Replace yaml.load() with yaml.safe_load()

Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load() Change-Id: I8d0b322b9083c63a75bc34caf2a67fc05d8a4390 Closes-Bug: #1634265
2016-10-17 14:59:29 -06:00 · 2016-10-17 14:59:29 -06:00 · 1e1f130901
commit 1e1f130901
parent 400e10fb26
9 changed files with 17 additions and 29 deletions
--- a/monasca_agent/collector/checks/check.py
+++ b/monasca_agent/collector/checks/check.py
@ -222,10 +222,6 @@ class AgentCheck(util.Dimensions):
    def from_yaml(cls, path_to_yaml=None, agentConfig=None, yaml_text=None, check_name=None):
        """A method used for testing your check without running the agent.
        """
        if hasattr(yaml, 'CLoader'):
            Loader = yaml.CLoader
        else:
            Loader = yaml.Loader
        if path_to_yaml:
            check_name = os.path.basename(path_to_yaml).split('.')[0]
@ -236,7 +232,7 @@ class AgentCheck(util.Dimensions):
            yaml_text = f.read()
            f.close()
-        config = yaml.load(yaml_text, Loader=Loader)
+        config = yaml.safe_load(yaml_text)
        check = cls(check_name, config.get('init_config') or {}, agentConfig or {})
        return check, config.get('instances', [])
--- a/monasca_agent/collector/jmxfetch.py
+++ b/monasca_agent/collector/jmxfetch.py
@ -1,4 +1,4 @@
-# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
 import glob
 import logging
@ -125,11 +125,7 @@ class JMXFetch(object):
            if os.path.exists(conf):
                f = open(conf)
                try:
-                    if hasattr(yaml, 'CLoader'):
+                    check_config = yaml.safe_load(f.read())
                        Loader = yaml.CLoader
                    else:
                        Loader = yaml.Loader
                    check_config = yaml.load(f.read(), Loader=Loader)
                    assert check_config is not None
                    f.close()
                except Exception:
--- a/monasca_agent/common/config.py
+++ b/monasca_agent/common/config.py
@ -6,11 +6,6 @@ import pkg_resources
 import six
 import yaml
 try:
    from yaml import CLoader as Loader
 except ImportError:
    from yaml import Loader
 from monasca_agent.common.exceptions import PathNotFound
 import monasca_agent.common.singleton as singleton
@ -112,7 +107,7 @@ class Config(object):
        try:
            with open(self._configFile, 'r') as f:
                log.debug('Loading config file from {0}'.format(self._configFile))
-                config = yaml.load(f.read(), Loader=Loader)
+                config = yaml.safe_load(f.read())
                [self._config[section].update(config[section]) for section in config.keys()]
        except Exception as e:
            log.exception('Error loading config file from {0}'.format(self._configFile))
@ -127,7 +122,7 @@ class Config(object):
    def check_yaml(self, conf_path):
        f = open(conf_path)
        try:
-            check_config = yaml.load(f.read(), Loader=Loader)
+            check_config = yaml.safe_load(f.read())
            assert 'init_config' in check_config, "No 'init_config' section found"
            assert 'instances' in check_config, "No 'instances' section found"
--- a/monasca_setup/agent_config.py
+++ b/monasca_setup/agent_config.py
@ -72,7 +72,7 @@ def read_plugin_config_from_disk(config_dir, plugin_name):
    config = None
    if os.path.exists(config_path):
        with open(config_path, 'r') as config_file:
-            config = yaml.load(config_file.read())
+            config = yaml.safe_load(config_file.read())
    return config
--- a/monasca_setup/detection/plugins/kibana.py
+++ b/monasca_setup/detection/plugins/kibana.py
@ -1,4 +1,5 @@
 # Copyright 2016 FUJITSU LIMITED
 # (C) Copyright 2016 Hewlett Packard Enterprise Development LP
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@ -157,7 +158,7 @@ class Kibana(detection.Plugin):
    def _read_config(kibana_cfg):
        import yaml
        with open(kibana_cfg, 'r') as stream:
-            document = yaml.load(stream=stream)
+            document = yaml.safe_load(stream=stream)
            has_ssl_support = ('server.ssl.cert' in document and
                               'server.ssl.key' in document)
--- a/monasca_setup/detection/plugins/mon.py
+++ b/monasca_setup/detection/plugins/mon.py
@ -1,4 +1,4 @@
-# (C) Copyright 2015-2016 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
 """Classes for monitoring the monitoring server stack.
@ -50,7 +50,7 @@ class MonAPI(monasca_setup.detection.Plugin):
            # Find the right port from the config, this is specific to the Java version
            try:
                with open('/etc/monasca/api-config.yml', 'r') as config:
-                    self.api_config = yaml.load(config.read())
+                    self.api_config = yaml.safe_load(config.read())
                api_port = self.api_config['server']['applicationConnectors'][0]['port']
            except Exception:
                api_port = 8070
@ -161,7 +161,7 @@ class MonPersister(monasca_setup.detection.Plugin):
        """Read persister-config.yml file to find the exact numThreads."""
        try:
            with open('/etc/monasca/persister-config.yml', 'r') as config:
-                self.persister_config = yaml.load(config.read())
+                self.persister_config = yaml.safe_load(config.read())
        except Exception:
            log.exception('Failed parsing /etc/monasca/persister-config.yml')
            self.available = False
--- a/monasca_setup/detection/plugins/postfix.py
+++ b/monasca_setup/detection/plugins/postfix.py
@ -1,4 +1,4 @@
-# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development Company LP
+# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
 import grp
 import logging
@ -42,7 +42,7 @@ class Postfix(monasca_setup.detection.Plugin):
        # A bit silly to parse the yaml only for it to be converted back but this
        # plugin is the exception not the rule
        with open(os.path.join(self.template_dir, 'conf.d/postfix.yaml.example'), 'r') as postfix_template:
-            default_net_config = yaml.load(postfix_template.read())
+            default_net_config = yaml.safe_load(postfix_template.read())
        config = monasca_setup.agent_config.Plugins()
        config['postfix'] = default_net_config
        return config
--- a/monasca_setup/detection/plugins/system.py
+++ b/monasca_setup/detection/plugins/system.py
@ -1,4 +1,4 @@
-# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
 import logging
 import os
@ -31,7 +31,7 @@ class System(Plugin):
        for metric in System.system_metrics:
            try:
                with open(os.path.join(self.template_dir, 'conf.d/' + metric + '.yaml'), 'r') as metric_template:
-                    default_config = yaml.load(metric_template.read())
+                    default_config = yaml.safe_load(metric_template.read())
                config[metric] = default_config
                if self.args:
                    for arg in self.args:
--- a/monasca_setup/detection/plugins/zookeeper.py
+++ b/monasca_setup/detection/plugins/zookeeper.py
@ -1,4 +1,4 @@
-# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
 import logging
 import os
@ -36,7 +36,7 @@ class Zookeeper(monasca_setup.detection.Plugin):
        log.info("\tEnabling the zookeeper plugin")
        with open(os.path.join(self.template_dir, 'conf.d/zk.yaml.example'), 'r') as zk_template:
-            zk_config = yaml.load(zk_template.read())
+            zk_config = yaml.safe_load(zk_template.read())
        config['zk'] = zk_config
        return config