openstack
/
heat
Code Issues Proposed changes

Use yaml.safe_load() instead of yaml.load() 

yaml.load() provides the ability to construct an arbitrary python object
that may be dangerous. yaml.safe_load() limits this ability to simple
python objects like integers or lists.

ref: https://en.wikipedia.org/wiki/YAML#Security

Change-Id: I9c28c25f4265fb691d39e72e20ef9c99f5538bf5
This commit is contained in:
Bo Wang 2016-02-16 21:23:53 +08:00
parent 8ef79f95b7
commit d91eea03ac
7 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
heat/tests/openstack/mistral/test_workflow.py
View File

@ -742,7 +742,7 @@ class TestMistralWorkflow(common.HeatTestCase):
return execution
def verify_create_params(self, wf_yaml):
wf = yaml.load(wf_yaml)["create_vm"]
wf = yaml.safe_load(wf_yaml)["create_vm"]
self.assertEqual(['on_error'], wf["task-defaults"]["on-error"])
tasks = wf['tasks']

4
heat/tests/openstack/neutron/test_neutron_rbac_policy.py
View File

@ -67,7 +67,7 @@ class RBACPolicyTest(common.HeatTestCase):
self.neutron_client.create_rbac_policy.assert_called_with(expected)
def test_validate_invalid_action(self):
tpl = yaml.load(inline_templates.RBAC_TEMPLATE)
tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
tpl['resources']['rbac']['properties']['action'] = 'access_as_external'
self._create_stack(tmpl=yaml.dump(tpl))
msg = "Invalid action access_as_external for object type network."
@ -75,7 +75,7 @@ class RBACPolicyTest(common.HeatTestCase):
self.rbac.validate)
def test_validate_invalid_type(self):
tpl = yaml.load(inline_templates.RBAC_TEMPLATE)
tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
tpl['resources']['rbac']['properties']['object_type'] = 'networks'
self._create_stack(tmpl=yaml.dump(tpl))
msg = "Invalid object_type: networks. "

2
heat/tests/test_nested_stack.py
View File

@ -365,7 +365,7 @@ Outputs:
self.stack.store()
self.patchobject(urlfetch, 'get', return_value=self.nested_template)
self.nested_parsed = yaml.load(self.nested_template)
self.nested_parsed = yaml.safe_load(self.nested_template)
self.nested_params = {"KeyName": "foo"}
self.defn = rsrc_defn.ResourceDefinition(
'test_t_res',

8
heat_integrationtests/functional/test_aws_stack.py
View File

@ -115,7 +115,7 @@ Outputs:
def test_nested_stack_create_with_timeout(self):
url = self.publish_template(self.nested_template)
self.template = self.test_template.replace('the.yaml', url)
timeout_template = yaml.load(self.template)
timeout_template = yaml.safe_load(self.template)
props = timeout_template['Resources']['the_nested']['Properties']
props['TimeoutInMinutes'] = '50'
@ -142,7 +142,7 @@ Outputs:
}
},
"environment": {"parameters": {}},
"template": yaml.load(self.template)
"template": yaml.safe_load(self.template)
}
stack_identifier = self.stack_adopt(adopt_data=json.dumps(adopt_data))
@ -163,7 +163,7 @@ Outputs:
}
},
"environment": {"parameters": {}},
"template": yaml.load(self.template)
"template": yaml.safe_load(self.template)
}
stack_identifier = self.stack_adopt(adopt_data=json.dumps(adopt_data),
@ -180,7 +180,7 @@ Outputs:
stack = self.client.stacks.get(stack_identifier)
self.assertEqual('bar', self._stack_output(stack, 'output_foo'))
new_template = yaml.load(self.template)
new_template = yaml.safe_load(self.template)
props = new_template['Resources']['the_nested']['Properties']
props['TemplateURL'] = self.publish_template(self.update_template,
cleanup=False)

2
heat_integrationtests/functional/test_default_parameters.py
View File

@ -75,7 +75,7 @@ outputs:
if not self.temp_def:
# remove the default from the parameter in the nested template.
ntempl = yaml.load(self.nested_template)
ntempl = yaml.safe_load(self.nested_template)
del ntempl['parameters']['length']['default']
nested_template = yaml.dump(ntempl)
else:

20
heat_integrationtests/functional/test_resource_group.py
View File

@ -419,7 +419,7 @@ outputs:
super(ResourceGroupAdoptTest, self).setUp()
def _yaml_to_json(self, yaml_templ):
return yaml.load(yaml_templ)
return yaml.safe_load(yaml_templ)
def test_adopt(self):
data = {
@ -455,7 +455,7 @@ outputs:
}
},
"environment": {"parameters": {}},
"template": yaml.load(self.main_template)
"template": yaml.safe_load(self.main_template)
}
stack_identifier = self.stack_adopt(
adopt_data=json.dumps(data))
@ -556,7 +556,7 @@ resources:
Simple rolling update with no conflict in batch size
and minimum instances in service.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '1'
@ -575,7 +575,7 @@ resources:
Simple rolling update replace with no conflict in batch size
and minimum instances in service.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '1'
@ -594,7 +594,7 @@ resources:
Simple rolling update with reduced size.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '1'
@ -613,7 +613,7 @@ resources:
Simple rolling update with increased size.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '1'
@ -632,7 +632,7 @@ resources:
Update with capacity adjustment with enough resources.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '8'
@ -652,7 +652,7 @@ resources:
Rolling update with capacity adjustment due to conflict in
batch size and minimum instances in service.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '8'
@ -671,7 +671,7 @@ resources:
Rolling Update with a huge batch size(more than
current size).
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '0'
@ -689,7 +689,7 @@ resources:
Rolling Update with a huge number of minimum instances
in service.
"""
updt_template = yaml.load(copy.deepcopy(self.template))
updt_template = yaml.safe_load(copy.deepcopy(self.template))
grp = updt_template['resources']['random_group']
policy = grp['update_policy']['rolling_update']
policy['min_in_service'] = '20'

4
heat_integrationtests/functional/test_template_resource.py
View File

@ -602,7 +602,7 @@ Outputs:
super(TemplateResourceAdoptTest, self).setUp()
def _yaml_to_json(self, yaml_templ):
return yaml.load(yaml_templ)
return yaml.safe_load(yaml_templ)
def test_abandon(self):
stack_identifier = self.stack_create(
@ -635,7 +635,7 @@ Outputs:
}
},
"environment": {"parameters": {}},
"template": yaml.load(self.main_template)
"template": yaml.safe_load(self.main_template)
}
stack_identifier = self.stack_adopt(