openstack
/
neutron
Code Issues Proposed changes

Replaces yaml.load() with yaml.safe_load() in neutron 

Yaml.load() return Python object may be dangerous if you receive
a YAML document from an untrusted source such as the Internet.
The function yaml.safe_load() limits this ability to simple Python
objects like integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I026355f3e71b7fd3aeee2fe5c7920a1c6306ab02
This commit is contained in:
gengchc2 2017-02-04 12:24:35 +08:00
parent 10420f68be
commit edb6766294
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/abandon_old_reviews.sh
View File

@ -57,7 +57,7 @@ import yaml
data = urllib2.urlopen("https://raw.githubusercontent.com/openstack/"
"governance/master/reference/projects.yaml")
governance = yaml.load(data)
governance = yaml.safe_load(data)
stadium = governance["neutron"]["deliverables"].keys()
query = ["project:openstack/%s" % p for p in stadium]
print ' OR '.join(query)