Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1793ee3484f51dd663052e367d86f96f2f7598ea
This commit is contained in:
parent
45e8402f31
commit
c6813a95fa
|
@ -141,7 +141,7 @@ class Config(object):
|
|||
self.printSample()
|
||||
sys.exit(1)
|
||||
|
||||
self.config = yaml.load(open(self.path))
|
||||
self.config = yaml.safe_load(open(self.path))
|
||||
schema = ConfigSchema().getSchema(self.config)
|
||||
schema(self.config)
|
||||
server = self.getServer(server)
|
||||
|
|
Loading…
Reference in New Issue