Add nosec
for Bandit issue 506 in resource_manager.py
Running `tox -e bandit` will raise a `B506: Use of unsafe yaml load` issue. Because yaml.safe_load is a wrapper for yaml.load(SafeLoader), this is a non-issue raised by the tests. This patch adds a `nosec` to ignore the issue and comments to explain why it is okay as is. Change-Id: I4bb3b1635000a8bf77015f35f0be36df2c4f731f
This commit is contained in:
parent
928db440f2
commit
3efd12c1c6
@ -72,7 +72,12 @@ class ResourceManager(object):
|
|||||||
@specs.inject('receiver', yaqltypes.Receiver())
|
@specs.inject('receiver', yaqltypes.Receiver())
|
||||||
@specs.meta(constants.META_NO_TRACE, True)
|
@specs.meta(constants.META_NO_TRACE, True)
|
||||||
def yaml(cls, receiver, name, owner=None):
|
def yaml(cls, receiver, name, owner=None):
|
||||||
return yamllib.load(
|
# NOTE(kzaitsev, Sam Pilla) Bandit will raise an issue here,
|
||||||
|
# because it thinks that we're using an unsafe yaml.load.
|
||||||
|
# However we're passing a SafeLoader here
|
||||||
|
# (see definition of `yaml_loader` in this file; L27-30)
|
||||||
|
# so a `nosec` was added to ignore the false positive report.
|
||||||
|
return yamllib.load( # nosec
|
||||||
cls.string(receiver, name, owner), Loader=yaml_loader)
|
cls.string(receiver, name, owner), Loader=yaml_loader)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
Loading…
Reference in New Issue
Block a user