Use yaml.safe_load() instead of yaml.load()
According to Bandit yaml.safe_load() should be used instead of yaml.load(). Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Change-Id: I7dd536c61ff53bf0b07cf4681df64fbec99140b6
This commit is contained in:
parent
658f29cc2e
commit
d124f83643
|
@ -194,7 +194,7 @@ def load_disabled_rules(src):
|
||||||
|
|
||||||
if src:
|
if src:
|
||||||
try:
|
try:
|
||||||
listing = yaml.load(open(src))
|
listing = yaml.safe_load(open(src))
|
||||||
for rule in listing:
|
for rule in listing:
|
||||||
logger.debug("Rule '%s' is disabled.", rule)
|
logger.debug("Rule '%s' is disabled.", rule)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue