Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ic1b19423f7a9d93e9bc76bf94b5d5e3101f8341d
This commit is contained in:
parent
a88eb502f0
commit
1087a38cc2
|
@ -35,7 +35,7 @@ class ProcessmonitorManager(manager.Manager):
|
|||
|
||||
def _load_process_list(self):
|
||||
try:
|
||||
process_list = yaml.load(open(CONF.process.process_list_path))
|
||||
process_list = yaml.safe_load(open(CONF.process.process_list_path))
|
||||
LOG.debug("Loaded process list. %s" % process_list)
|
||||
|
||||
return process_list
|
||||
|
|
Loading…
Reference in New Issue