From 5dd2501129e14144e224644eff97032eff986bcd Mon Sep 17 00:00:00 2001
From: Tomohiro Nakamura <quickness.net@gmail.com>
Date: Wed, 13 Sep 2017 20:49:38 +0900
Subject: [PATCH] Fix security issue refs #4

* Update version to 1.0.5
* Update to use yaml.safe_load()
* Update to tomoh1r
---
 .travis.yml          | 21 ++++++++++++++++-----
 CHANGES.txt          | 10 ++++++++++
 README.rst           |  4 ++--
 ansible_vault/api.py |  2 +-
 setup.cfg            |  3 +++
 setup.py             |  4 ++--
 tox.ini              | 14 --------------
 7 files changed, 34 insertions(+), 24 deletions(-)
 delete mode 100644 tox.ini

diff --git a/.travis.yml b/.travis.yml
index 70055d9..a150ce4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,14 +1,25 @@
 ---
 language: python
 sudo: false
+cache:
+  directories:
+    - $HOME/.cache/pip
 python:
-- 2.7
+  - "2.7"
+  - "3.3"
+  - "3.4"
+  - "3.5"
+  - "3.6"
 env:
   matrix:
-    - TOXENV=py27
-    - TOXENV=py27-ansible2
+    - ANSIBLE_VER=1
+    - ANSIBLE_VER=2
 install:
-  - pip install tox
-script: tox
+  - python -m pip install -U setuptools pip
+  - if [ $ANSIBLE_VER -eq 1 ] ; then python -m pip install -U 'ansible<2.0.0' ; fi
+  - if [ $ANSIBLE_VER -eq 2 ] ; then python -m pip install -U 'ansible>2.0.0' ; fi
+  - python setup.py setup_test
+script:
+  - python -m pytest
 
 # vim:st=2 sts=2 sw=2:
diff --git a/CHANGES.txt b/CHANGES.txt
index 1e8aa4e..a51a244 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,13 @@
+1.0.5 (2017/09/13)
+
+* Update to use yaml.safe_load()$
+* Update to tomoh1r$
+
+1.0.4 (2015/11/29)
+
+* Apply to Ansible 2
+* Add unit tests
+
 1.0.3 (2015/05/18)
 
 * fix README.rst typo
diff --git a/README.rst b/README.rst
index 0663322..63a8dd3 100644
--- a/README.rst
+++ b/README.rst
@@ -2,8 +2,8 @@
 ansible-vault
 =============
 
-.. image:: https://travis-ci.org/jptomo/ansible-vault.svg?branch=master
-   :target: https://travis-ci.org/jptomo/ansible-vault
+.. image:: https://travis-ci.org/tomoh1r/ansible-vault.svg?branch=master
+   :target: https://travis-ci.org/tomoh1r/ansible-vault
 
 This project aim to R/W an ansible-vault yaml file
 
diff --git a/ansible_vault/api.py b/ansible_vault/api.py
index 3fcc0ad..2f209c1 100644
--- a/ansible_vault/api.py
+++ b/ansible_vault/api.py
@@ -15,7 +15,7 @@ def __init__(self, password):
 
     def load(self, stream):
         '''read vault steam and return python object'''
-        return yaml.load(self.vault.decrypt(stream))
+        return yaml.safe_load(self.vault.decrypt(stream))
 
     def dump(self, data, stream=None):
         '''encrypt data and print stdout or write to stream'''
diff --git a/setup.cfg b/setup.cfg
index 5aef279..819f85d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,2 +1,5 @@
 [metadata]
 description-file = README.rst
+
+[pytest]
+testpaths = ansible_vault/test
diff --git a/setup.py b/setup.py
index c42a8c4..ee0a123 100644
--- a/setup.py
+++ b/setup.py
@@ -32,10 +32,10 @@ def run_tests(self):
 
 setup(
     name='ansible-vault',
-    version='1.0.4',
+    version='1.0.5',
     author='Tomohiro NAKAMURA',
     author_email='quickness.net@gmail.com',
-    url='https://github.com/jptomo/ansible-vault',
+    url='https://github.com/tomoh1r/ansible-vault',
     description='R/W an ansible-vault yaml file',
     long_description=_read('README.rst'),
     packages=find_packages(),
diff --git a/tox.ini b/tox.ini
deleted file mode 100644
index cb350f9..0000000
--- a/tox.ini
+++ /dev/null
@@ -1,14 +0,0 @@
-[tox]
-envlist = py27, py27-ansible2
-setupdir = .
-
-[testenv]
-basepython = python2.7
-
-[testenv:py27]
-commands = python2.7 setup.py test
-
-[testenv:py27-ansible2]
-commands =
-    pip install -U git+https://github.com/ansible/ansible.git@stable-2.0#egg=ansible
-    python2.7 setup.py test