Replace yaml.load() with yaml.safe_load()

Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Story: 1634265 Task: 38963 Change-Id: Ie5baf64696e6214e3dd01f6e06ede8fd8432cbb8
2020-03-05 14:40:49 +01:00 · 2020-03-05 14:40:49 +01:00 · 0099f408da
parent 3d55efcbac
commit 0099f408da
1 changed files with 1 additions and 1 deletions
--- a/config_tempest/profile.py
+++ b/config_tempest/profile.py
@ -42,7 +42,7 @@ def _read_yaml_file(path):
    :rtype: dict
    """
    with open(path, 'r') as stream:
-        return yaml.load(stream)
+        return yaml.safe_load(stream)


 def read_profile_file(path):