From ccd2f2725c6d9e92bb8dcb4bc4b62e39c946474e Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 30 Mar 2017 18:34:32 +0100 Subject: [PATCH] Kinda fix security issues --- md_pdf/config/read.py | 2 +- md_pdf/csl.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/md_pdf/config/read.py b/md_pdf/config/read.py index 8af3dbc..89633a3 100644 --- a/md_pdf/config/read.py +++ b/md_pdf/config/read.py @@ -7,6 +7,6 @@ from md_pdf.exceptions import ConfigValidationException def load_config(): try: with open(os.path.join(CONFIG_FILE)) as f: - return yaml.load(f) + return yaml.safe_load(f) except FileNotFoundError: raise ConfigValidationException("Can't find config file at {}".format(CONFIG_FILE)) diff --git a/md_pdf/csl.py b/md_pdf/csl.py index a9b0d2a..92119ec 100644 --- a/md_pdf/csl.py +++ b/md_pdf/csl.py @@ -28,7 +28,7 @@ def download_csl(): _, download_location = tempfile.mkstemp() bar.start() - urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle) + urllib.request.urlretrieve(CSL_DOWNLOAD_LINK, download_location, reporthook=download_handle) # nosec bar.finish() with open(download_location, 'rb') as downloaded_file: @@ -45,3 +45,4 @@ def download_csl(): shutil.copytree(CSL_TEMP_DIR, CSL_DIR) os.remove(download_location) remove_dir(CSL_TEMP_DIR) + urllib.request.urlcleanup()