From 708c3d589e9a03bf5b8bdf4af32420d34a546812 Mon Sep 17 00:00:00 2001
From: Rory Finnegan <rory.finnegan@invenia.ca>
Date: Tue, 15 Apr 2014 19:31:04 -0500
Subject: [PATCH] Fixed previous yaml load commit and added a tox.ini file.

DETAILS:
- Apparently a potential security issue with yaml.load vs yaml.safe_load.
  Like pickling, yaml.load could result in arbitrary code being run.
- tox.ini file includes the flake8 settings for this project, build spec for 2.7
  and line for eventually testing the project.
---
 .gitignore                  |  2 ++
 bootstrapvz/common/tools.py |  2 +-
 tox.ini                     | 10 ++++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
index ebaa1c3..a43694d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,5 @@ _site/
 /build
 /dist
 /bootstrap_vz.egg-info
+/.tox
+/.coverage
diff --git a/bootstrapvz/common/tools.py b/bootstrapvz/common/tools.py
index f392f35..5b6edee 100644
--- a/bootstrapvz/common/tools.py
+++ b/bootstrapvz/common/tools.py
@@ -67,7 +67,7 @@ def load_json(path):
 def load_yaml(path):
 	import yaml
 	with open(path, 'r') as fobj:
-		return yaml.load(fobj)
+		return yaml.safe_load(fobj)
 
 
 def config_get(path, config_path):
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..d8099cf
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,10 @@
+[flake8]
+ignore = E101,E221,E241,E501,W191
+max-line-length = 110
+
+[tox]
+envlist = py27
+
+[testenv]
+# Once tests have started being written, uncomment this to run tests when running tox.
+#commands = nosetests -v tests --with-coverage --cover-package=bootstrapvz --cover-inclusive