Before this patch yaml.Loader was used by the engine to create custom
yaql-enabled yaml loader. It is unsafe do to so, because yaml.Loader is
capable of creating custom python objects from specifically constructed
yaml files.
After this patch all yaml load operations are performed with safe
loaders instead.
Also use SafeConstructor instead of Constructor.
Reviewed: https:/ /review. openstack. org/333424 /git.openstack. org/cgit/ openstack/ murano/ commit/ ?id=b03c4759aa4 0d66bd4fcf62c96 e352c117bdf4b9
Committed: https:/
Submitter: Jenkins
Branch: stable/mitaka
commit b03c4759aa40d66 bd4fcf62c96e352 c117bdf4b9
Author: Kirill Zaitsev <email address hidden>
Date: Fri May 27 00:42:38 2016 +0300
Use SafeLoader to load yaml files
Before this patch yaml.Loader was used by the engine to create custom
yaql-enabled yaml loader. It is unsafe do to so, because yaml.Loader is
capable of creating custom python objects from specifically constructed
yaml files.
After this patch all yaml load operations are performed with safe
loaders instead.
Also use SafeConstructor instead of Constructor.
Change-Id: I61a3c42d73608b 5d013285f015a45 f4774d264e3
Closes-Bug: #1586079