From 3efd12c1c67a1544690214afe8d1f8050a529717 Mon Sep 17 00:00:00 2001
From: Sam Pilla <sp516w@att.com>
Date: Wed, 12 Apr 2017 14:06:32 -0500
Subject: [PATCH] Add `nosec` for Bandit issue 506 in resource_manager.py

Running `tox -e bandit` will raise a `B506: Use of unsafe yaml load`
issue. Because yaml.safe_load is a wrapper for yaml.load(SafeLoader),
this is a non-issue raised by the tests. This patch adds a `nosec` to
ignore the issue and comments to explain why it is okay as is.

Change-Id: I4bb3b1635000a8bf77015f35f0be36df2c4f731f
---
 murano/engine/system/resource_manager.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/murano/engine/system/resource_manager.py b/murano/engine/system/resource_manager.py
index b5c5a4c1a..09cb52594 100644
--- a/murano/engine/system/resource_manager.py
+++ b/murano/engine/system/resource_manager.py
@@ -72,7 +72,12 @@ class ResourceManager(object):
     @specs.inject('receiver', yaqltypes.Receiver())
     @specs.meta(constants.META_NO_TRACE, True)
     def yaml(cls, receiver, name, owner=None):
-        return yamllib.load(
+        # NOTE(kzaitsev, Sam Pilla) Bandit will raise an issue here,
+        # because it thinks that we're using an unsafe yaml.load.
+        # However we're passing a SafeLoader here
+        # (see definition of `yaml_loader` in this file; L27-30)
+        # so a `nosec` was added to ignore the false positive report.
+        return yamllib.load(  # nosec
             cls.string(receiver, name, owner), Loader=yaml_loader)
 
     @staticmethod