Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ia45006ce1382022e5c776d06fdc3c33e9b4d8c47 Closes-Bug: #1634265
This commit is contained in:
parent
06e0aeb8f1
commit
7e11cab57b
@ -44,7 +44,7 @@ class TestBetamaxSerializer(testtools.TestCase):
|
||||
def test_serialize(self):
|
||||
data = json.loads(open(self.TEST_JSON, 'r').read())
|
||||
serialized = self.serializer.serialize(data)
|
||||
data = yaml.load(serialized)
|
||||
data = yaml.safe_load(serialized)
|
||||
request = data['http_interactions'][0]['request']
|
||||
self.assertEqual(
|
||||
'http://keystoneauth-betamax.test/v2.0/tokens',
|
||||
|
Loading…
Reference in New Issue
Block a user