openstack
/
python-tripleoclient
Code Issues Proposed changes
RETIRED, python utility to manage a tripleo based cloud
896 Commits 3 Branches 30 Tags 71 MiB
Go to file
Luong Anh Tuan a2c1d16fe6 Replace yaml.load() with yaml.safe_load() 
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Id83e2a28355ba09cf22ea4e422de9b39e4f03c5e
Closes-Bug: #1634265
 		2017-01-20 02:22:59 +00:00
doc/source Fix doc page for overcloud deploy 2016-08-22 13:47:17 +02:00
releasenotes Release notes for 5.8.0 (final Ocata) 2017-01-17 11:31:45 -05:00
tools Add Constraints support 2016-12-21 14:15:17 +11:00
tripleoclient Replace yaml.load() with yaml.safe_load() 2017-01-20 02:22:59 +00:00
.coveragerc Update .coveragerc after the removal of respective directory 2016-10-18 17:37:29 +05:30
.gitignore Add ReNo support 2016-10-08 00:28:43 +00:00
.gitreview Update .gitreview to point to review.openstack.org 2015-09-08 10:10:44 -04:00
.mailmap Initial commit 2015-03-17 09:33:52 -04:00
.testr.conf Initial commit 2015-03-17 09:33:52 -04:00
CONTRIBUTING.rst Cleanup some strangling references to rdomanager-oscplugin 2015-09-17 15:54:14 +00:00
LICENSE Initial commit 2015-03-17 09:33:52 -04:00
README.rst Show team and repo badges on README 2016-11-25 14:27:23 +01:00
babel.cfg Initial commit 2015-03-17 09:33:52 -04:00
bindep.txt Change the qemu-img bindep to be qemu-img-ev 2016-11-08 09:56:40 -05:00
requirements.txt Updated from global requirements 2017-01-15 09:29:16 +00:00
setup.cfg Merge "Fix the author and author-email in setup.cfg file" 2016-12-21 12:16:59 +00:00
setup.py Updated from global requirements 2015-12-23 00:37:32 +00:00
test-requirements.txt Updated from global requirements 2016-12-21 15:32:28 +00:00
tox.ini Merge "Delete deprecated Hacking in tox.ini" 2017-01-10 15:21:55 +00:00

README.rst

Team and repository tags

image

tripleoclient

tripleoclient is an OpenStackClient (OSC) plugin implementation that implements commands useful for TripleO and the install and management of both an undercloud and an overcloud.

See the TripleO Documentation for details on using tripleoclient.