Commit 2e7bf0d8 authored by anonym's avatar anonym

tor-controlport-filter: use yaml.safe_load().

The function yaml.safe_load limits this ability to simple Python
objects like integers , lists etc, which is enough for us.

Original commit by Joy SN <joysn1980@yahoo.com> for Whonix, fixing:
https://phabricator.whonix.org/T604

Will-fix: #12173
parent 87b2e41d
......@@ -481,7 +481,7 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
for filter_file in glob.glob('/etc/tor-controlport-filter.d/*.yml'):
try:
with open(filter_file, "rb") as fh:
filters = yaml.load(fh.read())
filters = yaml.safe_load(fh.read())
name = re.sub(r'\.yml$', '', os.path.basename(filter_file))
for filter_ in filters:
if name not in filter_:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment