Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iba7924715c9ef66fec9f875f11a2261789e6aa0d Closes-Bug: #1634265
This commit is contained in:
parent
180d8fe931
commit
ce7a31d5f8
|
@ -34,7 +34,7 @@ def load_yaml(file_name):
|
|||
yaml_file = '{}/{}'.format(path.dirname(
|
||||
path.abspath(__file__)), file_name)
|
||||
with open(yaml_file) as f:
|
||||
res = yaml.load(f)
|
||||
res = yaml.safe_load(f)
|
||||
return res
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue