From b66cfc576cd6772e9e4db4c0b52f1cfc98619583 Mon Sep 17 00:00:00 2001 From: gecong1973 Date: Sat, 4 Feb 2017 11:14:08 +0800 Subject: [PATCH] Replaces yaml.load() with yaml.safe_load() Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1f809b4a68e9ec7b7a04cde2b77767cec7434965 --- manila/tests/share/drivers/dell_emc/plugins/unity/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py b/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py index 8597167446..72917c32a8 100644 --- a/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py +++ b/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py @@ -27,7 +27,7 @@ patch_system = mock.patch('storops.UnitySystem') def load_yaml(file_name): yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name) with open(yaml_file) as f: - res = yaml.load(f) + res = yaml.safe_load(f) LOG.debug('Loaded yaml mock objects from %s.', yaml_file) return res