openstack/deb-heat
Code Issues Proposed changes

Use yaml.safe_load: full yaml.load isn't needed

Browse Source 
The only reason to use yaml.load instead of safe_load is if one wants to
load serialized objects. Heat's use case is purely to load basic data
structures such as maps/lists/strings. Fixes bug #1117820

Change-Id: I4f6cf2ed4e15405f8b296ccaec737a3779c9867d
This commit is contained in:
Clint Byrum 2013-02-06 16:27:23 -08:00
parent aa80a0700d
commit d2223869f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
heat/common/template_format.py
View File

@ -39,7 +39,7 @@ def parse(tmpl_str):
tpl = json.loads(tmpl_str)
else:
try:
tpl = yaml.load(tmpl_str)
tpl = yaml.safe_load(tmpl_str)
except yaml.scanner.ScannerError as e:
raise ValueError(e)
else:
@ -90,7 +90,7 @@ def convert_json_to_yaml(json_str):
json_str = key_re.sub(order_key, json_str)
# parse the string as json to a python structure
tpl = yaml.load(json_str)
tpl = yaml.safe_load(json_str)
# dump python structure to yaml
yml = "HeatTemplateFormatVersion: '2012-12-12'\n" + yaml.safe_dump(tpl)