[Fix] Enhanced security for OpenAPI and JSON Loader Integration (#1122)

embedchain/loaders/json.py

@@ -35,7 +35,7 @@ class JSONReader:
         return ["\n".join(useful_lines)]
 
 
-VALID_URL_PATTERN = "^https:\/\/[0-9A-z.]+.[0-9A-z.]+.[a-z]+\/.*\.json$"
+VALID_URL_PATTERN = "^https:\/\/[0-9A-Za-z]+(\.[0-9A-Za-z]+)*\/[0-9A-Za-z_\/]*\.json$"
 
 
 class JSONLoader(BaseLoader):

embedchain/loaders/openapi.py

@@ -32,7 +32,7 @@ class OpenAPILoader(BaseLoader):
         file_path = content
         data_content = []
         with OpenAPILoader._get_file_content(content=content) as file:
-            yaml_data = yaml.load(file, Loader=yaml.Loader)
+            yaml_data = yaml.load(file, Loader=yaml.SafeLoader)
             for i, (key, value) in enumerate(yaml_data.items()):
                 string_data = f"{key}: {value}"
                 meta_data = {"url": file_path, "row": i + 1}