cf81bd39a6
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ife71148013d5f94ec5ae62633ff9a41f419bd3b7 Closes-Bug: #1634265 |
||
---|---|---|
deployment | ||
doc/source | ||
openstack_catalog | ||
tools | ||
.coveragerc | ||
.eslintrc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
babel.cfg | ||
bindep.txt | ||
manage.py | ||
package.json | ||
requirements.txt | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
OpenStack Community App Catalog
Application Catalog for OpenStack
The OpenStack Community App Catalog will help you make applications available on your OpenStack cloud by providing a community driven catalog containing Glance images, Heat templates and Murano applications.
Overview
By providing a public location where OpenStack users can publish and consume artifacts to share and add additional capabilities, all OpenStack clouds become more valuable. For example vendors can publish Glance images for launching new VMs, Heat templates for creating new stacks, or Murano app packages for installing complete applications. When many OpenStack community members are publishing artifacts that users can easily download and install into their clouds this will multiply the value of their OpenStack cloud. Easy access to images, templates and apps will solve the "what now" question some user consider after successfully deploying an OpenStack environment.
- Free software: Apache 2.0 License. See LICENSE file.
- Documentation: http://wiki.openstack.org/wiki/App-Catalog
Getting started with the Community App Catalog
See the wiki page to see how to get started using or contributing to the App Catalog. Visit https://wiki.openstack.org/wiki/App-Catalog for more details.
Project Info
- Web-site: http://apps.openstack.org
- Source: http://git.openstack.org/cgit/openstack/app-catalog
- Wiki: https://wiki.openstack.org/wiki/App-Catalog
- Launchpad: https://launchpad.net/app-catalog
- Blueprints: https://blueprints.launchpad.net/app-catalog
- Bugs: http://bugs.launchpad.net/app-catalog
- Code Reviews: https://review.openstack.org/#q,status:open+app-catalog,n,z
- IRC: #openstack-app-catalog at freenode