Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I9841e688e16e9bebef5eb278ee2f3a12f2ca61f4
2017-02-04 11:50:24 +08:00 · 2017-02-04 11:50:24 +08:00 · 99ad4fba53
parent 37d1855c0f
commit 99ad4fba53
1 changed files with 1 additions and 1 deletions
--- a/migration/manage_migration.py
+++ b/migration/manage_migration.py
@ -30,7 +30,7 @@ def handle_external_config(params):
        with open(params.config) as f:
            from migration import config

-            content = yaml.load(f)
+            content = yaml.safe_load(f)
            if isinstance(content, dict):
                for k, v in content.items():
                    setattr(config, k, v)