Kinda fix security issues

2017-03-30 18:34:32 +01:00 · 2017-03-30 18:34:32 +01:00 · ccd2f2725c
commit ccd2f2725c
parent 036aa754df
2 changed files with 3 additions and 2 deletions
--- a/md_pdf/config/read.py
+++ b/md_pdf/config/read.py
@ -7,6 +7,6 @@ from md_pdf.exceptions import ConfigValidationException
 def load_config():
    try:
        with open(os.path.join(CONFIG_FILE)) as f:
-            return yaml.load(f)
+            return yaml.safe_load(f)
    except FileNotFoundError:
        raise ConfigValidationException("Can't find config file at {}".format(CONFIG_FILE))
--- a/md_pdf/csl.py
+++ b/md_pdf/csl.py
@ -28,7 +28,7 @@ def download_csl():

    _, download_location = tempfile.mkstemp()
    bar.start()
-    urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle)
+    urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle)  # nosec
    bar.finish()

    with open(download_location, 'rb') as downloaded_file:
@ -45,3 +45,4 @@ def download_csl():
    shutil.copytree(CSL_TEMP_DIR, CSL_DIR)
    os.remove(download_location)
    remove_dir(CSL_TEMP_DIR)
+    urllib.request.urlcleanup()