Use yaml.safe_load() instead of yaml.load()
yaml.load() provides the ability to construct an arbitrary python object
that may be dangerous. yaml.safe_load() limits this ability to simple
python objects like integers or lists.
ref: https://en.wikipedia.org/wiki/YAML#Security
Change-Id: I9c28c25f4265fb691d39e72e20ef9c99f5538bf5
diff --git a/functional/test_default_parameters.py b/functional/test_default_parameters.py
index 3e00c35..a33823f 100644
--- a/functional/test_default_parameters.py
+++ b/functional/test_default_parameters.py
@@ -75,7 +75,7 @@
if not self.temp_def:
# remove the default from the parameter in the nested template.
- ntempl = yaml.load(self.nested_template)
+ ntempl = yaml.safe_load(self.nested_template)
del ntempl['parameters']['length']['default']
nested_template = yaml.dump(ntempl)
else: