Warning: It is not safe to call yaml.load with any data received from an untrusted source! yaml.load is as powerful as pickle.load and so may call any Python function. Check the yaml.safe_load function though.
Now the question is if our yaml-files are safe? As they, if we are using yaml.load() can be used to "inject" Python code, and can be uploaded quite freely, it is better to be on the safe (!) side.
Applies to parse_yaml.py.
Change
yaml.load(...)tores = yaml.safe_load(file_yaml), or changeFullLoadedtoSafeLoader.Reason (from https://pyyaml.org/wiki/PyYAMLDocumentation#loading-yaml):
Now the question is if our yaml-files are safe? As they, if we are using
yaml.load()can be used to "inject" Python code, and can be uploaded quite freely, it is better to be on the safe (!) side.