Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Bandit flags yaml.load() as security risk so replace all occurrences
with yaml.safe_load().

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Story: 1634265
Task: 38963

Change-Id: Ie5baf64696e6214e3dd01f6e06ede8fd8432cbb8
changes/57/711457/2
Arx Cruz 3 years ago
parent 3d55efcbac
commit 0099f408da
  1. 2
      config_tempest/profile.py

@ -42,7 +42,7 @@ def _read_yaml_file(path):
:rtype: dict
"""
with open(path, 'r') as stream:
return yaml.load(stream)
return yaml.safe_load(stream)
def read_profile_file(path):

Loading…
Cancel
Save