Replace yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if
you receive a YAML document from an untrusted source
such as the Internet. The function yaml.safe_load()
limits this ability to simple Python objects like
integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I63ce1f2db4dce895f3027bcf5e47edb51b26d40b
This commit is contained in:
chenaidong1 2017-03-10 16:12:15 +08:00
parent 3961e3b32b
commit 88c13c6c65
1 changed files with 1 additions and 1 deletions

View File

@ -79,7 +79,7 @@ def main(argv=sys.argv):
# convert config to dict
if not isinstance(config, dict):
config = ast.literal_eval(json.dumps(yaml.load(config)))
config = ast.literal_eval(json.dumps(yaml.safe_load(config)))
os.chdir(proj)