Using yaml.safe_load instead of yaml.load
It is not safe to call yaml.load with any data received from an untrusted source, we'd better use yaml.safe_load Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I175ab89d408b38d5370621c0fd2cf78685e951f7
This commit is contained in:
parent
bd99edfa83
commit
e01ef2a59d
|
@ -165,7 +165,7 @@ class ResourceTemplate(ResourceBase):
|
|||
|
||||
# Execute the command
|
||||
out, err = utils.ExecUtils.exec_command(cmd)
|
||||
y = yaml.load(out)
|
||||
y = yaml.safe_load(out)
|
||||
y['metadata']['namespace'] = variables[nsname]
|
||||
|
||||
res = y
|
||||
|
@ -175,7 +175,7 @@ class ResourceTemplate(ResourceBase):
|
|||
variables,
|
||||
utils.FileUtils.read_string_from_file(
|
||||
rt.getTemplatePath()))
|
||||
res = yaml.load(raw_doc)
|
||||
res = yaml.safe_load(raw_doc)
|
||||
|
||||
if args.debug_container is not None:
|
||||
y = res
|
||||
|
@ -322,7 +322,7 @@ class Resource(ResourceTemplate):
|
|||
|
||||
def take_action(self, args):
|
||||
tmpl = super(Resource, self).take_action(args, skip_and_return=True)
|
||||
y = yaml.load(tmpl)
|
||||
y = yaml.safe_load(tmpl)
|
||||
kind = y['kind']
|
||||
if kind == 'List':
|
||||
first_item = y['items'][0]
|
||||
|
|
|
@ -40,7 +40,7 @@ class TestK8sTemplatesTest(base.BaseTestCase):
|
|||
for package in packages:
|
||||
print(" %s" % package)
|
||||
with open(os.path.join(microdir, package, 'Chart.yaml')) as stream:
|
||||
version = yaml.load(stream)['version']
|
||||
version = yaml.safe_load(stream)['version']
|
||||
|
||||
cmd = "%s template %s/%s-%s.tgz" % (helmbin, repodir,
|
||||
package, version)
|
||||
|
@ -48,7 +48,7 @@ class TestK8sTemplatesTest(base.BaseTestCase):
|
|||
if err:
|
||||
raise err
|
||||
|
||||
l = yaml.load_all(out)
|
||||
l = yaml.safe_load_all(out)
|
||||
for y in l:
|
||||
js = '[]'
|
||||
try:
|
||||
|
|
|
@ -126,7 +126,7 @@ class TestTemplatesTest(base.BaseTestCase):
|
|||
|
||||
def func(args, o):
|
||||
# Check if template is yaml
|
||||
y = yaml.load(o)
|
||||
y = yaml.safe_load(o)
|
||||
js = '[]'
|
||||
try:
|
||||
# If there is an alpha init container, validate it is proper
|
||||
|
|
|
@ -20,7 +20,7 @@ if [ $(openstack user list --column Name --format value | grep $1 | wc -l) -ne 0
|
|||
exit -1
|
||||
fi
|
||||
user='root'
|
||||
password=$(python -c 'import yaml; print yaml.load(open("/etc/kolla/passwords.yml"))["database_password"]')
|
||||
password=$(python -c 'import yaml; print yaml.safe_load(open("/etc/kolla/passwords.yml"))["database_password"]')
|
||||
if [ $(kubectl exec mariadb-0 -n kolla -- mysql --user=$user --password=$password -e 'show databases;' | grep $1 | wc -l) -ne 0 ]; then
|
||||
exit -1
|
||||
fi
|
||||
|
|
|
@ -50,7 +50,7 @@ def main():
|
|||
for package in [p for p in microservices if _isdir(microdir, p)]:
|
||||
values_file = os.path.join(microdir, package, "values.yaml")
|
||||
with open(values_file, "r") as f:
|
||||
package_values = yaml.load(f)
|
||||
package_values = yaml.safe_load(f)
|
||||
merge_dict(values, package_values)
|
||||
|
||||
# Remove some package specific values:
|
||||
|
|
|
@ -128,7 +128,7 @@ def main():
|
|||
srcdir = os.path.join(path, "..", "helm")
|
||||
microdir = os.path.join(srcdir, "microservice")
|
||||
microservices = os.listdir(microdir)
|
||||
values = yaml.load(open(os.path.join(srcdir, "all_values.yaml")))
|
||||
values = yaml.safe_load(open(os.path.join(srcdir, "all_values.yaml")))
|
||||
|
||||
packages = [p for p in microservices if _isdir(microdir, p)]
|
||||
count = 1
|
||||
|
|
Loading…
Reference in New Issue