Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ifc5c911170c6d173c3ab8f387a63d5089c0aac13
This commit is contained in:
parent
ea82b25f28
commit
50135a8017
|
@ -32,7 +32,7 @@ def main():
|
|||
'governance'))
|
||||
project_input = os.path.join(gov_repo, 'reference/projects.yaml')
|
||||
with open(project_input, 'r') as f:
|
||||
project = yaml.load(f.read())
|
||||
project = yaml.safe_load(f.read())
|
||||
|
||||
repos = []
|
||||
for v in project['oslo']['deliverables'].values():
|
||||
|
|
Loading…
Reference in New Issue