gengchc2 64a549e6db Replaces yaml.load() with yaml.safe_load() ...

Yaml.load() return Python object may be dangerous if you receive
a YAML document from an untrusted source such as the Internet.
The function yaml.safe_load() limits this ability to simple Python
objects like integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I78fde872948d6838957e35765c3f182bd4b9b512

2017-02-04 18:21:33 +08:00

4.5 KiB

Raw Blame History

View Raw