From d2223869f97055bd1012a31a29c3b1df24773a79 Mon Sep 17 00:00:00 2001
From: Clint Byrum <clint@fewbar.com>
Date: Wed, 6 Feb 2013 16:27:23 -0800
Subject: [PATCH] Use yaml.safe_load: full yaml.load isn't needed

The only reason to use yaml.load instead of safe_load is if one wants to
load serialized objects. Heat's use case is purely to load basic data
structures such as maps/lists/strings. Fixes bug #1117820

Change-Id: I4f6cf2ed4e15405f8b296ccaec737a3779c9867d
---
 heat/common/template_format.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/heat/common/template_format.py b/heat/common/template_format.py
index e3679d28..5430d94f 100644
--- a/heat/common/template_format.py
+++ b/heat/common/template_format.py
@@ -39,7 +39,7 @@ def parse(tmpl_str):
         tpl = json.loads(tmpl_str)
     else:
         try:
-            tpl = yaml.load(tmpl_str)
+            tpl = yaml.safe_load(tmpl_str)
         except yaml.scanner.ScannerError as e:
             raise ValueError(e)
         else:
@@ -90,7 +90,7 @@ def convert_json_to_yaml(json_str):
     json_str = key_re.sub(order_key, json_str)
 
     # parse the string as json to a python structure
-    tpl = yaml.load(json_str)
+    tpl = yaml.safe_load(json_str)
 
     # dump python structure to yaml
     yml = "HeatTemplateFormatVersion: '2012-12-12'\n" + yaml.safe_dump(tpl)
-- 
2.45.2