cf81bd39a6
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ife71148013d5f94ec5ae62633ff9a41f419bd3b7 Closes-Bug: #1634265 |
||
|---|---|---|
| .. | ||
| asset_history.sh | ||
| check_app_catalog_yaml.py | ||
| testserver.py | ||
| update_assets.sh | ||
| yaml2json.py | ||