Fix YAML use

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>

6 files changed, 8 insertions, 8 deletions

diff --git a/lib/chef/compliance/input.rb b/lib/chef/compliance/input.rb
index 686b516b2e..237a4e12d0 100644
--- a/lib/chef/compliance/input.rb
+++ b/lib/chef/compliance/input.rb
@@ -101,7 +101,7 @@ class Chef
       # and cookbook_name are required this is probably not externally useful.
       #
       def self.from_yaml(events, string, path = nil, cookbook_name = nil)
-        from_hash(events, YAML.load(string), path, cookbook_name)
+        from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
       end
 
       # @param filename [String] full path to the yml file in the cookbook
diff --git a/lib/chef/compliance/profile.rb b/lib/chef/compliance/profile.rb
index ec9d61895c..f0d02000fc 100644
--- a/lib/chef/compliance/profile.rb
+++ b/lib/chef/compliance/profile.rb
@@ -108,7 +108,7 @@ class Chef
       # and cookbook_name are required this is probably not externally useful.
       #
       def self.from_yaml(events, string, path, cookbook_name)
-        from_hash(events, YAML.load(string), path, cookbook_name)
+        from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
       end
 
       # @param filename [String] full path to the inspec.yml file in the cookbook
diff --git a/lib/chef/compliance/waiver.rb b/lib/chef/compliance/waiver.rb
index 0062a7d5d9..6284e06f04 100644
--- a/lib/chef/compliance/waiver.rb
+++ b/lib/chef/compliance/waiver.rb
@@ -101,7 +101,7 @@ class Chef
       # and cookbook_name are required this is probably not externally useful.
       #
       def self.from_yaml(events, string, path = nil, cookbook_name = nil)
-        from_hash(events, YAML.load(string), path, cookbook_name)
+        from_hash(events, YAML.safe_load(string, permitted_classes: [Date]), path, cookbook_name)
       end
 
       # @param filename [String] full path to the yml file in the cookbook
diff --git a/lib/chef/dsl/reader_helpers.rb b/lib/chef/dsl/reader_helpers.rb
index 6a9b021d89..51259aae36 100644
--- a/lib/chef/dsl/reader_helpers.rb
+++ b/lib/chef/dsl/reader_helpers.rb
@@ -16,7 +16,7 @@
 
 autoload :TOML, "tomlrb"
 require_relative "../json_compat"
-autoload :YAML, "yaml"
+autoload :Psych, "psych"
 
 class Chef
   module DSL
@@ -42,7 +42,7 @@ class Chef
       end
 
       def parse_yaml(filename)
-        YAML.load(IO.read(filename))
+        Psych.safe_load_file(filename, permitted_classes: [Date])
       end
 
       extend self
diff --git a/lib/chef/recipe.rb b/lib/chef/recipe.rb
index 972edf9649..2f7a282ca8 100644
--- a/lib/chef/recipe.rb
+++ b/lib/chef/recipe.rb
@@ -101,7 +101,7 @@ class Chef
     end
 
     def from_yaml(string)
-      res = ::YAML.safe_load(string)
+      res = ::YAML.safe_load(string, permitted_classes: [Date])
       unless res.is_a?(Hash) && res.key?("resources")
         raise ArgumentError, "YAML recipe '#{source_file}' must contain a top-level 'resources' hash (YAML sequence), i.e. 'resources:'"
       end
diff --git a/lib/chef/resource/inspec_waiver_file_entry.rb b/lib/chef/resource/inspec_waiver_file_entry.rb
index 7ad31fd58d..69849fa044 100644
--- a/lib/chef/resource/inspec_waiver_file_entry.rb
+++ b/lib/chef/resource/inspec_waiver_file_entry.rb
@@ -136,11 +136,11 @@ class Chef
         def load_waiver_file_to_hash(file_name)
           if %r{(/|C:\\).*(.yaml|.yml)}i.match?(file_name)
             if ::File.exist?(file_name)
-              hash = ::YAML.load_file(file_name)
+              hash = ::YAML.safe.load_file(file_name, permitted_classes: [Date])
               if hash == false || hash.nil? || hash == ""
                 {}
               else
-                ::YAML.load_file(file_name)
+                ::YAML.safe.load_file(file_name, permitted_classes: [Date])
               end
             else
               {}