Add `nosec` for Bandit issue 506 in resource_manager.py

Running `tox -e bandit` will raise a `B506: Use of unsafe yaml load` issue. Because yaml.safe_load is a wrapper for yaml.load(SafeLoader), this is a non-issue raised by the tests. This patch adds a `nosec` to ignore the issue and comments to explain why it is okay as is. Change-Id: I4bb3b1635000a8bf77015f35f0be36df2c4f731f
2017-04-12 14:06:32 -05:00 · 2017-04-12 14:06:32 -05:00 · 3efd12c1c6
parent 928db440f2
commit 3efd12c1c6
1 changed files with 6 additions and 1 deletions
--- a/murano/engine/system/resource_manager.py
+++ b/murano/engine/system/resource_manager.py
@ -72,7 +72,12 @@ class ResourceManager(object):
    @specs.inject('receiver', yaqltypes.Receiver())
    @specs.meta(constants.META_NO_TRACE, True)
    def yaml(cls, receiver, name, owner=None):
-        return yamllib.load(
+        # NOTE(kzaitsev, Sam Pilla) Bandit will raise an issue here,
+        # because it thinks that we're using an unsafe yaml.load.
+        # However we're passing a SafeLoader here
+        # (see definition of `yaml_loader` in this file; L27-30)
+        # so a `nosec` was added to ignore the false positive report.
+        return yamllib.load(  # nosec
            cls.string(receiver, name, owner), Loader=yaml_loader)

    @staticmethod