Remove the yamlutils module.

The pyyaml is now safe by default:

https://github.com/yaml/pyyaml/pull/74/files
https://access.redhat.com/security/cve/CVE-2017-18342
https://github.com/search?q=oslo.serialization+yamlutils+user%3Aopenstack+language%3APython&type=Code

So the yamlutils is now useless. No project in OpenStack used this
module. We can remove it.

Sem-Ver: api-break
Change-Id: If0a98f1e15d83131cb309e02f892372f353fa5da
This commit is contained in:
Daniel Bengtsson 2020-02-12 12:36:01 +01:00
parent 9561b8d2fc
commit 3847688ab7
5 changed files with 3 additions and 183 deletions

View File

@ -24,7 +24,6 @@ pyparsing==2.1.0
python-mimeparse==1.6.0
python-subunit==1.0.0
pytz==2013.6
PyYAML==3.12
requests==2.14.2
requestsexceptions==1.2.0
smmap==0.9.0

View File

@ -1,87 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import tempfile
import textwrap
import uuid
from oslotest import base
from oslo_serialization import yamlutils as yaml
class BehaviorTestCase(base.BaseTestCase):
def test_loading(self):
payload = textwrap.dedent('''
- foo: bar
- list:
- [one, two]
- {check: yaml, in: test}
''')
expected = [
{'foo': 'bar'},
{'list': None},
['one', 'two'],
{'check': 'yaml', 'in': 'test'}
]
loaded = yaml.load(payload)
self.assertEqual(loaded, expected)
def test_loading_with_unsafe(self):
payload = textwrap.dedent('''
!!python/object/apply:os.system ['echo "hello"']
''')
loaded = yaml.load(payload, is_safe=False)
expected = 0
self.assertEqual(loaded, expected)
def test_dumps(self):
payload = [
{'foo': 'bar'},
{'list': None},
['one', 'two'],
{'check': 'yaml', 'in': 'test'}
]
dumped = yaml.dumps(payload)
expected = textwrap.dedent('''\
- foo: bar
- list: null
- - one
- two
- check: yaml
in: test
''')
self.assertEqual(dumped, expected)
def test_dump(self):
payload = [
{'foo': 'bar'},
{'list': None},
['one', 'two'],
{'check': 'yaml', 'in': 'test'}
]
tmpfile = os.path.join(tempfile.gettempdir(), str(uuid.uuid4()))
with open(tmpfile, 'w+') as fp:
yaml.dump(payload, fp)
with open(tmpfile, 'r') as fp:
file_content = fp.read()
expected = textwrap.dedent('''\
- foo: bar
- list: null
- - one
- two
- check: yaml
in: test
''')
self.assertEqual(file_content, expected)

View File

@ -1,93 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""YAML related utilities.
The main goal of this module is to standardize yaml management inside
openstack. This module reduce technical debt by avoiding re-implementations
of yaml manager in all the openstack projects.
Use this module inside openstack projects to handle yaml securely and properly.
"""
from debtcollector import removals
import yaml
removals.removed_module(
'oslo_serialization.yamlutils', version='3.0.0',
removal_version='4.0.0',
message='The oslo_serialization.yamlutils will be removed')
def load(stream, is_safe=True):
"""Converts a YAML document to a Python object.
:param stream: the YAML document to convert into a Python object. Accepts
a byte string, a Unicode string, an open binary file object,
or an open text file object.
:param is_safe: Turn off safe loading. True by default and only load
standard YAML. This option can be turned off by
passing ``is_safe=False`` if you need to load not only
standard YAML tags or if you need to construct an
arbitrary python object.
Stream specifications:
* An empty stream contains no documents.
* Documents are separated with ``---``.
* Documents may optionally end with ``...``.
* A single document may or may not be marked with ``---``.
Parses the given stream and returns a Python object constructed
from the first document in the stream. If there are no documents
in the stream, it returns None.
"""
yaml_loader = yaml.Loader
if is_safe:
if hasattr(yaml, 'CSafeLoader'):
yaml_loader = yaml.CSafeLoader
else:
yaml_loader = yaml.SafeLoader
return yaml.load(stream, yaml_loader) # nosec B506
def dumps(obj, is_safe=True):
"""Converts a Python object to a YAML document.
:param obj: python object to convert into YAML representation.
:param is_safe: Turn off safe dumping.
Serializes the given Python object to a string and returns that string.
"""
yaml_dumper = yaml.Dumper
if is_safe:
if hasattr(yaml, 'CSafeDumper'):
yaml_dumper = yaml.CSafeDumper
else:
yaml_dumper = yaml.SafeDumper
return yaml.dump(obj, default_flow_style=False, Dumper=yaml_dumper)
def dump(obj, fp, is_safe=True):
"""Converts a Python object as a YAML document to ``fp``.
:param obj: python object to convert into YAML representation.
:param fp: a ``.write()``-supporting file-like object
:param is_safe: Turn off safe dumping.
"""
yaml_dumper = yaml.Dumper
if is_safe:
if hasattr(yaml, 'CSafeDumper'):
yaml_dumper = yaml.CSafeDumper
else:
yaml_dumper = yaml.SafeDumper
return yaml.dump(obj, fp, default_flow_style=False, Dumper=yaml_dumper)

View File

@ -0,0 +1,3 @@
---
other:
- Remove the yamlutils, the pyyaml is now safe by default.

View File

@ -11,5 +11,3 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0
msgpack>=0.5.2 # Apache-2.0
oslo.utils>=3.33.0 # Apache-2.0
pytz>=2013.6 # MIT
PyYAML>=3.12 # MIT
debtcollector>=1.2.0 # Apache-2.0