From a59ebd79ce4e0c62221eeee96face9386143ab19 Mon Sep 17 00:00:00 2001
From: Nguyen Hung Phuong <phuongnh@vn.fujitsu.com>
Date: Tue, 13 Feb 2018 15:09:27 +0700
Subject: [PATCH] Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I7d130f1b4a1a00a255ce21742c9d89ba7f2bd90f
---
 .../dashboards/project/api_access/tests.py                | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/openstack_dashboard/dashboards/project/api_access/tests.py b/openstack_dashboard/dashboards/project/api_access/tests.py
index 7bd14bfff2..c82e221442 100644
--- a/openstack_dashboard/dashboards/project/api_access/tests.py
+++ b/openstack_dashboard/dashboards/project/api_access/tests.py
@@ -285,7 +285,7 @@ class TemplateRenderTest(test.TestCase):
             "auth_url": "http://example.com",
             "tenant_name": "Tenant",
             "region": "Colorado"}
-        out = yaml.load(loader.render_to_string(
+        out = yaml.safe_load(loader.render_to_string(
             'project/api_access/clouds.yaml.template',
             context,
             template.Context(context)))
@@ -306,7 +306,7 @@ class TemplateRenderTest(test.TestCase):
             "tenant_id": "some-cool-id",
             "auth_url": "http://example.com",
             "tenant_name": "Tenant"}
-        out = yaml.load(loader.render_to_string(
+        out = yaml.safe_load(loader.render_to_string(
             'project/api_access/clouds.yaml.template',
             context,
             template.Context(context)))
@@ -329,7 +329,7 @@ class TemplateRenderTest(test.TestCase):
             "auth_url": "http://example.com",
             "tenant_name": "Tenant",
             "regions": regions}
-        out = yaml.load(loader.render_to_string(
+        out = yaml.safe_load(loader.render_to_string(
             'project/api_access/clouds.yaml.template',
             context,
             template.Context(context)))
@@ -354,7 +354,7 @@ class TemplateRenderTest(test.TestCase):
             "auth_url": "http://example.com",
             "tenant_name": "Tenant",
             "regions": regions}
-        out = yaml.load(loader.render_to_string(
+        out = yaml.safe_load(loader.render_to_string(
             'project/api_access/clouds.yaml.template',
             context,
             template.Context(context)))