Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1f809b4a68e9ec7b7a04cde2b77767cec7434965
2017-02-04 11:14:08 +08:00 · 2017-02-04 11:14:08 +08:00 · b66cfc576c
commit b66cfc576c
parent c54367035d
1 changed files with 1 additions and 1 deletions
--- a/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py
+++ b/manila/tests/share/drivers/dell_emc/plugins/unity/utils.py
@ -27,7 +27,7 @@ patch_system = mock.patch('storops.UnitySystem')
 def load_yaml(file_name):
    yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name)
    with open(yaml_file) as f:
-        res = yaml.load(f)
+        res = yaml.safe_load(f)
        LOG.debug('Loaded yaml mock objects from %s.', yaml_file)
    return res