From dc7aa6cf67424873b3cb09273cfa3a0c43b15ca2 Mon Sep 17 00:00:00 2001
From: aplastunov <aplastunov+oss@pinterest.com>
Date: Tue, 6 May 2025 13:14:15 +0100
Subject: [PATCH] Replace yaml.load with yaml.safe_load for Enhanced Security

This pull request addresses a security vulnerability in our codebase by replacing the potentially unsafe yaml.load function with the safer yaml.safe_load. The yaml.load function, when used with untrusted input, can execute arbitrary code, leading to potential security risks. By switching to yaml.safe_load, we ensure that only a subset of the YAML language is parsed, effectively mitigating these risks.

Changes Made:

Replaced all instances of yaml.load with yaml.safe_load in the script.
Updated the relevant test cases to align with the safe_load usage.
Benefits:

Improves security by preventing arbitrary code execution.
Maintains functionality while reducing risk from untrusted YAML inputs.
---
 docs/utils/script.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/utils/script.py b/docs/utils/script.py
index a34a63c..9514226 100644
--- a/docs/utils/script.py
+++ b/docs/utils/script.py
@@ -186,7 +186,7 @@ def append_doc_to_spec_file(index: dict):
 
     # Get skeleton spec
     spec_path = PROJECT_PATH + '/docs/utils/skeleton-spec.yaml'
-    spec = yaml.load(open(spec_path, 'r'), Loader=yaml.FullLoader)
+    spec = yaml.safe_load(open(spec_path, 'r'))
 
     # Update version
     from pinterest.version import __version__