Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I85c5a4e17bc79c62d946a1dd0c9e85b527961926 Partial-Bug: #1634265
This commit is contained in:
parent
72195791db
commit
40d02088e4
|
@ -151,7 +151,7 @@ class WorkspaceManager(object):
|
|||
if not os.path.isfile(self.path):
|
||||
return
|
||||
with open(self.path, 'r') as f:
|
||||
self.workspaces = yaml.load(f) or {}
|
||||
self.workspaces = yaml.safe_load(f) or {}
|
||||
|
||||
|
||||
class TempestWorkspace(command.Command):
|
||||
|
|
|
@ -33,7 +33,7 @@ LOG = logging.getLogger(__name__)
|
|||
def read_accounts_yaml(path):
|
||||
try:
|
||||
with open(path, 'r') as yaml_file:
|
||||
accounts = yaml.load(yaml_file)
|
||||
accounts = yaml.safe_load(yaml_file)
|
||||
except IOError:
|
||||
raise lib_exc.InvalidConfiguration(
|
||||
'The path for the test accounts file: %s '
|
||||
|
|
Loading…
Reference in New Issue