor)
             except yaml.YAMLError as exc:
                 error_pos = ""
                 if hasattr(exc, "problem_mark"):
@@ -214,7 +214,7 @@ class ROClient:
     def _parse_error_yaml(descriptor):
         json_error = None
         try:
-            json_error = yaml.load(descriptor, Loader=yaml.Loader)
+            json_error = yaml.safe_load(descriptor)
             return json_error["error"]["description"]
         except Exception:
             return str(json_error or descriptor)
@@ -222,7 +222,7 @@ class ROClient:
     @staticmethod
     def _parse_yaml(descriptor, response=False):
         try:
-            return yaml.load(descriptor, Loader=yaml.Loader)
+            return yaml.safe_load(descriptor)
         except yaml.YAMLError as exc:
             error_pos = ""
             if hasattr(exc, "problem_mark"):