From 769aae30476a5705d0ce0fd8d2c8985019294bf9 Mon Sep 17 00:00:00 2001
From: Marc Bonnici <marc.bonnici@arm.com>
Date: Wed, 27 Feb 2019 14:15:12 +0000
Subject: [PATCH] utils/serializer: Explicitly state yaml loader

In newer versions of PyYAML we need to manually specify the `Loader` to
be used as per https://msg.pyyaml.org/load.
`FullLoader` is now the default loader which attempts to avoid arbitrary
code execution, however if we are running an older version where this is
not available default back to the original Loader.
---
 wa/utils/serializer.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/wa/utils/serializer.py b/wa/utils/serializer.py
index 4e0a79b5..2895a57f 100644
--- a/wa/utils/serializer.py
+++ b/wa/utils/serializer.py
@@ -63,6 +63,11 @@ from collections import OrderedDict
 from datetime import datetime
 import dateutil.parser
 import yaml as _yaml  # pylint: disable=wrong-import-order
+try:
+    from yaml import FullLoader as _yaml_loader
+except ImportError:
+    from yaml import Loader as _yaml_loader
+
 
 # pylint: disable=redefined-builtin
 from past.builtins import basestring  # pylint: disable=wrong-import-order
@@ -234,10 +239,10 @@ _yaml.add_representer(OrderedDict, _wa_dict_representer)
 _yaml.add_representer(regex_type, _wa_regex_representer)
 _yaml.add_representer(level, _wa_level_representer)
 _yaml.add_representer(cpu_mask, _wa_cpu_mask_representer)
-_yaml.add_constructor(_mapping_tag, _wa_dict_constructor)
-_yaml.add_constructor(_regex_tag, _wa_regex_constructor)
-_yaml.add_constructor(_level_tag, _wa_level_constructor)
-_yaml.add_constructor(_cpu_mask_tag, _wa_cpu_mask_constructor)
+_yaml.add_constructor(_regex_tag, _wa_regex_constructor, Loader=_yaml_loader)
+_yaml.add_constructor(_level_tag, _wa_level_constructor, Loader=_yaml_loader)
+_yaml.add_constructor(_cpu_mask_tag, _wa_cpu_mask_constructor, Loader=_yaml_loader)
+_yaml.add_constructor(_mapping_tag, _wa_dict_constructor, Loader=_yaml_loader)
 
 
 class yaml(object):
@@ -249,7 +254,7 @@ class yaml(object):
     @staticmethod
     def load(fh, *args, **kwargs):
         try:
-            return _yaml.load(fh, *args, **kwargs)
+            return _yaml.load(fh, *args, Loader=_yaml_loader, **kwargs)
         except _yaml.YAMLError as e:
             lineno = None
             if hasattr(e, 'problem_mark'):