Kinda fix security issues

This commit is contained in:
Jake Howard 2017-03-30 18:34:32 +01:00
parent 036aa754df
commit ccd2f2725c
2 changed files with 3 additions and 2 deletions

View file

@ -7,6 +7,6 @@ from md_pdf.exceptions import ConfigValidationException
def load_config():
try:
with open(os.path.join(CONFIG_FILE)) as f:
return yaml.load(f)
return yaml.safe_load(f)
except FileNotFoundError:
raise ConfigValidationException("Can't find config file at {}".format(CONFIG_FILE))

View file

@ -28,7 +28,7 @@ def download_csl():
_, download_location = tempfile.mkstemp()
bar.start()
urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle)
urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle) # nosec
bar.finish()
with open(download_location, 'rb') as downloaded_file:
@ -45,3 +45,4 @@ def download_csl():
shutil.copytree(CSL_TEMP_DIR, CSL_DIR)
os.remove(download_location)
remove_dir(CSL_TEMP_DIR)
urllib.request.urlcleanup()