Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I9841e688e16e9bebef5eb278ee2f3a12f2ca61f4
This commit is contained in:
parent
37d1855c0f
commit
99ad4fba53
|
@ -30,7 +30,7 @@ def handle_external_config(params):
|
|||
with open(params.config) as f:
|
||||
from migration import config
|
||||
|
||||
content = yaml.load(f)
|
||||
content = yaml.safe_load(f)
|
||||
if isinstance(content, dict):
|
||||
for k, v in content.items():
|
||||
setattr(config, k, v)
|
||||
|
|
Loading…
Reference in New Issue