Use yaml.safe_load instead of load.
Fixes security issue and deprecation of simple use of yaml.load without an explicit loader. Change-Id: If47e3fd1cc09c7a1db1fad05a643aa3da04cf26c
This commit is contained in:
parent
cfcc7d53b3
commit
7d473e4d43
|
@ -436,7 +436,7 @@ def _main(config):
|
||||||
raise Exception("Channel Config must be specified in config file.")
|
raise Exception("Channel Config must be specified in config file.")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
channel_config = ChannelConfig(yaml.load(open(fp)))
|
channel_config = ChannelConfig(yaml.safe_load(open(fp)))
|
||||||
except Exception:
|
except Exception:
|
||||||
log = logging.getLogger('gerritbot')
|
log = logging.getLogger('gerritbot')
|
||||||
log.exception("Syntax error in chanel config file")
|
log.exception("Syntax error in chanel config file")
|
||||||
|
|
|
@ -48,14 +48,14 @@ openstack-infra:
|
||||||
|
|
||||||
class ChannelConfigTestCase(testtools.TestCase):
|
class ChannelConfigTestCase(testtools.TestCase):
|
||||||
def test_missing_octothorpe(self):
|
def test_missing_octothorpe(self):
|
||||||
channel_config = bot.ChannelConfig(yaml.load(CHANNEL_CONFIG_YAML))
|
channel_config = bot.ChannelConfig(yaml.safe_load(CHANNEL_CONFIG_YAML))
|
||||||
# TODO(jlvillal): Python 2 only assert. Must change to use
|
# TODO(jlvillal): Python 2 only assert. Must change to use
|
||||||
# six.assertCountEqual() for Python 2/3 compatibility
|
# six.assertCountEqual() for Python 2/3 compatibility
|
||||||
self.assertItemsEqual(['#openstack-dev', '#openstack-infra'],
|
self.assertItemsEqual(['#openstack-dev', '#openstack-infra'],
|
||||||
channel_config.channels)
|
channel_config.channels)
|
||||||
|
|
||||||
def test_branches(self):
|
def test_branches(self):
|
||||||
channel_config = bot.ChannelConfig(yaml.load(CHANNEL_CONFIG_YAML))
|
channel_config = bot.ChannelConfig(yaml.safe_load(CHANNEL_CONFIG_YAML))
|
||||||
expected_channels = {'#openstack-dev', '#openstack-infra'}
|
expected_channels = {'#openstack-dev', '#openstack-infra'}
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
{
|
{
|
||||||
|
@ -65,7 +65,7 @@ class ChannelConfigTestCase(testtools.TestCase):
|
||||||
channel_config.branches)
|
channel_config.branches)
|
||||||
|
|
||||||
def test_events(self):
|
def test_events(self):
|
||||||
channel_config = bot.ChannelConfig(yaml.load(CHANNEL_CONFIG_YAML))
|
channel_config = bot.ChannelConfig(yaml.safe_load(CHANNEL_CONFIG_YAML))
|
||||||
expected_channels = {'#openstack-dev', '#openstack-infra'}
|
expected_channels = {'#openstack-dev', '#openstack-infra'}
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
{
|
{
|
||||||
|
@ -79,7 +79,7 @@ class ChannelConfigTestCase(testtools.TestCase):
|
||||||
channel_config.events)
|
channel_config.events)
|
||||||
|
|
||||||
def test_projects(self):
|
def test_projects(self):
|
||||||
channel_config = bot.ChannelConfig(yaml.load(CHANNEL_CONFIG_YAML))
|
channel_config = bot.ChannelConfig(yaml.safe_load(CHANNEL_CONFIG_YAML))
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
{
|
{
|
||||||
'^openstack/': {'#openstack-infra'},
|
'^openstack/': {'#openstack-infra'},
|
||||||
|
@ -109,7 +109,8 @@ class GerritTestCase(testtools.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(GerritTestCase, self).setUp()
|
super(GerritTestCase, self).setUp()
|
||||||
self.ircbot = IrcBotHelper()
|
self.ircbot = IrcBotHelper()
|
||||||
self.channel_config = bot.ChannelConfig(yaml.load(CHANNEL_CONFIG_YAML))
|
self.channel_config = bot.ChannelConfig(
|
||||||
|
yaml.safe_load(CHANNEL_CONFIG_YAML))
|
||||||
self.channel = "#openstack-infra"
|
self.channel = "#openstack-infra"
|
||||||
self.gerrit = bot.Gerrit(ircbot=self.ircbot,
|
self.gerrit = bot.Gerrit(ircbot=self.ircbot,
|
||||||
channel_config=self.channel_config,
|
channel_config=self.channel_config,
|
||||||
|
|
Loading…
Reference in New Issue