keystoneauth/keystoneauth1
Luong Anh Tuan 7e11cab57b Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Ia45006ce1382022e5c776d06fdc3c33e9b4d8c47
Closes-Bug: #1634265
2017-01-16 15:34:40 +07:00
..
2016-08-04 11:15:51 -05:00
2016-04-18 21:20:51 +00:00
2016-10-11 14:14:40 +11:00