From 0099f408dac57a053baea5061579c4b6ec49776b Mon Sep 17 00:00:00 2001
From: Arx Cruz <arxcruz@gmail.com>
Date: Thu, 5 Mar 2020 14:40:49 +0100
Subject: [PATCH] Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Bandit flags yaml.load() as security risk so replace all occurrences
with yaml.safe_load().

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Story: 1634265
Task: 38963

Change-Id: Ie5baf64696e6214e3dd01f6e06ede8fd8432cbb8
---
 config_tempest/profile.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config_tempest/profile.py b/config_tempest/profile.py
index 2646a5c2..57836072 100644
--- a/config_tempest/profile.py
+++ b/config_tempest/profile.py
@@ -42,7 +42,7 @@ def _read_yaml_file(path):
     :rtype: dict
     """
     with open(path, 'r') as stream:
-        return yaml.load(stream)
+        return yaml.safe_load(stream)
 
 
 def read_profile_file(path):