OpenStack Heat

use yaml.safe_load

Bug #1117820 reported by Angus Salkeld on 2013-02-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	Undecided	Clint Byrum	OpenStack Heat 2013.1 "grizzly"

Bug Description

yaml.load() is not safe.

http://pyyaml.org/wiki/PyYAMLDocumentation

We need to use safe_load()

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-07: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/21400

Changed in heat:
assignee:	nobody → Clint Byrum (clint-fewbar)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-07: Fix merged to heat (master)

Reviewed: https://review.openstack.org/21400
Committed: http://github.com/openstack/heat/commit/d2223869f97055bd1012a31a29c3b1df24773a79
Submitter: Jenkins
Branch: master

commit d2223869f97055bd1012a31a29c3b1df24773a79
Author: Clint Byrum <email address hidden>
Date: Wed Feb 6 16:27:23 2013 -0800

Use yaml.safe_load: full yaml.load isn't needed

    The only reason to use yaml.load instead of safe_load is if one wants to
    load serialized objects. Heat's use case is purely to load basic data
    structures such as maps/lists/strings. Fixes bug #1117820

Change-Id: I4f6cf2ed4e15405f8b296ccaec737a3779c9867d

Changed in heat:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-02-21

Changed in heat:
milestone:	none → grizzly-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in heat:
milestone:	grizzly-3 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.