Merge pull request #1816 from beefproject/yaml_safe_load

Replaced yaml.load with yaml.safe_load
beefproject · Jan 3, 2020 · 8e783ad · 8e783ad
2 parents ba15644 + f608cac
commit 8e783ad
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/Rakefile b/Rakefile
@@ -115,7 +115,7 @@ task :beef_start => 'beef' do
   test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
 
   # write a rake config file for beef
-  config = YAML.load(File.read('./config.yaml'))
+  config = YAML.safe_load(File.read('./config.yaml'))
   config['beef']['credentials']['user'] = test_user
   config['beef']['credentials']['passwd'] = test_pass
   Dir.mkdir('tmp') unless Dir.exists?('tmp')

diff --git a/extensions/metasploit/api.rb b/extensions/metasploit/api.rb
@@ -35,7 +35,7 @@ def self.post_soft_load
                 print_debug 'Attempting to use Metasploit exploits cache file'
                 raw = File.read(path)
                 begin
-                  msf_module_config = YAML.load(raw)
+                  msf_module_config = YAML.safe_load(raw)
                 rescue => e
                   print_error "[Metasploit] #{e.message}"
                   print_error e.backtrace