From f7696d1dc17e4de5333f468860bb91f7c420e0a4 Mon Sep 17 00:00:00 2001
From: YusukeJustinNakajima
 <115024208+YusukeJustinNakajima@users.noreply.github.com>
Date: Mon, 8 Jan 2024 14:37:03 +0900
Subject: [PATCH] [Fix]  Enhanced security for OpenAPI and JSON Loader
 Integration (#1122)

---
 embedchain/loaders/json.py    | 2 +-
 embedchain/loaders/openapi.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/embedchain/loaders/json.py b/embedchain/loaders/json.py
index 2d090f68..fc0a649c 100644
--- a/embedchain/loaders/json.py
+++ b/embedchain/loaders/json.py
@@ -35,7 +35,7 @@ class JSONReader:
         return ["\n".join(useful_lines)]
 
 
-VALID_URL_PATTERN = "^https:\/\/[0-9A-z.]+.[0-9A-z.]+.[a-z]+\/.*\.json$"
+VALID_URL_PATTERN = "^https:\/\/[0-9A-Za-z]+(\.[0-9A-Za-z]+)*\/[0-9A-Za-z_\/]*\.json$"
 
 
 class JSONLoader(BaseLoader):
diff --git a/embedchain/loaders/openapi.py b/embedchain/loaders/openapi.py
index f898b8ef..0f2164f9 100644
--- a/embedchain/loaders/openapi.py
+++ b/embedchain/loaders/openapi.py
@@ -32,7 +32,7 @@ class OpenAPILoader(BaseLoader):
         file_path = content
         data_content = []
         with OpenAPILoader._get_file_content(content=content) as file:
-            yaml_data = yaml.load(file, Loader=yaml.Loader)
+            yaml_data = yaml.load(file, Loader=yaml.SafeLoader)
             for i, (key, value) in enumerate(yaml_data.items()):
                 string_data = f"{key}: {value}"
                 meta_data = {"url": file_path, "row": i + 1}