Replace yaml.load with yaml.safe_load for Enhanced Security (#150)

aplastunov · web-flow · commit 8ff57779fd4c · 2025-05-30T21:41:52.000-04:00
This pull request addresses a security vulnerability in our codebase by replacing the potentially unsafe yaml.load function with the safer yaml.safe_load. The yaml.load function, when used with untrusted input, can execute arbitrary code, leading to potential security risks. By switching to yaml.safe_load, we ensure that only a subset of the YAML language is parsed, effectively mitigating these risks.

Changes Made:

Replaced all instances of yaml.load with yaml.safe_load in the script.
Updated the relevant test cases to align with the safe_load usage.
Benefits:

Improves security by preventing arbitrary code execution.
Maintains functionality while reducing risk from untrusted YAML inputs.
diff --git a/docs/utils/script.py b/docs/utils/script.py
@@ -186,7 +186,7 @@ def append_doc_to_spec_file(index: dict):
 
     # Get skeleton spec
     spec_path = PROJECT_PATH + '/docs/utils/skeleton-spec.yaml'
-    spec = yaml.load(open(spec_path, 'r'), Loader=yaml.FullLoader)
+    spec = yaml.safe_load(open(spec_path, 'r'))
 
     # Update version
     from pinterest.version import __version__
