Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Ifc5c911170c6d173c3ab8f387a63d5089c0aac13
This commit is contained in:
Nguyen Hung Phuong 2018-02-13 13:15:01 +07:00
parent ea82b25f28
commit 50135a8017
1 changed files with 1 additions and 1 deletions

View File

@ -32,7 +32,7 @@ def main():
'governance'))
project_input = os.path.join(gov_repo, 'reference/projects.yaml')
with open(project_input, 'r') as f:
project = yaml.load(f.read())
project = yaml.safe_load(f.read())
repos = []
for v in project['oslo']['deliverables'].values():