Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iba7924715c9ef66fec9f875f11a2261789e6aa0d Closes-Bug: #1634265
2017-01-16 14:40:52 +07:00 · 2017-01-16 14:40:52 +07:00 · ce7a31d5f8
parent 180d8fe931
commit ce7a31d5f8
1 changed files with 1 additions and 1 deletions
--- a/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py
+++ b/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py
@ -34,7 +34,7 @@ def load_yaml(file_name):
    yaml_file = '{}/{}'.format(path.dirname(
        path.abspath(__file__)), file_name)
    with open(yaml_file) as f:
-        res = yaml.load(f)
+        res = yaml.safe_load(f)
    return res