browbeat

History

Van Hung Pham 15fd41725a Replace yaml.load() with yaml.safe_load() Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iaa2b7d9c880f3e20243bb2a9cbd8f9db29ecc267	2017-06-07 23:06:38 +00:00
..
lint-browbeat-config.py	Replace yaml.load() with yaml.safe_load()	2017-06-07 23:06:38 +00:00

Van Hung Pham 15fd41725a Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.
In addition, Bandit flags yaml.load() as security risk
so replace all occurrences with yaml.safe_load().
Thus I replace yaml.load() with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Iaa2b7d9c880f3e20243bb2a9cbd8f9db29ecc267

2017-06-07 23:06:38 +00:00

lint-browbeat-config.py

Replace yaml.load() with yaml.safe_load()

2017-06-07 23:06:38 +00:00