mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-16 23:05:42 +00:00
Bug 1469999 - Use yaml.safe_load() for loading clang-tidy config file; r=chmanchester
yaml.load() isn't secure. --HG-- extra : rebase_source : 03eb1715acd62ab8c98bf4d850cc39a88140a998 extra : histedit_source : 8b3b4823c1f1c20be58494a5f98041e7c46ca3b4
This commit is contained in:
parent
3f4ac974d3
commit
871e349399
@ -1769,7 +1769,7 @@ class StaticAnalysis(MachCommandBase):
|
||||
# For each checker run it
|
||||
f = open(mozpath.join(self._clang_tidy_base_path, "config.yaml"))
|
||||
import yaml
|
||||
config = yaml.load(f)
|
||||
config = yaml.safe_load(f)
|
||||
platform, _ = self.platform
|
||||
|
||||
if platform not in config['platforms']:
|
||||
@ -1970,7 +1970,7 @@ class StaticAnalysis(MachCommandBase):
|
||||
import yaml
|
||||
with open(mozpath.join(self.topsrcdir, "tools", "clang-tidy", "config.yaml")) as f:
|
||||
try:
|
||||
config = yaml.load(f)
|
||||
config = yaml.safe_load(f)
|
||||
for item in config['clang_checkers']:
|
||||
if item['publish']:
|
||||
checks += ',' + item['name']
|
||||
|
Loading…
Reference in New Issue
Block a user