From 3efd12c1c67a1544690214afe8d1f8050a529717 Mon Sep 17 00:00:00 2001 From: Sam Pilla Date: Wed, 12 Apr 2017 14:06:32 -0500 Subject: [PATCH] Add `nosec` for Bandit issue 506 in resource_manager.py Running `tox -e bandit` will raise a `B506: Use of unsafe yaml load` issue. Because yaml.safe_load is a wrapper for yaml.load(SafeLoader), this is a non-issue raised by the tests. This patch adds a `nosec` to ignore the issue and comments to explain why it is okay as is. Change-Id: I4bb3b1635000a8bf77015f35f0be36df2c4f731f --- murano/engine/system/resource_manager.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/murano/engine/system/resource_manager.py b/murano/engine/system/resource_manager.py index b5c5a4c1a..09cb52594 100644 --- a/murano/engine/system/resource_manager.py +++ b/murano/engine/system/resource_manager.py @@ -72,7 +72,12 @@ class ResourceManager(object): @specs.inject('receiver', yaqltypes.Receiver()) @specs.meta(constants.META_NO_TRACE, True) def yaml(cls, receiver, name, owner=None): - return yamllib.load( + # NOTE(kzaitsev, Sam Pilla) Bandit will raise an issue here, + # because it thinks that we're using an unsafe yaml.load. + # However we're passing a SafeLoader here + # (see definition of `yaml_loader` in this file; L27-30) + # so a `nosec` was added to ignore the false positive report. + return yamllib.load( # nosec cls.string(receiver, name, owner), Loader=yaml_loader) @staticmethod