Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Ifaecff145e91f72911ae05ea274a4977c56212c7
Closes-Bug: #1634265

translator/common/utils.py

@@ -196,7 +196,7 @@ class YamlUtils(object):
     def get_dict(yaml_file):
         '''Returns the dictionary representation of the given YAML spec.'''
         try:
-            return yaml.load(open(yaml_file))
+            return yaml.safe_load(open(yaml_file))
         except IOError:
             return None
 

translator/hot/tosca/tosca_policies_scaling.py

@@ -68,7 +68,7 @@ class ToscaAutoscaling(HotResource):
         return yaml.nodes.MappingNode(u'tag:yaml.org,2002:map', nodes)
 
     def _handle_nested_template(self, scale_res):
-        template_dict = yaml.load(HEAT_TEMPLATE_BASE)
+        template_dict = yaml.safe_load(HEAT_TEMPLATE_BASE)
         template_dict['description'] = 'Tacker Scaling template'
         template_dict["resources"] = {}
         dict_res = OrderedDict()

translator/shell.py

@@ -214,7 +214,7 @@ class TranslatorShell(object):
         msg = _('Deploy the generated template, the stack name is %(name)s.')\
             % {'name': heat_stack_name}
         log.debug(msg)
-        tpl = yaml.load(translator.translate())
+        tpl = yaml.safe_load(translator.translate())
 
         # get all the values for get_file from a translated template
         get_files = []