Merge branch '21535-multi-wf-delete'

[arvados.git] / services / api / app / models / workflow.rb

diff --git a/services/api/app/models/workflow.rb b/services/api/app/models/workflow.rb
index 94890c6632e3b9a8ea6eadf914edd9552ec618e5..0268c4e9797195c79668bd9b6b16244468f3502d 100644 (file)
--- a/services/api/app/models/workflow.rb
+++ b/services/api/app/models/workflow.rb
@@ -18,7 +18,7 @@ class Workflow < ArvadosModel
 
   def validate_definition
     begin
-      @definition_yaml = YAML.load self.definition if !definition.nil?
+      @definition_yaml = YAML.safe_load self.definition if !definition.nil?
     rescue => e
       errors.add :definition, "is not valid yaml: #{e.message}"
     end
@@ -27,7 +27,7 @@ class Workflow < ArvadosModel
   def set_name_and_description
     old_wf = {}
     begin
-      old_wf = YAML.load self.definition_was if !self.definition_was.nil?
+      old_wf = YAML.safe_load self.definition_was if !self.definition_was.nil?
     rescue => e
       logger.warn "set_name_and_description error: #{e.message}"
       return