Merge pull request aws-samples#13 from aws-samples/yaml-hotfix

Yaml hotfix
joshkurz · Jan 11, 2023 · 3e6d16c · 3e6d16c
2 parents 7ce36a6 + 00ca064
commit 3e6d16c
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## v0.7.2 (2023-01-11)
+
+### Refactor
+
+- Fix insecure yaml load method
+- Use more secure yaml load method
+
 ## v0.7.0 (2023-01-02)
 
 ### Feat

diff --git a/hardeneks/__init__.py b/hardeneks/__init__.py
@@ -33,7 +33,7 @@ def _config_callback(value: str):
 
     with open(value, "r") as f:
         try:
-            yaml.load(f, Loader=yaml.FullLoader)
+            yaml.safe_load(f)
         except yaml.YAMLError as exc:
             raise typer.BadParameter(exc)
 
@@ -73,7 +73,7 @@ def _load_kube_config():
     tmp_config = tempfile.NamedTemporaryFile().name
 
     with open(kube_config_orig, "r") as fd:
-        kubeconfig = yaml.load(fd, Loader=yaml.FullLoader)
+        kubeconfig = yaml.safe_load(fd)
     for cluster in kubeconfig["clusters"]:
         cluster["cluster"]["insecure-skip-tls-verify"] = True
     with open(tmp_config, "w") as fd:

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "hardeneks"
-version = "0.7.0"
+version = "0.7.2"
 description = ""
 authors = ["Doruk Ozturk <[email protected]>"]
 readme = "README.md"
@@ -41,7 +41,7 @@ exclude = '''
 
 [tool.commitizen]
 name = "cz_conventional_commits"
-version = "0.7.0"
+version = "0.7.2"
 version_files = [
   "pyproject.toml:[tool.commitizen]\nversion",
   "pyproject.toml:[tool.poetry]\nname = \"commitizen\"\nversion",