From f608cacb2fc6f9ff449f29d46d243bb2b986d3c3 Mon Sep 17 00:00:00 2001
From: Grant Burgess <grantrburgess@outlook.com>
Date: Fri, 3 Jan 2020 10:40:57 +1000
Subject: [PATCH] Replaced yaml.load with yaml.safe_load

---
 Rakefile                     | 2 +-
 extensions/metasploit/api.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Rakefile b/Rakefile
index c5fdc3e90..fc489d075 100644
--- a/Rakefile
+++ b/Rakefile
@@ -115,7 +115,7 @@ task :beef_start => 'beef' do
   test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
 
   # write a rake config file for beef
-  config = YAML.load(File.read('./config.yaml'))
+  config = YAML.safe_load(File.read('./config.yaml'))
   config['beef']['credentials']['user'] = test_user
   config['beef']['credentials']['passwd'] = test_pass
   Dir.mkdir('tmp') unless Dir.exists?('tmp')
diff --git a/extensions/metasploit/api.rb b/extensions/metasploit/api.rb
index b0ceb9da0..729d76840 100644
--- a/extensions/metasploit/api.rb
+++ b/extensions/metasploit/api.rb
@@ -35,7 +35,7 @@ module BeEF
                 print_debug 'Attempting to use Metasploit exploits cache file'
                 raw = File.read(path)
                 begin
-                  msf_module_config = YAML.load(raw)
+                  msf_module_config = YAML.safe_load(raw)
                 rescue => e
                   print_error "[Metasploit] #{e.message}"
                   print_error e.backtrace