openstack/horizon
Code Issues Proposed changes

Replaces yaml.load() with yaml.safe_load()

Browse Source 
Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I7d130f1b4a1a00a255ce21742c9d89ba7f2bd90f
This commit is contained in:
Nguyen Hung Phuong 2018-02-13 15:09:27 +07:00
parent 18d3d5db88
commit a59ebd79ce
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openstack_dashboard/dashboards/project/api_access/tests.py
View File

@ -285,7 +285,7 @@ class TemplateRenderTest(test.TestCase):
"auth_url": "http://example.com",
"tenant_name": "Tenant",
"region": "Colorado"}
out = yaml.load(loader.render_to_string(
out = yaml.safe_load(loader.render_to_string(
'project/api_access/clouds.yaml.template',
context,
template.Context(context)))
@ -306,7 +306,7 @@ class TemplateRenderTest(test.TestCase):
"tenant_id": "some-cool-id",
"auth_url": "http://example.com",
"tenant_name": "Tenant"}
out = yaml.load(loader.render_to_string(
out = yaml.safe_load(loader.render_to_string(
'project/api_access/clouds.yaml.template',
context,
template.Context(context)))
@ -329,7 +329,7 @@ class TemplateRenderTest(test.TestCase):
"auth_url": "http://example.com",
"tenant_name": "Tenant",
"regions": regions}
out = yaml.load(loader.render_to_string(
out = yaml.safe_load(loader.render_to_string(
'project/api_access/clouds.yaml.template',
context,
template.Context(context)))
@ -354,7 +354,7 @@ class TemplateRenderTest(test.TestCase):
"auth_url": "http://example.com",
"tenant_name": "Tenant",
"regions": regions}
out = yaml.load(loader.render_to_string(
out = yaml.safe_load(loader.render_to_string(
'project/api_access/clouds.yaml.template',
context,
template.Context(context)))