Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/ dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I4f5379e1e17129222a211ac6e6d285c40a0b9bfd
2018-02-13 13:35:56 +07:00 · 2018-02-13 13:35:56 +07:00 · d47e3cdd8a
parent ac0ca66fbf
commit d47e3cdd8a
1 changed files with 1 additions and 1 deletions
--- a/os_faults/drivers/cloud/tcpcloud.py
+++ b/os_faults/drivers/cloud/tcpcloud.py
@ -379,7 +379,7 @@ class TCPCloudManagement(cloud_management.CloudManagement,
        cmd = "salt -E '{}' {} --out=yaml".format(
            self.slave_name_regexp, command)
        result = self._execute_on_master_node({'command': cmd})
-        return yaml.load(result[0].payload['stdout'])
+        return yaml.safe_load(result[0].payload['stdout'])

    def discover_hosts(self):
        if not self.cached_cloud_hosts: