From 844e65d89fdfb56aa7be2ff857d340e46ffd7b7f Mon Sep 17 00:00:00 2001
From: Anthony Shaw <anthonyshaw@apache.org>
Date: Tue, 3 Jul 2018 18:36:14 +1000
Subject: [PATCH] swap yaml.load with yaml.safe_load

---
 contrib/packs/actions/pack_mgmt/get_installed.py       | 2 +-
 st2common/st2common/util/spec_loader.py                | 2 +-
 st2common/tests/unit/test_jinja_render_data_filters.py | 2 +-
 st2tests/integration/mistral/test_filters.py           | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/contrib/packs/actions/pack_mgmt/get_installed.py b/contrib/packs/actions/pack_mgmt/get_installed.py
index f768172cba..07a57c006c 100644
--- a/contrib/packs/actions/pack_mgmt/get_installed.py
+++ b/contrib/packs/actions/pack_mgmt/get_installed.py
@@ -87,5 +87,5 @@ def run(self, pack):
 
     def _parse_yaml_file(self, file_path):
         with open(file_path) as data_file:
-            details = yaml.load(data_file)
+            details = yaml.safe_load(data_file)
         return details
diff --git a/st2common/st2common/util/spec_loader.py b/st2common/st2common/util/spec_loader.py
index c2ce023017..743d897ebb 100644
--- a/st2common/st2common/util/spec_loader.py
+++ b/st2common/st2common/util/spec_loader.py
@@ -39,7 +39,7 @@
 
 def load_spec(module_name, spec_file):
     spec_string = generate_spec(module_name, spec_file)
-    spec = yaml.load(spec_string)
+    spec = yaml.safe_load(spec_string)
     return spec
 
 
diff --git a/st2common/tests/unit/test_jinja_render_data_filters.py b/st2common/tests/unit/test_jinja_render_data_filters.py
index 864afe33b8..594de540da 100644
--- a/st2common/tests/unit/test_jinja_render_data_filters.py
+++ b/st2common/tests/unit/test_jinja_render_data_filters.py
@@ -96,5 +96,5 @@ def test_filter_to_yaml_string(self):
 
         template = '{{k1 | to_yaml_string}}'
         obj_yaml_str = env.from_string(template).render({'k1': obj})
-        actual_obj = yaml.load(obj_yaml_str)
+        actual_obj = yaml.safe_load(obj_yaml_str)
         self.assertDictEqual(obj, actual_obj)
diff --git a/st2tests/integration/mistral/test_filters.py b/st2tests/integration/mistral/test_filters.py
index ed26075c9f..916f52a42f 100644
--- a/st2tests/integration/mistral/test_filters.py
+++ b/st2tests/integration/mistral/test_filters.py
@@ -243,8 +243,8 @@ def test_to_yaml_string(self):
         ex = self._execute_workflow('examples.mistral-test-func-to-yaml-string', params)
         ex = self._wait_for_completion(ex)
         self.assertEqual(ex.status, action_constants.LIVEACTION_STATUS_SUCCEEDED)
-        jinja_dict = yaml.load(ex.result['result_jinja'])
-        yaql_dict = yaml.load(ex.result['result_yaql'])
+        jinja_dict = yaml.safe_load(ex.result['result_jinja'])
+        yaql_dict = yaml.safe_load(ex.result['result_yaql'])
         self.assertTrue(isinstance(jinja_dict, dict))
         self.assertEqual(jinja_dict['a'], 'b')
         self.assertTrue(isinstance(yaql_dict, dict))