7e11cab57b
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ia45006ce1382022e5c776d06fdc3c33e9b4d8c47 Closes-Bug: #1634265 |
||
|---|---|---|
| doc | ||
| keystoneauth1 | ||
| releasenotes | ||
| tools | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .testr.conf | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
keystoneauth
This package contains tools for authenticating to an OpenStack-based cloud. These tools include:
- Authentication plugins (password, token, and federation based)
- Discovery mechanisms to determine API version support
- A session that is used to maintain client settings across requests (based on the requests Python library)
Further information:
- Free software: Apache license
- Documentation: http://docs.openstack.org/developer/keystoneauth
- Source: http://git.openstack.org/cgit/openstack/keystoneauth
- Bugs: http://bugs.launchpad.net/keystoneauth