Release 0.2.2 - Fix yaml load vulnerability.

Martlark · Mar 28, 2019 · 7ab2820 · 7ab2820
1 parent 5738609
commit 7ab2820
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/flask_ipban/ip_ban.py b/flask_ipban/ip_ban.py
@@ -314,7 +314,7 @@ def load_nuisances(self, file_name=None):
 
         added_count = 0
         with open(file_name) as f:
-            y = yaml.load(f)
+            y = yaml.load(f, Loader=yaml.SafeLoader)
 
             for match_type in ['ip', 'string', 'regex']:
                 for value in y[match_type]:

diff --git a/pypar.commands.txt → pypar.commands.sh b/pypar.commands.txt → pypar.commands.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 # Notes and commands to upload to pypi
 #
 # https://medium.com/@joel.barmettler/how-to-upload-your-python-package-to-pypi-65edc5fe9c56