Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iab51ca23786bb18911cdb4dd640ce2726f63ca30
This commit is contained in:
parent
9afc3472ea
commit
e90841bb7b
|
@ -269,7 +269,7 @@ def get_metrics_conf(conf_path):
|
|||
res = None
|
||||
try:
|
||||
with open(conf_path) as conf:
|
||||
res = yaml.load(conf)
|
||||
res = yaml.safe_load(conf)
|
||||
res = res[0]
|
||||
except Exception as exc:
|
||||
LOG.warning('Error when trying to retrieve yaml metrology conf file.')
|
||||
|
|
Loading…
Reference in New Issue