Merge pull request #281 from fecgov/use-yaml-safe-load

Use `yaml.safe_load()` instead of `load()`

Author: sloria

AUTHORS.rst

@@ -51,3 +51,4 @@ Contributors (chronological)
 - Christina Long `@cvlong <https://github.com/cvlong>`_
 - Felix Yan `@felixonmars <https://github.com/felixonmars>`_
 - Guoli Lyu `@Guoli-Lyu <https://github.com/Guoli-Lyu>`_
+- Laura Beaufort `@lbeaufort <https://github.com/lbeaufort>`_

apispec/yaml_utils.py

@@ -46,7 +46,7 @@ def load_yaml_from_docstring(docstring):
 
     yaml_string = '\n'.join(split_lines[cut_from:])
     yaml_string = dedent(yaml_string)
-    return yaml.load(yaml_string) or {}
+    return yaml.safe_load(yaml_string) or {}
 
 
 PATH_KEYS = set([

docs/special_topics.rst

@@ -87,7 +87,7 @@ Here is an example that includes a `Security Scheme Object <https://github.com/O
           bearerFormat: JWT
     """
 
-    settings = yaml.load(OPENAPI_SPEC)
+    settings = yaml.safe_load(OPENAPI_SPEC)
     # retrieve  title, version, and openapi version
     title = settings['info'].pop('title')
     spec_version = settings['info'].pop('version')

tests/test_core.py

@@ -163,7 +163,7 @@ def test_to_yaml(self, spec):
             properties=self.properties,
             enum=enum,
         )
-        assert spec.to_dict() == yaml.load(spec.to_yaml())
+        assert spec.to_dict() == yaml.safe_load(spec.to_yaml())
 
 class TestPath:
     paths = {