langyizhao opened a new pull request #76: URL: https://github.com/apache/skywalking-python/pull/76
This is to mitigate security issue `Use of unsafe yaml load` found in https://console.muse.dev/result/ayorra/skywalking-python/01EK1BP85DHDEV2RJTTEYFNV9G?tab=results According to https://pyyaml.org/wiki/PyYAMLDocumentation Ideally we should always use safe_load in place of load when the source of yaml can be untrusted (which IS the case because it's from the web) But I understand that we also want to use CLoader for the sake of performance. This is a mitigation following https://github.com/yaml/pyyaml/blob/2f463cf5b0e98a52bc20e348d1e69761bf263b86/tests/lib/test_yaml_ext.py#L37 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
