Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/ dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I4f5379e1e17129222a211ac6e6d285c40a0b9bfd
This commit is contained in:
parent
ac0ca66fbf
commit
d47e3cdd8a
|
@ -379,7 +379,7 @@ class TCPCloudManagement(cloud_management.CloudManagement,
|
|||
cmd = "salt -E '{}' {} --out=yaml".format(
|
||||
self.slave_name_regexp, command)
|
||||
result = self._execute_on_master_node({'command': cmd})
|
||||
return yaml.load(result[0].payload['stdout'])
|
||||
return yaml.safe_load(result[0].payload['stdout'])
|
||||
|
||||
def discover_hosts(self):
|
||||
if not self.cached_cloud_hosts:
|
||||
|
|
Loading…
Reference in New Issue