openstack
/
masakari-monitors
Code Issues Proposed changes

Replaces yaml.load() with yaml.safe_load() 

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like
integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Ic1b19423f7a9d93e9bc76bf94b5d5e3101f8341d
This commit is contained in:
Nguyen Hung Phuong 2018-02-13 14:04:49 +07:00
parent a88eb502f0
commit 1087a38cc2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
masakarimonitors/processmonitor/process.py
View File

@ -35,7 +35,7 @@ class ProcessmonitorManager(manager.Manager):
def _load_process_list(self):
try:
process_list = yaml.load(open(CONF.process.process_list_path))
process_list = yaml.safe_load(open(CONF.process.process_list_path))
LOG.debug("Loaded process list. %s" % process_list)
return process_list