From 7f362b42b79dadf423f2a95724ce88318e8af08e Mon Sep 17 00:00:00 2001
From: Blake Blackshear <blakeb@blakeshome.com>
Date: Thu, 5 Oct 2023 06:29:57 -0500
Subject: [PATCH] use safeloader

---
 frigate/util/builtin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/frigate/util/builtin.py b/frigate/util/builtin.py
index 929ada010..5cb01e1c5 100644
--- a/frigate/util/builtin.py
+++ b/frigate/util/builtin.py
@@ -87,7 +87,8 @@ def load_config_with_no_duplicates(raw_config) -> dict:
     """Get config ensuring duplicate keys are not allowed."""
 
     # https://stackoverflow.com/a/71751051
-    class PreserveDuplicatesLoader(yaml.loader.Loader):
+    # important to use SafeLoader here to avoid RCE
+    class PreserveDuplicatesLoader(yaml.loader.SafeLoader):
         pass
 
     def map_constructor(loader, node, deep=False):