commit ff8ae432653baaf3ee343669d2617e9968acb19f
Author: Luong Anh Tuan <email address hidden>
Date: Mon Jan 16 15:01:51 2017 +0700
Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.
In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()
Reviewed: https:/ /review. openstack. org/420553 /git.openstack. org/cgit/ openstack/ diskimage- builder/ commit/ ?id=ff8ae432653 baaf3ee343669d2 617e9968acb19f
Committed: https:/
Submitter: Jenkins
Branch: master
commit ff8ae432653baaf 3ee343669d2617e 9968acb19f
Author: Luong Anh Tuan <email address hidden>
Date: Mon Jan 16 15:01:51 2017 +0700
Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.
In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()
[1]https:/ /security. openstack. org/guidelines/ dg_avoid- dangerous- input-parsing- libraries. html
Change-Id: I84640973fd9f45 a69d2b21f6d594c d5bf10660a6
Closes-Bug: #1634265