Replaces yaml.load() with yaml.safe_load()

Python objects returned with Yaml.load() may be dangerous if you receive
a YAML document from an untrusted source such as the Internet.
The function yaml.safe_load() limits this ability to simple Python
objects like integers or lists.

In ordered_load we're adding a custom class so we have to use yaml.load.
In order to make it safe, set the base class to SafeLoader instead of
Loader.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I3d5df9898c72c59ddab0ac7562b953e91f470220

os_api_ref/__init__.py

@@ -65,7 +65,8 @@ in both naming and ordering of parameters at every declaration.
 """
 
 
-def ordered_load(stream, Loader=yaml.Loader, object_pairs_hook=OrderedDict):
+def ordered_load(
+        stream, Loader=yaml.SafeLoader, object_pairs_hook=OrderedDict):
     """Load yaml as an ordered dict
 
     This allows us to inspect the order of the file on disk to make
@@ -299,7 +300,7 @@ class RestParametersDirective(Table):
             return
 
         content = "\n".join(self.content)
-        parsed = yaml.load(content)
+        parsed = yaml.safe_load(content)
         # self.app.info("Params loaded is %s" % parsed)
         # self.app.info("Lookup table looks like %s" % lookup)
         new_content = list()

os_api_ref/http_codes.py

@@ -47,7 +47,7 @@ class HTTPResponseCodeDirective(Table):
         # self.app.info("Fpath: %s" % fpath)
         try:
             with open(fpath, 'r') as stream:
-                lookup = yaml.load(stream)
+                lookup = yaml.safe_load(stream)
         except IOError:
             self.env.warn(
                 self.env.docname,
@@ -124,7 +124,7 @@ class HTTPResponseCodeDirective(Table):
 
     def _load_codes(self):
         content = "\n".join(self.content)
-        parsed = yaml.load(content)
+        parsed = yaml.safe_load(content)
 
         new_content = list()