Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Iab51ca23786bb18911cdb4dd640ce2726f63ca30
This commit is contained in:
Nguyen Hung Phuong 2018-02-13 15:29:09 +07:00
parent 9afc3472ea
commit e90841bb7b
1 changed files with 1 additions and 1 deletions

View File

@ -269,7 +269,7 @@ def get_metrics_conf(conf_path):
res = None
try:
with open(conf_path) as conf:
res = yaml.load(conf)
res = yaml.safe_load(conf)
res = res[0]
except Exception as exc:
LOG.warning('Error when trying to retrieve yaml metrology conf file.')