summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNguyen Hung Phuong <phuongnh@vn.fujitsu.com>2018-02-13 15:09:04 +0700
committerNguyen Hung Phuong <phuongnh@vn.fujitsu.com>2018-02-13 09:27:12 +0000
commitc6813a95faf54ee6f215f4dcdb2c4d2eb33dd999 (patch)
tree6cfdec7f2ff3cfd792c75c7c1c418ffbb01d749f
parent45e8402f31ab34087c91ede2387d1dc6c808ca91 (diff)
Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1793ee3484f51dd663052e367d86f96f2f7598ea
Notes
Notes (review): Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 02 Mar 2018 11:04:16 +0000 Reviewed-on: https://review.openstack.org/543844 Project: openstack/gertty Branch: refs/heads/master
-rw-r--r--gertty/config.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/gertty/config.py b/gertty/config.py
index 371d44b..5990b92 100644
--- a/gertty/config.py
+++ b/gertty/config.py
@@ -141,7 +141,7 @@ class Config(object):
141 self.printSample() 141 self.printSample()
142 sys.exit(1) 142 sys.exit(1)
143 143
144 self.config = yaml.load(open(self.path)) 144 self.config = yaml.safe_load(open(self.path))
145 schema = ConfigSchema().getSchema(self.config) 145 schema = ConfigSchema().getSchema(self.config)
146 schema(self.config) 146 schema(self.config)
147 server = self.getServer(server) 147 server = self.getServer(server)